IBM RELEASE 7.3 2.3. SSM User Security, 2.4. Location Policy

rw---dt user ${HPSS_PRINCIPAL_PVR}

rw-c-dt user ${HPSS_PRINCIPAL_SSM}

------t any_other

PVR:

rw---dt user ${HPSS_PRINCIPAL_PVL}

rw-c--t user ${HPSS_PRINCIPAL_SSM}

------t any_other

SSM:

rwxcidt user ${HPSS_PRINCIPAL_ADM_USER}

------t any_other

All other types:

rw-c-dt user ${HPSS_PRINCIPAL_SSM}

------t any_other

In most cases, the ACLs created by default for new servers should be adequate. In normal operation, the

only ACL that has to be altered is the one for the SSM client interface. Th is is handled automatically by

the -ssm option of the hpssuser utility. If, for some reason, an ACL should need to be modified in some

other way, the hpss_server_acl utility can be used. See the hpss_server_acl man page for more

information.

2.3. SSM User Security

SSM supports two types of users, administrators and operators:

•admin. This security level is normally assigned to an HPSS administrator. Administrators may

open all SSM windows and perform all control functions provided by SSM.

•operator. This security level is normally assigned to an HPSS operator. Operators may open

most SSM windows and can perform all SSM control functions except for HPSS configuration.

Security is applied both at the window level and the field level. A user must have permission t o open a

window to do anything with it at all. If the user does succeed in opening a window, all items on that

window may be viewed. Field level security then determines whether the user can modify fields, push

buttons, or otherwise modify the window.

The security level of an SSM user is determined by his entry in the access control infor mation table in

the HPSS configuration database. The initial security level for a user is assigned when the SSM user is

created by hpssuser. Security levels may be viewed and modified with the hpss_server_acl utility.

See also Section 3.3.2.2: SSM User Authorization on page 36.

2.4. Location Policy

All Location servers in an HPSS installation share a Location Policy. The Locat ion Policy is used by the

Location Servers to determine how and how often information should be updated. In general, most of the

default values for the policy can be used without change.

