How storage mirroring security works, Chapter 20 server settings -1 – HP Storage Mirroring V5.1 Software User Manual

22 - 2

How Storage Mirroring security works

1.

When any Storage Mirroring client machine attempts to access a source or target machine

running on Windows, it will attempt to automatically logon to the source or target using the

three methods below.



The security credentials of the user currently logged into the Storage Mirroring client machine

are sent to the Storage Mirroring source or target machine. From the security credentials, the

source or target machine determines if the user is a member of either of the Storage Mirroring

security groups and if so, grants the appropriate level of access.



The last valid set of credentials (credentials previously granting either Administrator or

Monitor level access) used to access each machine is recorded in the registry of the client

machine. If the logon attempt using the credentials of the user currently logged in fails, a set

of credentials is retrieved from the registry and is sent to the Storage Mirroring source or

target. The Storage Mirroring source or target checks the validity of the credentials and

determines if the user is a member of one of the Storage Mirroring security groups and then

grants the appropriate level of access.



Each valid set of credentials (credentials previously granting either Administrator or Monitor

level access) used by the Storage Mirroring client application is recorded in a memory-resident

credentials buffer maintained by the Storage Mirroring client application. If the logon attempts

using the credentials of the user currently logged in or those credentials stored in the registry

fails, a set of credentials is retrieved from the Storage Mirroring client application’s credentials

buffer and is sent to the source or target. This process is repeated until a valid set of

credentials is found or the credentials buffer is exhausted.

2.

The Storage Mirroring client tries each of these three methods until a set of credentials granting

Administrator access is found. If no credentials granting Administrator access are found, the

Storage Mirroring client attempts to find a set of credentials granting Monitor access. If no

credentials grant Monitor access, the user must manually logon to the Storage Mirroring source

or target by providing a user name, password, and domain.

NOTE:

You can disable the feature that maintains the security credentials in the registry

by following the instructions in the next section.

NOTE:

The credentials buffer is cleared each time the Storage Mirroring client application

is closed.

NOTE:

If a user name exists both on the local machine and on the network, Windows first

attempts to login to the machine with the local user name and password and ignores

the domain. If this fails, it then tries to login with the network user name, password

and domain.