Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Overview: HP-UX 11i Version 3 > Chapter 4 System Administration Tools

Data Protection Tools

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

Security of servers, networks, and data has never been more important than it is today. HP-UX has many tools for securing your servers and data.

For most HP-UX users, securing your servers and data from unauthorized access ranges from important to critical. Unauthorized access (whether malicious or accidental) is only one of many threats to the integrity and security of your data. Others include:

  • Accidental destruction or removal of data by poorly behaving software

  • Accidental destruction or removal of data by authorized users

  • Storage device failures

  • Other hardware failures that corrupt data

  • Other hardware failures that prevent access to data

  • Physical plant and equipment destruction (for example from fires, floods, and earthquakes)

There are HP-UX based tools to protect your data from all of these potential threats.

Protecting Against Unauthorized Access to Your Servers and Data

HP-UX can be configured to run in either of two modes:

Standard Mode

Offers traditional security features found in UNIX systems (accounts, groups, file access privileges, and so on). Passwords are stored (encrypted) in the /etc/passwd file.

In addition to the traditional security features mentioned previous, HP-UX running in standard mode has an extended set of security features (for example HP-UX Shadow Passwords) that significantly increase the security of your system without having to convert it to Trusted Mode. These additional features are fully explained in the HP-UX 11i Security Containment Administrator’s Guide. Additional security information is located in the HP-UX System Administrator’s Guide: Security Management document.

Trusted Mode

Offers a complete C2-level set of security features. Passwords are not stored in the /etc/passwd file, but are instead stored in /tcb/files for additional security.

Protecting Against Data Loss

The best way to protect your data against loss is to have another copy of the data somewhere when the primary copy is lost. There are many technologies that will help you make those extra copies. These include:

Backups

There are many ways in HP-UX to backup your data:

  • You can backup your data to tapes, optical media, or disk archive files on alternate devices. Some utilities that will allow you to do this include:

    • HP OpenView Storage Data Protector Software, part of the HP OpenView Suite of products, automates high performance backup and recovery, from disk or tape, over unlimited distances, to ensure 24x7 business continuity and maximize IT resource utilization. For complete details on the HP OpenView Suite, see http://openview.hp.com.

    • The pax command extracts, writes, and lists archive files and copies files and directory hierarchies. A more contemporary utility, pax performs basically the same functions as the older (still available) utilities cpio and tar. For details about pax, see pax(1).

    • tar (called the “tape archiver”) is equally adept at writing to disk archive files or optical media as it is at writing to magnetic tape media. For details about tar, see tar(1).

    • cpio (copy in/out)

    • vxdump copies to magnetic tape all files in a VxFS file system that have been changed after a certain date. See vxdump(1M)

  • You can copy important files to another system using ftp, rcp, or (for secure copies) sftp.

  • To protect the copies from being destroyed if physical damage or theft occurs at the site of the primary data, be sure to keep at least one copy of critical data at an alternate location. Don’t forget to physically protect tapes that contain unencrypted data. HP Openview Security Data Protector can encrypt backups.

Disk Mirroring

Disk mirroring writes multiple copies of data to separate (physical or logical) devices simultaneously.

If you are using LVM (HP’s Logical Volume Manager), you will need to install the optional product, MirrorDisk/UX to use disk mirroring. MirrorDisk/UX supports up to three copies of data if you are using LVM with Version 1 volume groups, and up to six copies of data if you are using LVM with Version 2 volume groups.

If you are using the VERITAS Volume Manager, the ability to mirror your root volume group is built in to the base product. By licensing the full version of the VERITAS Volume Manager, you gain the ability to mirror all your volume groups, up to 32 copies of the data.

RAIDs and Surestore Disk Arrays

Data redundancy can also be accomplished at the hardware level. RAIDs (redundant arrays of inexpensive disks) and HP Surestore Disk Arrays have the capability to make multiple copies of data written to them, and some even have multiple controllers for redundancy of access should a controller fail.

NOTE: RAID levels that include parity disks are able to reconstruct lost data on the fly until a failed disk is repaired or replaced. This is almost as good as multiple copies of the data, however for exceptionally important data, be exceptionally safe by having a copy of the data.

Protecting Against Hardware Failure

Depending on the specific hardware you have (server types, storage devices, and so on), HP-UX 11i version 3 offers numerous ways of protecting your computing operations against hardware failure. Here are some key features to consider:

Serviceguard

For mission critical installations, Serviceguard takes redundancy an extra step by having multiple servers connected to external disks or arrays. If one server fails, Serviceguard can switch to a stand-by server capable of carrying on the functions of the failed server while the original is repaired.

Persistent Device Special Files

HP-UX 11i version 3 introduces a new type of device special file called a persistent device special file. Unlike legacy device special files[10] that address devices by the hardware path to them, persistent device special files use unique identifiers built into (or associated with) supported devices to address them. This means that multiple hardware paths can be used to address the same device, preventing single points of failure in interface cards/slots.

Online Addition and Replacement

Online Addition, Replacement, and Deletion (OL*) is an HP-UX feature that allows for the addition, replacement, and deletion of PCI / PCI-X cards (adapters) while a system is running (without requiring a reboot).

This feature enhances overall high-availability since the system can remain active while an I/O adapter is being added or replaced. When combined with other high-availability products, such as Serviceguard, system availability is significantly improved.

Failed devices that support PCI OL*, if not critical to your operation, can be replaced or removed.

Online Replacement suspends the driver instance associated with the failed card and powers down the slot so the card can be replaced with a new one of the same type. Then power can be restored to the slot and new card, and the driver resumed.

Online Deletion removes from the running kernel the driver instance associated with the failed card and powers down the slot so the card can be removed. You can then (optionally) install a new card of the same or different type using Online Addition.

NOTE: If the driver is not a core driver (one that is always present in the kernel), you will need to install a driver when adding in the new card, even if it is the same type as the one that was deleted.

If the driver is a core driver, a new instance of the driver will be created when you add back the new card of the same type.



[10] Legacy device special files are still supported in HP-UX 11i version 3 and can be used in conjunction with persistent device special files.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.