HPSS Management Guide November 2009

Release 7.3 (Revision 1.0) 26

Contents

Main HPSS Management Guide November 2009 Release 7.3 (Revision 1.0) 2 Table of Contents Page Release 7.3 (Revision 1.0) 5 Page Page Page Page Page Page List of Tables Preface Who Should Read This Book Conventions Used in This Book Page Chapter 1. HPSS 7.1 Configurat ion Overview 1.1. Introduction 1.2. Starting the SSM GUI fo r the First Time 1.3. HPSS Configuration Roadm ap (New HPSS Sites) 1.4. Init ial HPSS Startup Roadmap (All Sites) 1.5. Additional Config uration Roadmap (All Sites ) 1.6. Verification Che cklists (All Sites) 1.6.1. Configuration Checklists Global Configurati on Storage Subsystem Configuration Servers Devices and Drives Storage Classes Storage Hierarchies Classes of Service (COS) 1.6.2. Operational Checkli sts Configured user in terfaces Devices and Drives Storage Managemen t 1.6.3. Performance Checkli st Chapter 2. Security and Syst em Access 2.1. Security Services 2.1.1. Security Services Co nfiguration 2.1.2. Security Mechanism s 2.1.2.1. UNIX 2.1.2.2. Kerberos 5 2.1.2.3. LDAP 2.1.2.3.1. LDAP Administrat ive Tasks Working with Princi pals Working with Groups Working with Trusted Foreign Realms 2.2. HPSS Server Securit y ACLs 2.3. SSM User Security 2.4. Location Policy 2.4.1. Configuring/Updatin g a Location Policy 2.4.2. Location Policy Configuration Window 2.4.3. Deleting a Location Policy 2.5. Restricting user ac cess to HPSS. 2.5.1. Restricted Users Window Page Chapter 3. Using SSM 3.1. The SSM System Manager 3.1.1. Starting the SSM Syst em Manager 3.1.2. Tuning the System Man ager RPC Thread Pool and Requ est Queue Sizes 3.1.3. Labeling the Syste m Manager RPC Program Number 3.2. Quick Startup of hpssgui 3.3. Configuration and Startup of hpssgui and hp ssadm 3.3.1. C onfiguring the System Man ager Authentication for S SM Clients 3.3.2. C reating the SSM User Accou nts 3.3.2.1. The hpssuser Utilit y 3.3.2.2. SSM User Authorizat ion 3.3.2.3. User Keytabs (For Use with hpssadm Only) 3.3.2.3.1. Keytabs for Kerber os Authentication: hpss _krb5_keytab 3.3.2.3.2. Keytabs for UNIX Authentication: hpss_uni x_keytab 3.3.3. SSM Configuration File Table 1. SSM Ge neral Options Table 2. HPSSGUI Specific Options Table 3. HPSSADM Specific Options 3.3.3.1. login.conf 3.3.3.2. krb5.conf (For Use with Kerberos Authenticat ion Only) 3.3.4. SSM Help Files (Opt ional) 3.3.5. SSM Desktop Client Packaging 3.3.5.1. Automatic SSM Clie nt Packaging and Installa tion 3.3.5.2. Manual SSM Client Packaging and Installation 3.3.6. Using SSM Through a Firewall 3.3.6.1. The Firewall Prob lem 3.3.6.2. Solutions for Op erating Through a Firewall 3.3.6.3. Example: Using hps sgui Through a Firewall Page 3.4. Multiple SSM Sessio ns 3.5. SSM Window Conventio ns Page Page 3.6. Common Window Element s Page 3.7. Help Menu Overview 3.8. Monitor, Operation s and Configure Menus Over view 3.8.1. Monitor Menu Filesets & Junctions. 