HP LeftHand P4000 HP LeftHand SAN Solutions Support Document - Application Not - Page 4

Lefthand Networks Security Features - virtual san

Get HP LeftHand P4000 - SAN Solutions PDF manuals and user guides View all HP LeftHand P4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 4 highlights

Lefthand Networks Security Features Access Control • Authentication Groups are lists of iSCSI Qualified Node Names (iqn) that correspond to application server(s). These lists contain the iqn for a particular application server. • Authentication Groups can optionally use CHAP (Challenge Handshake Authentication Protocol) for one-way or two-way (mutual) authentication between the application servers and storage systems. • The function of the Authentication Group is to ensure that authorized servers have access to their volumes on the SAN, and to prevent un-authorized servers from gaining access to any SAN resources. Volume (LUN) • Volume (LUN) Mapping is the process by which volumes are assigned to servers. A Volume Mapping List identifies the server(s) (via Authentication Groups) that have access to one or more volumes on the SAN. • Volume Lists support one-to-one, one-to-many, many-to-one and many-to-many server to volume mappings to support the wide range of shared disk applications on the market today. Application Server Clustering is a shared disk resource application that is explicitly enabled on a LeftHand Networks' SAN by the volume mapping security model. • It should be noted that the default permission on a newly created volume is an implicit deny, whereby no application server can mount a volume until an access control assignment is made via an Authentication Group. Volume (LUN) • Volume (LUN) Masking is the process by which a server is only permitted to have awareness Masking of volumes on the SAN for which it has been mapped to via a Volume List. • The SAN is a shared resource pool. Integrated into the LeftHand Networks' SAN solution is the security capability that ensures application servers only have access to volumes for which they have been granted explicit access to. • Volume (LUN) Masking specifically enables customers/service-providers to setup a shared resource pool for multiple storage consumers. These storage consumers could be different applications, operating systems, departments or, in the service-provider framework, different companies altogether. Volume (LUN) Masking ensures Company A can never get access to Company B volumes, and vice versa. Volume Permissions • When Volumes are associated to Servers via the Volume List, one chooses the type of permission the application server in question will be granted. The permission levels are Read/Write, Read-only or No Access. This granular assignment of permissions allows a storage administrator to specifically provision storage in a way the suits the application. Note: The term 'volume' is interchangeable in this context with terms like LUN, Virtual Disk, Disk, Snapshot, etc. 4

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
4
Lefthand Networks Security Features
Note:
The term ‘volume’ is interchangeable in this context with terms like
LUN, Virtual Disk, Disk, Snapshot, etc.
Access Control
Authentication Groups are lists of iSCSI Qualified Node Names (iqn) that correspond to
application server(s). These lists contain the iqn for a particular application server.
Authentication Groups can optionally use CHAP (Challenge Handshake Authentication
Protocol) for one-way or two-way (mutual) authentication between the application servers
and storage systems.
The function of the Authentication Group is to ensure that authorized servers have access to
their volumes on the SAN, and to prevent un-authorized servers from gaining access to any
SAN resources.
Volume (LUN)
Mapping
Volume (LUN) Mapping is the process by which volumes are assigned to servers. A Volume
List identifies the server(s) (via Authentication Groups) that have access to one or more
volumes on the SAN.
Volume Lists support one-to-one, one-to-many, many-to-one and many-to-many server to
volume mappings to support the wide range of shared disk applications on the market today.
Application Server Clustering is a shared disk resource application that is explicitly enabled
on a LeftHand Networks’ SAN by the volume mapping security model.
It should be noted that the default permission on a newly created volume is an implicit deny,
whereby no application server can mount a volume until an access control assignment is
made via an Authentication Group.
Volume (LUN)
Masking
Volume (LUN) Masking is the process by which a server is only permitted to have awareness
of volumes on the SAN for which it has been mapped to via a Volume List.
The SAN is a shared resource pool. Integrated into the LeftHand Networks’ SAN solution is
the security capability that ensures application servers only have access to volumes for
which they have been granted explicit access to.
Volume (LUN) Masking specifically enables customers/service-providers to setup a shared
resource pool for multiple storage consumers. These storage consumers could be different
applications, operating systems, departments or, in the service-provider framework,
different companies altogether. Volume (LUN) Masking ensures Company A can never get
access to Company B volumes, and vice versa.
Volume
Permissions
When Volumes are associated to Servers via the Volume List, one chooses the type of
permission the application server in question will be granted. The permission levels are
Read/Write, Read-only or No Access. This granular assignment of permissions allows a
storage administrator to specifically provision storage in a way the suits the application.