Filter
Top Products
Chapter 1 HPSS Basics
32 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
provides HPSS with an environment in which a job or action that requires the work of
multiple servers either completes successfully or is aborted completely within all servers.
• Metadata Management. Each HPSS server component has system state and resource data
(metadata) associated with the objects it manages. Each server with non-volatile metadata
requires the ability to reliably store its metadata. The metadata management performance
must also be able to scale as the number of object instances grow. In addition, access to
metadata by primary and secondary keys is required.
The Encina Structured File Server (SFS) product serves as the HPSS Metadata Manager
(MM). SFS provides B-tree clustered file records, relative sequence file records, record and
field level access, primary and secondary keys, and automatic byte ordering between
machines. SFS is also fully integrated with the Encina’s transaction management
capabilities. As a result, SFS provides transactional consistency and data recovery from
transaction aborts. An HPSS component called the Metadata Monitor (MMON) provides
monitoring of the HPSS Encina SFS, including generating notifications when configurable
metadata space usage thresholds are exceeded.
• Security. HPSS software security provides mechanisms that allow HPSS components to
communicate in an authenticated manner, to authorize access to HPSS objects, to enforce
access control on HPSS objects, and to issue log records for security-related events. The
security components of HPSS provide authentication, authorization, enforcement, audit,
and security management capabilities for the HPSS components. Customer sites may use
the default security policy delivered with HPSS or define their own security policy by
implementing their own version of the security policy module.
◆ Authentication — is responsible for guaranteeing that a principal (a customer identity)
is the entity that is claimed, and that information received from an entity is from that
entity. An additional mechanism is provided to allow authentication of File Transfer
Protocol (FTP) users through a site-supplied policy module.
◆ Authorization — is responsible for enabling an authenticated entity accessto an allowed
set of resources and objects. Authorization enables end user access to HPSS directories
and bitfiles.
◆ Enforcement — is responsible for guaranteeing that operations are restricted to the
authorized set of operations.
◆ Audit — is responsible for generating a log of security-relevant activity. HPSS audit
capabilities allowsites to monitor HPSS authentication, authorization, and file security
events. File security events include file creation, deletion, opening for I/O, and
attribute modification operations.
◆ Security management — allows the HPSS administrative component to monitor the
underlying DCE security services used by the HPSS security subsystem.
HPSS components that communicate with each other maintain a joint security context. The
security context for both sides of the communication contains identity and authorization
information for the peer principals as well as an optional encryption key. The security
context identity and authorization information is obtained using DCE security and RPC
services.
Access to HPSS server interfaces is controlled through an Access Control List (ACL)
mechanism. Access for HPSS bitfile data is provided through a distributed mechanism