3.8.2. Operations Menu 3.8.3. Configure Menu 3.9. SSM Specific Windo ws 3.9.1. HPSS Login Page Page 3.9.3.1. SM Server Connectio n Status Indicator 3.9.3.2. HPSS Status 3.9.3.3. HPSS Statistics 3.9.3.4. Menu Tree 3.9.3.5. File Menu 3.9.3.6. View Menu 3.9.4. SSM Information W indows 3.9.4.1. System Manager S tatistics Window Page Page Page 3.9.4.2. User Session Info rmation Window Page 3.10. SSM List Preferenc es Checkbox Filters Text Filters Button Options Page Page Page 4.2. Storage Subsystem s 4.2.1. Subsystems List Window Page 4.2.2. Creating a New Stor age Subsystem 4.2.3. Storage Subsystem Configuration Window Page Page 4.2.3.1. Create Storage Subs ystem Metadata 4.2.3.2. Create Storage Subs ystem Configuration 4.2.3.3. Create Storage Subs ystem Servers 4.2.3.4. Assign a Gatekeep er if Required 4.2.3.5. Assign Storage Re sources to the Storage Sub system 4.2.3.6. Create Storage Subs ystem Fileset and Juncti on 4.2.3.7. Migration and Purge Policy Overrides 4.2.3.8. Storage Class Thre shold Overrides 4.2.4. Modifying a Storage Subsystem 4.2.5. Deleting a Storage Su bsystem Page Chapter 5. HPSS Servers 5.1. Server List Server List Page Page Administration But tons Information Button s Configuration But tons 5.1. Server Configuratio n Page 5.1.1. C ommon Server Configuration 5.1.1.1. Basic Controls 5.1.1.1. Execution Controls Page 5.1.1.2. Interface Controls 5.1.1.1. Security Controls Page 5.1.1.1. Audit Policy 5.1.1.1. Log Policy 5.1.1. Core Server Specifi c Configuration 5.1.1.1. Additional Core Se rver Configuration 5.1.2. Gatekeeper Specifi c Configuration 5.1.3. Location Server A dditional Configuration 5.1.4. Log Client Specifi c Configuration Field Description 5.1.1. Log Daemon Specific Configuration 5.1.2. Migration/Purge Se rver (MPS) Specific Conf iguration 5.1.3. Mover Specific Co nfiguration 5.1.3.1. Mover Specific Configuration Window Table 4. Mover T CP Pathname Options 5.1.3.1. Additional Mover C onfiguration 5.1.3.1.1. /etc/services, /etc/inetd.conf, and /etc/xinetd.d For non-Linux syste ms For Linux systems 5.1.3.1.2. The Mover Encryptio n Key Files 5.1.3.1.3. /var/hpss/etc F iles Required for Remote Mo ver 5.1.3.1.1. System Configurati on Parameters on IRIX, So laris, and Linux IRIX Table 1. IRIX S ystem Parameters Solaris Table 2. Solaris System Parameters Linux Table 3. Linux System Parameters 5.1.3.1.1. Setting Up Remote Movers with mkhpss 5.1.3.1.2. Mover Configuration to Support Local File T ransfer 5.1.1. Physical Volume R epository (PVR) Specific Configuration 5.1.1.1. Operator PVR Specif ic Configuration Window 5.1.1.1. 3494 PVR Specific Configuration 5.1.1.1.1. 3494 PVR Specific Configuration Window 5.1.1.1.1. 3494 PVR Additional Information Configuration Req uirements 5.1.1.2. AML PVR Specific Configuration 5.1.1.2.1. AML PVR Specific Configuration Window Page 5.1.1.2.1. AML PVR Additional Information ADIC Automatic Med ia Library Storage Sy stems Information be Starting the DAS Server Processes 5.1.1.1. LTO PVR Specific Configuration 5.1.1.1.1. LTO PVR Specific Configuration Window Page 5.1.1.1.1. LTO PVR Additional Information 5.1.1.2. SCSI PVR Specific C onfiguration Window Page 5.1.1.1. STK PVR Specific Configuration Window 5.1.1.1.1. STK PVR Additional Information ACSLS Packet Vers ion Starting the STK Client Processes 5.1.1. Deleting a Server Configuration Page 5.1. Monitoring Server Information 5.1.1. Basic Server I nformation Using the Basic S erver Information Windo w 5.1.1. Specific Server I nformation Using the Server Specific Information W indows 5.1.1.1. Core Server Info rmation Window Page Page 5.1.1.1. Gatekeeper Inform ation Window Page 5.1.1.1. Location Server I nformation Window 5.1.1.2. Migration/Purge Se rver Information Window 5.1.1.3. Mover Information Window Operational Notes 5.1.1.1. Physical Volume L ibrary (PVL) Information Window 5.1.1.2. Physical Volume R epository (PVR) Informatio n Windows 5.1.1.2.1. Operator PVR Inf ormation Window 5.1.1.2.1. 