IBM HPSS Network Card User Manual


 
HPSS provides facilities for recording information about authentication and object
(file/directory) creation, deletion, access, and authorization events. The security audit policy
for each server determines the records that each individual server will generate. All servers
can generate authentication records.
Accounting Policy. The accounting policy provides runtime information to the accounting
report utility and to the Account Validation service of the Gatekeeper. It helps determine what
style of accounting should be used and what level of validation should be enforced.
The two types of accounting are site-style and UNIX-style. The site-style approach is the
traditional type of accounting in use by most mass storage systems. Each site will have a site-
specific table (Account Map) that correlates the HPSS account index number with their local
account charge codes. The UNIX-style approach allows a site to use the user identifier (UID)
for the account index. The UID is passed along in UNIX-style accounting just as the account
index number is passed along in site-style accounting.
Account Validation allows a site to perform usage authorization of an account for a user. It is
turned on by enabling the Account Validation field of the Accounting Policy configuration
screen. If Account Validation is enabled, the accounting style in use at the site is determined
by the Accounting Style field. A site policy module may be implemented by the local site to
perform customized account validation operations. The default Account Validation behavior
is performed for any Account Validation operation that is not overridden by the site policy
module.
Location Policy. The location policy defines how Location Servers at a given site will
perform, especially in regards to how often server location information is updated. All local,
replicated Location Servers update information according to the same policy.
Gatekeeping Policy. The Gatekeeper provides a Gatekeeping Service along with an Account
Validation Service. These services provide the mechanism for HPSS to communicate
information though a well-defined interface to a policy software module that can be written by
a site. The site policy code is placed in well-defined shared libraries for the gatekeeping
policy and the accounting policy (/opt/hpss/lib/libgksite.[a|so] and /opt/hpss/lib/libacctsite.[a|
so] respectively) which are linked to the Gatekeeper. The Gatekeeping policy shared library
contains a default policy which does NO gatekeeping. Sites will need to enhance this library
to implement local policy rules if they wish to monitor and load-balance requests.
2.4. HPSS Hardware Platforms
2.4.1. Server Platforms
HPSS requires at least one AIX or Linux node for the core server components. A server node must
have sufficient processing power and memory to handle the work load.
2.4.2. Client Platforms
The full-function Client API can be ported to any platform that supports UNIX.
The PFTP client code and Client API source code for platforms other than AIX and Linux are not on
the HPSS distribution image. Maintenance of the PFTP and Client API software on platforms other
than AIX and Linux is the responsibility of the customer, unless a support agreement is negotiated
with IBM. Contact your HPSS Support Representative for information on how to obtain the needed
software.
HPSS Installation Guide July 2008
Release 6.2 (Revision 2.0) 48