IBM HPSS Network Card User Manual


 
HPSS Core Server performs most of the HPSS metadata changes using the transaction
management tools provided by DB2. For the most part, these metadata transactions are
managed entirely within the Core Server. Other servers such as MPS and PVL modify their
metadata transactionally, and those transactions are entirely contained within those servers. A
very small number of rarely performed operations require distributed transaction management,
and these are handled by DB2 as well.
Transactional integrity to guarantee consistency of server state and metadata is required in
HPSS in case a particular component fails. HPSS metadata updates utilize the transactional
capability of DB2. The selection of DB2 was based on functionality and vendor platform
support. It provides HPSS with an environment in which a job or action completes
successfully or is aborted completely.
DB2 provides a full suite of recovery options for metadata transactions. Recovery of the
database to a consistent state after a failure of HPSS or DB2 is automatic. A full suite of
database backup and maintenance tools is provided as well.
Security. HPSS security software provides mechanisms that allow HPSS components to
communicate in an authenticated manner, to authorize access to HPSS objects, to enforce
access control on HPSS objects, and to issue log records for security-related events. The
security components of HPSS provide authentication, authorization, enforcement, and audit
capabilities for the HPSS components. Customer sites may use the default security policy
delivered with HPSS or define their own security policy by implementing their own version of
the security policy module.
Authentication — is responsible for guaranteeing that a principal (a customer identity)
is the entity that is claimed, and that information received from an entity is from that
entity.
Authorization — is responsible for enabling an authenticated entity access to an
allowed set of resources and objects. Authorization enables end user access to HPSS
directories and bitfiles.
Enforcement — is responsible for guaranteeing that operations are restricted to the
authorized set of operations.
Audit — is responsible for generating a log of security-relevant activity. HPSS audit
capabilities allow sites to monitor HPSS authentication, authorization, and file
security events. File security events include file creation, deletion, opening for I/O,
and attribute modification operations.
HPSS components that communicate with each other maintain a joint security context. The
security context for both sides of the communication contains identity and authorization
information for the peer principals as well as an optional encryption key.
Access to HPSS server interfaces is controlled through an Access Control List (ACL)
mechanism. Membership on this ACL is controlled by the HPSS administrator.
Logging. A logging infrastructure component in HPSS provides an audit trail of server
events. Logged data includes alarms, events, requests, security audit records, status records,
and trace information. The Log Client, which may keep a temporary local copy of logged
information, communicates log messages to a central Log Daemon, which in turn maintains a
central log. Depending on the type of log message, the Log Daemon may send the message to
the SSM for display purposes. When the central HPSS log fills, messages are sent to a
secondary log file. A configuration option allows the filled log to be automatically archived to
HPSS Installation Guide July 2008
Release 6.2 (Revision 2.0) 45