Guidelines for Securing the Configuration

Follow these guidelines to keep the security configuration secure:

• The initial security configuration should be generated on a host that is not intended for KVStore operational use, using the securityconfig create config command.

• Storage Nodes should be deployed by running makebootconfig with the -store-security enable argument. The configured security directory from the reference host should be copied to the new Storage Node KVROOT using a secure copy mechanism prior to starting the store.

• The security configuration should be kept in a protected location for future use.

• Updates to the security configuration should be performed on the configuration host and copied to the operational Storage Node hosts using a secure copy mechanism.

• After the first user is configured but before allowing applications to use the store, you may wish to restart all SNA processes on hosts running Admin processes and then use the Admin CLI show users command to ensure that there is only the single user definition that is expected. This step validates that no other user creation occurred during the period when administrative login was not required.