1 Overview

This section gives an overview of StorageTek Tape Analytics (STA) version 2.0 and explains the general principles of its security.

Product Overview

StorageTek Tape Analytics is an Oracle software product that provides customers with tape business intelligence to efficiently and proactively monitor and manage their data center's tape operations.

STA supports both Enterprise MVS and Open Systems tape customers. The STA solution provides value for low-to-high-end tape market customers.

Security

There are three aspects to STA security: physical, network, and user access.

Physical

STA needs to be installed on a standalone server within an organization's data center. Physical access to the server would be dictated by the Customer company policy.

Network

It is required that STA be added or configured to a Customer internal firewall protected network. This network needs SSH and SNMP access to libraries for which data will be accessed.

User Access

The STA Application access is controlled by username and password authentication. Usernames and passwords are setup during initial installation by the customer. Passwords must meet Oracle standard requirements.

General Security Principles

The following principles are fundamental to using any product securely.

Keep Software Up To Date

One of the principles of good security practice is to keep all software versions and patches up to date. This document is for the software level of:

STA Release 2.0

Note: The libraries and drives must also meet minimum firmware version levels that are connected to the STA application. These firmware levels are specified in the STA Planning and Installation Guide.

To enable the best security available, Oracle recommends keeping OS up-to-date with the latest security patches. However, because OS security patches are independent of the STA application, Oracle cannot guarantee that all patches will operate correctly with STA — especially patches released after an STA release. You will need to determine the acceptable OS security patch level for your environment.

Restrict Network Access

It is recommended the STA host server is kept behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the library and blocking all other hosts is recommended where possible.

Keep Up To Date on Latest Security Information

Oracle continually improves its software and documentation. For every STA release review this document for revisions. Specific security concerns may also be addressed in release notes as well.