This guide explores, reviews, and highlights the security considerations necessary to create a secure storage system and a team-wide understanding of your specific security goals. We recommend that you read this guide before you configure your appliance so you can take advantage of the available security features and create the levels of security that you need.
You can also use this guide as a reference to find more detailed information about security considerations of the various features and capabilities of the Oracle ZFS Storage Appliance (ZFSSA). For appliance configuration procedures, see the Oracle ZFS Storage System Administration Guide.
The following sections provide a description of the ZFSSA security features:
Initial installation - Describes how to set up administrative access, how the root account is established, and the effects of a ZFSSA factory reset.
Physical Security - Describes the physical security environment for the ZFSSA.
Administrative Model - Describes restricting access to the CLI and BUI, the system patching model, deferred updates, support bundles, and configuration backup.
ZFSSA Users - Describes administrative roles, who can administer the ZFSSA, and managing user authorizations.
Access Control Lists (ACL) - Describes the mechanism that allows or denies access to files and directories.
Storage Area Network (SAN) - Describes logical unit numbers (LUNs) and the associated initiator groups, as well as initiator authentication options and defaults.
Data Services - Describes the data services supported by the ZFSSA and the security offered by the different data services.
Directory Services - Describes the directory services that can be configured on the ZFSSA and their security ramifications.
System Settings - Describes system settings; Phone Home, Service Tags, SMTP, SNMP, Syslog, System Identity, Disk Scrubbing, and Preventing Destruction.
Remote Administrative Access - Describes remote access via the BUI and CLI. · Logs - Describes the log types pertinent to security.