beautypg.com

K2 and gv stratus security considerations, About groups and users – Grass Valley GV STRATUS Installation v.3.1 User Manual

Page 168

background image

To support legacy FTP and security features, K2 systems also have movie, mxfmovie, mpgmovie,
and video_fs accounts. Do not use these accounts to log in to the Windows operating system on K2
systems.

Related Topics

About credentials in SiteConfig

on page 180

Set credentials

on page 58

Changing passwords

on page 310

K2 and GV STRATUS security considerations

Access Control Lists (ACLs) specify individual user or group rights to specific system objects such
as programs, processes, or files. K2 Summit systems enforce ACLs for security and permissions on
K2 bins and channels. However, the GV STRATUS system does not enforce ACLs. Instead, the
GV STRATUS system always accesses the K2 Summit system via the internal system account,
which by default is GVAdmin, and the K2 Summit system is configured by default to allow full
access to that account. This is an important consideration to allow the systems to operate together.
Therefore you must not change the default configuration of security and permissions on your K2
Summit systems that are part of your GV STRATUS system. This includes Windows operating
system ACL settings and K2 AppCenter security/permission settings on bins and channels. Changing
these settings could prevent the GV STRATUS system from accessing the K2 Summit system.

About groups and users

If your GV STRATUS system is on a domain, all servers and client PCs on that system that have
any interaction with Grass Valley components must be logged on to Windows with a domain user
account. Do not use a local user account.

GV STRATUS licensing and roles are applied to Windows operating system groups and users. Any
groups or users to which you assign GV STRATUS licenses or roles must be available for
authentication on the GV STRATUS server with role of Common Services, which is typically the
GV STRATUS Core server, and on all K2 devices that are part of your GV STRATUS system. This
includes the following devices:

GV STRATUS servers

K2 Summit standalone systems

K2 Summit SAN-attached systems

K2 Media Servers

Groups and/or user accounts are not authorized on the GV STRATUS client PC itself. When you
log on to an application from a client PC, you are authorized against the roles assigned to the accounts
available on the GV STRATUS Core server as follows:

GV STRATUS application — If you are using a domain, the log on accounts are on the domain
server and are managed by the domain so the GV STRATUS Core server must be on the domain.
If you are using a workgroup, the log on accounts must be a part of the workgroup on the GV
STRATUS Core server.

168

GV STRATUS Installation and Service Manual

2013 12 19

Understanding system concepts

This manual is related to the following products:
See also other documents in the category Grass Valley Equipment: