Security and availability, Overview, Data file access security – HP NonStop G-Series User Manual

System Management

HP NonStop AutoTMF Software User’s Guide—429952-014

A-18

Security and Availability

2. The CI also requests the version from the selected monitor process, which must

match the expected version in the CI.

3. Whenever the CI opens a new monitor, the version checks are made for both the

monitor process and the associated MapDB.

4. When a

START MONITOR

command is run, the monitor terminates if the CI

version does not match the monitor’s version. The monitor also checks the version
of MapDB.

5. When an application process is run, each request from the NonStop AutoTMF

software runtime to the monitor contains a version number. If the version does not
match the monitor’s version, the request is rejected, and the application
terminates.

Security and Availability

This section describes various security and availability considerations when installing
and using Escort. This material should be studied carefully before converting a
production application to use Escort.

Overview

Security considerations are essentially two-fold:

•

When used in production, NonStop AutoTMF software becomes an essential part
of the application environment; damage or misuse of the product may result in an
application outage and business disruption. You should take steps to secure the
product to ensure its continuous availability.

•

Since production database accesses are intercepted by NonStop AutoTMF
software, there is an opportunity for misuse that could compromise security of your
database. You can prevent security breaches with a few simple installation and
configuration steps.

In general, a few minor security considerations are introduced, but the product does
not represent a major avenue for breaches of system or data security. NonStop
AutoTMF software is not privileged and does not require use of the SUPER.SUPER
account at any time. It depends on conventional file system security to protect its own
configuration data. With the exception of the tracing facility, described below, it
depends on conventional file system security to protect your database and other files.

Data File Access Security

All application data access is performed using standard, non-privileged, operations
from the application process. The form of access may be altered (such as to perform

Note. Requirements for security vs. ease-of-access vary from customer to customer. The
following security guidelines may or may not apply to your security requirements, You are
ultimately responsible for ensuring the appropriate level of security.