The following sections describe the available system security settings.
The Phone Home service is used to manage the Oracle ZFS Storage Appliance registration, as well as the Phone Home remote support service. No user data or metadata is transmitted in these messages.
Registration connects your Oracle ZFS Storage Appliance with Oracle's inventory portal, through which you can manage your Oracle equipment. Registration is a prerequisite for using the Phone Home service.
The Phone Home service communicates with Oracle support to provide:
Fault Reporting - The system reports active problems to Oracle for automated service response. Depending on the nature of the fault, a support case may be opened.
Heartbeats - Daily heartbeat messages are sent to Oracle to indicate that the system is up and running. Oracle support may notify the technical contact for an account when one of the activated systems fails to send a heartbeat for too long.
System Configuration - Periodic messages are sent to Oracle describing current software and hardware versions and configuration, as well as storage configuration.
Service Tags are used to facilitate product inventory and support by allowing the Oracle ZFS Storage Appliance to be queried for such data as:
System serial number
System type
Software version numbers
You can register the Service Tags with Oracle support, allowing you to easily keep track of your Oracle equipment and to expedite service calls. The Service Tags are enabled by default.
The Kerberos service offers authentication for appliance administrative login, and access to such services as NFS, HTTP, FTP, SFTP, and SSH when used in conjunction with a Kerberos environment. An appliance user must have a Kerberos principal by the same name to use Kerberos authentication for these services. Kerberos can also be used to set security for individual shares that use the NFS protocol as described in NFS Authentication and Encryption Options.
Both Kerberos and Active Directory can be enabled at the same time because they have distinct realms and keys. When both are active, the Kerberos realm is the default. When only Active Directory is active, its realm is the default.
The Simple Mail Transport Protocol (SMTP) sends all mail generated by the Oracle ZFS Storage Appliance, typically in response to configured alerts. SMTP does not accept external mail; it only sends mail generated automatically by the appliance itself.
By default, the SMTP service uses DNS (MX records) to determine where to send mail. If DNS is not configured for the appliance's domain, or if the destination domain for outgoing mail does not have DNS MX records set up properly, the appliance can be configured to forward all mail through an outgoing mail server.
The Simple Network Management Protocol (SNMP) provides two functions on the Oracle ZFS Storage Appliance: appliance status information can be served by SNMP, and alerts can be configured to send SNMP traps. SNMP versions v1, v2c, and v3 are available when this service is enabled. The appliance supports a maximum of 128 physical and logical network interfaces.
A syslog message is a small event message transmitted from the Oracle ZFS Storage Appliance to one or more remote systems. Syslog provides two appliance functions:
Alerts can be configured to send syslog messages to one or more remote systems.
Services on the appliance that are syslog-capable can have their syslog messages forwarded to remote systems.
The syslog can be configured to use the classic output format described by RFC 3164, or the newer, versioned output format described by RFC 5424. Syslog messages are transmitted as UDP datagrams. Therefore, they are subject to being dropped by the network, or may not be sent at all if the sending system is low on memory or the network is sufficiently congested. Administrators should therefore assume that in complex failure scenarios in a network some messages may be missing and were dropped.
The message contains the following elements:
A facility describing the type of system component that emitted the message
A severity describing the severity of the condition associated with the message
A timestamp describing the time of the associated event in UTC
A hostname describing the canonical name of the appliance
A tag describing the name of the system component that emitted the message
A message describing the event itself
This service provides configuration for the system name and location. The system name and location may need to be changed if the Oracle ZFS Storage Appliance is moved to a different network location or is repurposed.
Disk scrubbing should be performed on a regular basis to allow the Oracle ZFS Storage Appliance to detect and correct damaged data on the disk. Disk scrubbing is a background process that reads disks during idle periods to detect irremediable read errors in infrequently accessed sectors. Timely detection of such latent sector errors is important to reduce data loss.
When the Prevent Destruction feature is enabled, the share or project cannot be destroyed. This includes destroying a share through dependent clones, destroying a share within a project, or destroying a replication package. However, it does not affect shares destroyed through replication updates. If a share is destroyed on an Oracle ZFS Storage Appliance that is the source for replication, the corresponding share on the target will be destroyed, even if this property is set.
To destroy the share, the property must first be explicitly turned off as a separate step. This property is off by default.