This chapter describes the general security principles for the SL4000 tape library. For an overview of the product, see the SL4000 Library Guide.
Oracle designs and documents all tape library products for use within a controlled server environment with no general network or user access. Network access is required between the library and various other servers and workstations, including:
Workstations used to access the library through the GUI or SCI interfaces
Servers running applications that use the SCI interface, such as an ACSLS server or a custom application that uses SCI
SMTP servers for sending e-mail notifications
SNMP servers
SDP2 server for "phone-home" (ASR) functionality
Oracle Key Manager (OKM) clusters for delivering encryption keys to tape drives
User access to the library requires credentials (id and password) to be created on the library and to be used when connecting to the library.
The following principles are fundamental to using any product securely.
Keep all software versions and patches up to date. This document assumes a software level of version 1.0.
Keep the library behind a data center firewall to restricted access to a known network route, which can be monitored and restricted if necessary. As an alternative, you can substitute a firewall router for multiple, independent firewalls. You should identify the hosts allowed to attach to the library and block all other hosts where possible.