Skip Navigation Links | |
Exit Print View | |
![]() |
Sun QFS and Sun Storage Archive Manager 5.3 Security Guide Sun QFS and Sun Storage Archive Manager 5.3 Information Library |
1. Sun QFS and Sun Storage Archive Manager Overview
Restrict Network Access to Critical Services
Follow the Principle of Least Privilege
Keep Up To Date on Latest Security Information
2. Secure Installation and Configuration
3. Sun QFS and Sun Storage Archive Manager Security Features
SAM-QFS is a shared file system with a hierarchical storage manager. SAM-QFS consists of the following major components:
Sun QFS package – Includes the high-performance Sun QFS file system that can be configured either standalone or shared. When configured as standalone, Sun QFS is configured on a single system and not with shared clients. Sun QFS uses standard VFS vnode operations to interface with the Oracle Solaris and Linux operating systems.
The Sun QFS installation packages are SUNWqfsr and SUNWqfsu. These packages do not include the hierarchical storage archive manager (SAM) component.
Configuring Sun QFS standalone with no shared clients has the smallest security exposure. This configuration does not run daemons and does not have any remote connections other than Fibre Channel (FC) to disk. Configuring QFS shared includes FC connections to disk and a TCP/IP connection between clients and the metadata server (MDS).
SAM-QFS package – Includes the Sun QFS file system and the code that is required to run SAM.
The SAM-QFS installation packages are SUNWsamfsr and SUNWsamfsu. If SAM is not required, install only the Sun QFS package.
Sun SAM-Remote – Permits access to remote tape libraries and drives by means of TCP/IP wide area network (WAN) connections. Sun SAM-Remote provides a form of disaster recovery by remotely locating tape facilities. You can install Sun SAM-Remote with either the Sun QFS or SAM-QFS packages, but you must enable and configure Sun SAM-Remote separately. For more information about Sun SAM-Remote, see Chapter 18, Using the Sun SAM-Remote Software, in Sun Storage Archive Manager 5.3 Configuration and Administration Guide.
SAM-QFS tools package – Installs tools and man pages in the /opt/SUNWsamfs/tools directory. None of these tools have special privileges, but they all require root access to use. The installation package is SUNWsamtp.
SAM-QFS Manager – The SAM-QFS Manager, fsmgr, runs on the MDS and is accessed remotely through a web browser. Access is granted through port 6789 (https://hostname:6789).
To use fsmgr, you must log in as a valid user on the MDS and add certain roles to the user account. For information about installing and configuring the SAM-QFS Manager, see Chapter 6, Installing and Configuring SAM-QFS Manager, in Sun QFS and Sun Storage Archive Manager 5.3 Installation Guide.