Hp nas server security in an nt-only environment – HP StorageWorks 8000 NAS User Manual

30 NAS 8000 Concepts

NAS server then maintains the same UID and GID numbers that your UNIX

users are currently assigned in a heterogeneous environment.

Note

Whether you disable or enable the use of a NIS server, you are

in no way affecting the security of a homogenous UNIX

environment.

An additional form of security called host access is available in the UNIX

environment and controls which client machines are allowed access to the

NAS server, regardless of the user. The allowed clients are specified by a list

of IP addresses or hostnames representing those machines. Host access

controls access by machine, not user.

HP NAS Server Security in an NT-only Environment

The security schema for NT systems is different from that of UNIX, but there

are two similarities:

■

You can set up the security model to allow user authentication at the share

level; alternatively, you use a security domain, in which authentication is

handled by a Primary Domain Controller (PDC) or Backup Domain

Controller (BDC).

■

Processes are run with an identity of a user and any groups to which that

user belongs for either that workstation or the domain. Each data object is

associated with meta-data, sometimes called a security descriptor (SD).

The security descriptor contains a list of permissions or denials in the

Access Control List (ACL), which contains an almost limitless number of

permutations that can be associated with a data object.

The NAS server lets you choose between two security models:

■

Share-level security

■

User-level (Domain) security

Additionally, host access is available in the NT environment to control which

client machines are allowed access to the NAS server, regardless of the user.

The allowed clients are specified by a list of IP addresses or hostnames

representing those machines. Host access controls access by machine, not

user.