Archiving security configuration – HP Storage Mirroring V5.1 Software User Manual
Page 103
15 - 4
Archiving security configuration
Before you can use Storage Mirroring Archiving Option, you must establish a specific security
configuration. This is a six step process.
1.
Confirm Storage Mirroring is installed on both the source and target with a Storage Mirroring
Archiving Option activation code.
2.
Create a new service account. (A service account is a user account that is created explicitly to
provide security context for a service.)
a.
From Active Directory Users and Computers, create a new user.
b.
Enter a descriptive name for the first and last name and modify the full name as desired.
c.
Specify a User logon name.
d.
Specify and confirm a Password for the account.
e.
Specify your password settings. The settings you select may be dependent on your
company’s security policies. Keep in mind the following caveats for password settings for a
service account.
User must change password at next logon—The Storage Mirroring recommendation
is to disable this setting. The Storage Mirroring Archiving Option service will not be able
to start if this option is enabled because the service will be waiting on the required logon
change.
User cannot change password—The Storage Mirroring recommendation is to enable
this setting. If this setting is enabled, you will not have to worry about updating the
credentials in the Storage Mirroring Archiving Option service. If you cannot select this
option because of company security policies and the password on the account is changed,
the Storage Mirroring Archiving Option service will no longer have valid credentials. File
recalls will not function until the Storage Mirroring Archiving Option service credentials
are updated to the new password.
Password never expires—The Storage Mirroring recommendation is to enable this
setting. If this setting is enabled, you will not have to worry about updating the
credentials in the Storage Mirroring Archiving Option service. If you cannot select this
option because of company security policies and the password on the account expires,
the Storage Mirroring Archiving Option service will no longer have valid credentials. File
recalls will not function until the account is reset and the Storage Mirroring Archiving
Option service credentials are updated.
Account is disabled—The Storage Mirroring recommendation is to disable this setting.
Because the word disable is part of the option name, the recommendation can be
confusing. You want to enable the account, which means this option should not have a
checkmark. If the option does have a checkmark, meaning the account would be
disabled, file recalls will not function.
f.
Finish the account creation wizard.
3.
Add the new service account to the local Administrators group on the source and target.
4.
Add the new service account to the local Double-Take Recall group on the source and target.
5.
Modify the Storage Mirroring Archiving Option service on the source and target to use the new
service account.
a.
From the services applet (Administrative Tools, Services) right-click the Storage Mirroring
Archiving Option service and select Properties.
b.
On the Log On tab, select This account and specify the new user and the password.
c.
On the General tab, select Startup type, and select Automatic.
d.
Click OK to save the changes.
6.
Start the Storage Mirroring Archiving Option service on the source and target. If the service is
already running, you must stop and restart it so that it uses the user account and group
modifications you just made.
NOTE:
When establishing your connection, you can verify your security configuration on the
Connection Manager Archive Options tab by clicking the Validate button. The validation
checks to see if the correct service is running and it has an account in the correct security
group. It also confirms if the target has shared the archive bin correctly and if network
communications are functioning properly. Any success or failure messages will be
included in the Storage Mirroring log file on the source.