3494 PVR Informatio n Window Page 5.1.1.2.1. AML PVR Information Window 5.1.1.2.1. LTO PVR Information Window Page 5.1.1.2.1. SCSI PVR Informatio n Window Page 5.1.1.2.1. STK PVR Information Window 5.1. Real-Time Monitoring (RTM) 5.1.1. RTM Summary List RTM Summary List 5.1.2. RTM Detail Page Page 5.2. Starting HPSS 5.2.1. Starting HPSS P rerequisite Software 5.2.2. Starting HPSS S ervers 5.2.2.1. Starting the Startup Daemons 5.2.2.2. Starting SSM 5.2.2.3. Starting Other HPS S Servers 5.2.2.4. Automatic Server Restart Table 1. Auto R estart Count Values 5.1. Stopping HPSS 5.1.1. Shutting Down an HPSS Server 5.1.2. Shutting Down All HPSS Servers 5.1.3. Halting an HPSS Ser ver 5.1.4. Shutting Down the SSM Server 5.1.5. Shutting Down the Startup Daemon 5.1.6. Stopping the Prereq uisite Software 5.2. Server Repair and Rein itialization 5.2.1. Repairing an HPSS S erver 5.2.2. Reinitializing a Server Table 1. Server Reinitialization Beh avior Page 5.1. Forcing an SSM Conn ection Chapter 6. Storage Configurat ion 6.1. Storage Classes 6.1.1. Configured Storage Cla sses Window 6.1.2. Disk Storage Class Configuration Page Page Storage Segment Size Media Type. Transfer Rate Device I/O Rate (DIOR). 6.1.3. Tape Storage Class Configuration Page Storage Segment Size Media Type. Transfer Rate 6.1.4. Storage Class Subs ystem Thresholds 6.1.4.1. Disk Storage Sub system-Specific Thresho lds Page 6.1.4.2. Tape Storage Subsys tem-Specific Thresholds 6.1.5. Changing a Storage Class Definition 6.1.6. Deleting a Storage Class Definition 6.2. Storage Hierarchies 6.2.1. Hierarchies Window Page 6.2.2. Storage Hierarchy Configuration Window 6.2.3. Changing a Storage Hierarchy Definition 6.2.4. Deleting a Storage Hierarchy Definition 6.3. Classes of Service 6.3.1. Classes of Serv ice Window Field Description 6.3.2. Class of Service Configuration Window Page Page 6.3.3. Changing a Class of Service Definition 6.3.4. Deleting a Class o f Service Definition 6.3.5. Changing a File's C lass of Service 6.3.6. Canceling a Class of Service Change Request 6.4. Migration Policies 6.4.1. Migration Policies Window Page 6.4.2. Migration Policy Configuration 6.4.2.1. Disk Migration Policy Configuration Page Page 6.4.2.2. Tape Migration Poli cy Configuration Page Page 6.4.2.3. Changing a Migration Policy 6.4.2.4. Deleting a Migratio n Policy 6.5. Purge Policies 6.5.1. Purge Policies Window 6.5.2. Purge Policy Confi guration Page 6.5.3. Changing a Purge Pol icy 6.5.4. Deleting a Purge Po licy 6.6. File Families 6.6.1. File Family Configu ration 6.6.2. Changing a File Fam ily 6.6.3. Deleting a File Fam ily Page Chapter 7. Device and Drive M anagement 7.1. Configure a New Device & Drive Disk Device Configu ration Tape Device Config uration Page Page Page Table 2. Recommen ded Settings for Tape Devices 7.1.1. Devices and Drives Window Page Page Device Administrati on Buttons Drive Administratio n Buttons Information Button s Configuration But tons Preferences 7.1.2. Enable Variable Bl ock Sizes for Tape Device s 7.1.3. Changing a Drive's Configuration 7.1.4. Deleting a Drive's Configuration 7.2. Monitoring Devices and Drives 7.2.1. Mover Device Inf ormation Window Page Page Page Operational Notes