[ Contents
] [ Index ]
Administrator (User) Security Levels and Guidelines SANscape administrative functions require access logins and passwords
to prevent the possibility of one administrator reallocating or removing
storage resources belonging to other clients and hosts without authorization.
You assign separate passwords for the three levels of security for the
SANscape program. You do this by setting up three users on the agents
that have storage devices that are managed by SANscape. The SANscape security levels must have these exact names: ssmon Represents the monitoring level of the software. ssadmin Represents the administration level of the software and provides access
to the Rebuild, Parity Check, and Schedule Parity Check functions, as
well as monitoring. ssconfig Represents the configuration level of the software and gives the installer
direct access to the configuration functions and all other related aspects
of the program. These names are required for the three security levels. After installation,
you must assign a password to each security name.
ssmon, ssadmin, and ssconfig are logins that correspond
only to security levels within SANscape. SANscape can be set up so that monitoring does not require users to type the
ssmon password. This is done by selecting the Auto Discovery
option when the servers are added to the Managed Servers List at
the SANscape Console. You can set up these three logins and passwords
locally on each server. (The accounts can have different passwords on
each server, if desired.)
Once you have set up these three logins on the agents to be managed,
the system administrator the typically provides user access to SANscape
by assigning employees appropriate passwords, which are based on the level
of security required to complete tasks. For example, everyone who has
administration privileges on a particular server would be assigned the
same password that was established for the user ssadmin.
NOTE: To add servers to the Managed Servers List, refer
to Adding a Server.
Global Passwords on Multiple Servers If you have a large network and do not want to set up logins individually,
and it is acceptable to have the same passwords on multiple servers, you
can establish the three logins on a domain server under Windows. As a
result, all other servers within the Windows domain have access to the
three logins with their respective passwords. Creating Windows 2000 and 2003 Users
|