This section gives an overview of StorageTek Tape Analytics (STA) version 2.3 and higher, and explains the general principles of its security.
StorageTek Tape Analytics is an Oracle software product that provides customers with tape business intelligence to efficiently and proactively monitor and manage their data center's tape operations.
STA supports both Enterprise MVS and Open Systems tape customers. The STA solution provides value for low-to-high-end tape market customers.
There are three aspects to STA security: physical, network, and user access.
STA must be installed on a standalone server within an organization's data center. Physical access to the server would be dictated by the Customer company policy.
It is required that STA be added or configured to a Customer internal firewall-protected network. This network needs SSH and SNMP access to libraries for which data will be accessed.
To enable optional log bundle forwarding to StorageTek Service Delivery Platform (SDP), a connection to the SDP host is also required within the Customer internal firewall-protected network.
The following principles are fundamental to using any product securely.
One of the principles of good security practice is to keep all software versions and patches up to date. This document is for STA version 2.3 and higher.
Note:
The libraries and drives must also meet minimum firmware version levels that are connected to the STA application. These firmware levels are specified in the STA Requirements Guide.To enable the best security available, Oracle recommends keeping the OS and all application components (like Weblogic, ADF, Java, and so on) up to date with the latest security patches. Oracle periodically provides security patches for components (like Weblogic, ADF, MySQL and Java) through the Oracle CPU (Critical Patch Update) advisories and other communications.
Because OS security patches are independent of the STA application, Oracle cannot guarantee that all patches will operate correctly with STA—especially patches released after an STA release. Determine the acceptable OS security patch level for your environment. Because of component patch and application interdependencies, Oracle cannot guarantee that all component patches will operate correctly with the STA application. Determine which component patches are needed for your environment and what affects it may have on the STA application.
Newer STA versions and STA specific patches may also be available. Check with Oracle service on the availability of a newer version of STA or an STA specific patch. Newer STA versions will contain more up to date security patches.
WARNING:
Oracle strongly recommends using only trusted sites. Validate the source of all software downloads and patches to ensure that they do not contain any security vulnerabilities like malware, viruses, worms, and so on.
It is recommended the STA host server is kept behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the library and blocking all other hosts is recommended where possible. STA is not designed to be directly accessible from a public (Internet) network.