Page Page Page Page 7.3. Drive Pools 7.3.1. Tape Drive Configur ation 7.3.2. Client Application Tape Read Requests 7.3.3. Drive Pool Conside rations 7.4. Changing Device an d Drive State 7.4.1. Unlocking a Driv e 7.4.2. Locking a Drive 7.4.3. Repairing the Stat e of a Device or Drive 7.4.4. Resetting Drive S tatistics Page Chapter 8. Volume and Storage Management 8.1. Adding Storage Space 8.1.1. Importing Volumes int o HPSS Page 8.1.1.1. Import Tape Volumes Window Page Page Page 8.1.1.2. Selecting Import Type for Tape Cartridges Table 3. Tape Im port Types 8.1.1.3. Import Disk Volumes Window Page Page Page 8.1.1.4. Selecting Import Type for Disk Volumes Table 4. Disk Im port Types 8.1.2. Creating Storage Reso urces 8.1.2.1. Create Tape Resourc es Window Page 8.1.2.2. Create Disk Resour ces Window Page Page 8.2. Removing Storage Sp ace 8.2.1. Deleting Storage Resources 8.2.1.1. Rules for Deleting Resources 8.2.1.2. Delete Resources Window Page 8.2.2. Exporting Volumes from HPSS 8.2.2.1. Rules for Exportin g Volumes 8.2.2.2. Export Volumes Win dow Page Page 8.3. Monitoring Storage Space 8.3.1. Active Storage Cl asses Window Page Page 8.3.2. MPS Disk Storage Class Information Page Page Page Page 8.3.3. MPS Tape Storage Cla ss Information Page 8.4. Dealing with a Spa ce Shortage 8.4.1. Forcing Migration 8.4.2. Forcing Purge 8.4.3. Repacking and Recla iming Volumes 8.4.3.1. Repack Virtual Vol umes Window Page 8.4.3.2. Reclaim Virtual Vo lumes Window 8.5. Volume Management 8.5.1. Lookup Cartridge s & Volumes Window 8.5.2. PVL Volume Informat ion Window 8.5.3. PVR Cartridge Infor mation Window Page Page Page Page Page More Commonly Used Data Tab Less Commonly Used Data Tab Physical Volumes 8.5.4.2. Core Server Tape Vo lume Information Window Page More Commonly Used Data Tab Page Page Physical Volumes 8.5.5. Changing Core Server Volume Condition Page 8.5.6. Moving PVR Cartridg es to Another PVR 8.5.6.1. Move Cartridges Window Page Page 8.6. Monitoring and Mana ging Volume Mounts 8.6.1. PVL Job Queue Windo w Page 8.6.2. PVL Request Inform ation Window Page 8.6.3. Canceling Queued P VL Requests 8.6.4. Tape Check-In Reque sts Window Buttons and Check boxes 8.6.5. Tape Mount Requests Window Buttons and Check boxes 8.6.6. Administrative T ape Dismounts 8.7. New Storage Technology Insertion Page Page Chapter 9. Logging and Statu s 9.1. Logging Overview 9.2. Log Policies 9.2.1. Creating a Log Policy 9.2.2. Logging Policies Window Configuration But tons 9.2.2.1. Logging Policy Co nfiguration Window 9.2.3. Changing a Log Polic y 9.2.4. Deleting a Log Poli cy 9.3. Managing the Central Log 9.3.1. Configuring Central Log Options 9.3.2. Viewing the Central Log (Delogging) 9.4. Log Files Information 9.5. Managing Local Logging 9.5.1. Configuring Local Logging Options 9.5.2. Viewing the Local Log 9.6. Managing SSM Alarms a nd Events 9.6.1. Alarms and Events Window Page Page 9.6.3. Diagnosing HPSS Pr oblems with Alarms and Even ts 9.6.4. Controlling SSM L og Message Handling 9.6.4.1. Controlling the System Manager Log Message Cache 9.6.4.2. Controlling Log Me ssages Displayed by hpssgu i and hpssadm Page Chapter 10. Filesets and Junct ions 10.1. Filesets & Junctions List Page 10.2. Creating an HPSS Fi leset 10.2.1. Create Fileset Window Page 10.3. Managing Existing Filesets 10.3.1. Core Server Files et Information Window Page 10.4. Deleting