IBM Hub/Switch 2.8.4.7 Name Space, 2.8.4.8 Security Audit, 2.8.5 Logging Policy, 2.8.6 Location Policy

Chapter 2 HPSS Planning

HPSS Installation Guide September 2002 89

Release 4.5, Revision 2

2.8.4.7 Name Space

Enforcement of access to HPSS name space objects is the responsibility of the HPSS Name Server.

The access rights granted to a speciﬁc user are determined from the information contained in the

object's ACL.

2.8.4.8 Security Audit

HPSS provides capabilities to record information about authentication, ﬁle creation, deletion,

access, and authorization events. The security audit policy in each HPSS server determines what

auditrecords a server will generate. In general, all servers can create authentication events, but only

the Name Server and Bitﬁle Server will generate ﬁle events. The security audit records are sent to

the log ﬁle and are recorded as security type log messages.

2.8.5 Logging Policy

Thelogging policy provides the capability to control which message types are written to the HPSS

log ﬁles. In addition, the logging policy is used to control which alarms, events, and status

messages are sent to the Storage System Manager to be displayed. Logging policy is set on a per

serverbasis. Refer to Section 6.6.4: Conﬁgurethe Logging Policies (page 293) for a description of the

supported message types.

If a logging policy is not explicitly conﬁgured for a server, the default log policy will be applied.

The default log policy settings are deﬁned from the HPSS Log Policies window. If no Default Log

Policy entry has been deﬁned, all record types except for Trace are logged. All Alarm, Event, and

Status messages generated by the server will also be sent to the Storage System Manager.

The administrator might consider changing a server’s logging policy under one of the following

circumstances.

• A particular server is generating excessive messages. Under this circumstance, the

administratorcould use the logging policy to limit the message types being logged and/or

sent to the Storage System Manager. This will improve performance and potentially

eliminateclutter from the HPSS Alarms and Events window. Message types to disable ﬁrst

would be Trace messages followed by Debug and Request messages.

• One or more servers is experiencing problems which require additional information to

troubleshoot. If Alarm, Debug, or Request message types were previously disabled,

enabling these message types will provide additional information to help diagnose the

problem. HPSS support personnel might also request that Trace messages be enabled for

logging.

2.8.6 Location Policy

Thelocation policy providestheability to control how often Location Servers at an HPSS site will

contact other servers. It determines how often remote Location Servers are contacted to exchange

server location information. An administrator tunes this by balancing the local site's desire for

accuracy of server map information against the desire to avoid extra network and server load.