Overview of lun security xp extension, Assigning access attributes to logical volumes, Restricting read and write operations – HP StorageWorks XP Remote Web Console Software User Manual
Page 9: 1 overview of lun security xp extension, 1overview of lun security xp extension
LUN Security XP Extension user guide
9
1
Overview of LUN Security XP Extension
HP StorageWorks LUN Security XP Extension protects data on an array from I/O operations performed on
open-systems hosts. You can use LUN Security XP Extension to assign an access attribute to each logical
volume. If you use LUN Security XP Extension, you can use a logical volume as a read-only volume and
protect a logical volume against read and write operations.
Use LUN Security XP Extension to suspend data activity within the environment. This ensures that logical
volumes whose retention period expires will not return to Read/Write mode. This feature is called
Expiration Lock (also called Audit Lock).
You cannot use LUN Security XP Extension to change the access attribute of logical volumes that meet
certain conditions. For detailed information, see ”
Using LUN Security XP Extension with other products
page 10.
In local array documentation, logical volumes are sometimes referred to as logical devices (or LDEVs).
Logical volumes accessed by open-systems hosts are sometimes referred to as logical units (or LUs).
CAUTION:
HP StorageWorks LUN Security XP Extension provides the ability to place logical volumes into
secure states. In these secure states, data on the volumes cannot be modified until the retention time
specified when the volume is placed in the secured state has elapsed.
Assigning access attributes to logical volumes
By default, all open-systems volumes are subject to read and write operations by open-systems hosts. For
this reason, data on open-systems volumes could be damaged or lost if an open-systems host performs
erroneous write operations. Also, confidential data on open-systems volumes could be stolen if a malicious
operator performs read operations on open-systems hosts.
Restricting read and write operations on logical volumes can prevent data from being damaged, lost, or
stolen. With LUN Security XP Extension, you can use logical volumes as read-only volumes to protect them
against write operations, or you can protect logical volumes against both read and write operations.
Restricting read and write operations
To restrict read and write operations, use LUN Security XP Extension to assign one of the following access
attributes to each logical volume (see ”
Changing logical volumes’ access attributes
•
Read/Write: Open-systems hosts can perform read and write operations on the logical volume.
Continuous Access XP and Business Copy XP can copy data to logical volumes that have the
Read/Write attribute. If necessary, you can prevent copying data to logical volumes that have the
Read/Write attribute.
Read/Write is the default attribute for open-systems volumes.
•
Read Only: Open-systems hosts can perform read operations, but cannot perform write operations on
the logical volume.
Continuous Access XP and Business Copy XP cannot copy data to logical volumes that have the Read
Only attribute.
•
Protect: Open-systems hosts cannot access the logical volume. Open-systems hosts cannot perform read
or write operations on the logical volume.
Continuous Access XP and Business Copy XP cannot copy data to or from logical volumes that have the
Protect attribute.
shows access attributes for logical volumes 00, 01, and 02. Logical volume 03’s access attribute
is Can't Guard, which means you cannot assign any access attribute to the logical volume. LUN Security
XP Extension cannot assign access attributes to:
•
Mainframe volumes