Filesets 10.5. Creating a Junction 10.5.1. Create Junction Window Page Chapter 11. Files, Directories and Objects by SOID 11.1. Files & Directories Wind ow Page Page Page Page 11.2. Objects by SOID Window Chapter 12. Tape Aggregation 12.1. Overview of Tape Aggregat ion 12.2. Tape Aggregation Performa nce Considerations 12.3. Configuring Tape Aggregat ion Page Chapter 13. User Accounts and Accounting 13.1. Managing HPSS Users 13.1.1. Adding HPSS Users 13.1.1.1. Add All User ID Type s 13.1.1.2. Add a UNIX User ID 13.1.1.3. Add a Kerberos User ID 13.1.1.4. Add an LDAP User ID 13.1.1.5. Add an FTP User ID 13.1.1.6. Add an SSM User ID 13.1.2. Deleting HPSS Users 13.1.3. Listing HPSS User s 13.1.4. Create an SSM Clien t Package 13.2. Accounting 13.2.1. Accounting Poli cy Window Page 13.2.2. Accounting Reports and Status 13.2.2.1. Generating an A ccounting Report 13.2.2.2. Accounting Sta tus Window 13.2.2.3. Interpreting the Accounting Report Page 13.2.3. Accounting Proced ures 13.2.3.1. Site Defined Accou nting Configuration Files and Procedures 13.2.3.1.1. Site Defined Ac count Maps 13.2.3.1.2. Site Defined Accou nt Apportionment Table 13.2.3.1.3. Maintaining Site Defined Accounting Files 13.2.3.2. Accounting Interv als and Charges Chapter 14. User Interfaces 14.1. Client API Configuration Page 14.2. FTP/PFTP Daemon Conf iguration Step 1. Verifying the FTP Configuratio n Step 2. Configuri ng the FTP/PFTP Daemo n Syslog Step 3. Defining the PFTP Access Page Table 5. Banner Keywords Step 4. Creating FTP Users 14.3. HPS S VFS Interface Configura tion 14.3.1. HPSS VFS Interface Overview 14.3.2. Supported Linux Ver sions 14.3.3. Installation and Configuration of VFS 14.3.3.1. Extracting fro m HPSS Source Tree 14.3.3.2. Compiling/Building 14.3.3.3. Modifying the Kern el 14.3.3.4. Client API Pre-R equisite Page 14.3.3.5. Other System Conf iguration Details 14.4. Mounting VFS Filesy stems 14.4.1. Mounting via th e Command Line 14.4.2. Mounting via th e /etc/fstab File 14.4.3. Mount Options Table 5. HPSS VFS Interface Mount Options Page 14.4.4. Un-mounting an HPSS Filesystem 14.4.5. Linux proc Filesy stem Statistics 14.5. Additional VFS Note s 14.5.1. Building an RPM Package Chapter 15. Backup and Recovery 15.1. HPSS Metadata Backup and Recovery 15.1.1. HPSS Administrator Res ponsibilities for DB2 15.1.2. Overview of the D B2 Backup Process 15.1.2.1. Configuring DB2 for Online Backup 15.1.3. Overview of the D B2 Recovery Process 15.2. HPSS System Environm ental Backup 15.2.1. HPSS Filesystem B ackup 15.2.2. Operating System Backup 15.2.3. Kerberos Backup 15.3. HPSS User Data Recover y 15.3.1. Recovering HPSS Fi les from Damaged HPSS Volume s Page 15.3.1.1. Recover Partially Damaged Disk or Tape Volume 15.3.1.1.1. With Secondary Copies 15.3.1.1.2. Without Secondary Copies 15.3.1.2. Cleanup Totally Dam aged Disk or Tape 15.4. DB2 Monitoring 15.5. DB2 Space Shortage 15.5.1. DMS Table Spaces 15.5.2. SMS Table Spaces Page Chapter 16. Management Tools 16.1. Utility Over view 16.1.1. Fileset and Junction Management 16.1.2. Tape Management 16.1.3. System Inf o 16.1.4. System Management 16.1.5. User Interfaces 16.1.6. Testing/Debugging 16.1.7. Unsupported Tools Page Page Appendix A. Glossary of Terms and Acronyms Page Page Page Page Page Page Page Page Page Page Page Appendix B. References Page Appendix C. Developer Acknowled gments