How storage mirroring security works, Chapter 20 server settings -1 – HP Storage Mirroring V5.1 Software User Manual
Page 202
22 - 2
How Storage Mirroring security works
1.
When any Storage Mirroring client machine attempts to access a source or target machine
running on Windows, it will attempt to automatically logon to the source or target using the
three methods below.
The security credentials of the user currently logged into the Storage Mirroring client machine
are sent to the Storage Mirroring source or target machine. From the security credentials, the
source or target machine determines if the user is a member of either of the Storage Mirroring
security groups and if so, grants the appropriate level of access.
The last valid set of credentials (credentials previously granting either Administrator or
Monitor level access) used to access each machine is recorded in the registry of the client
machine. If the logon attempt using the credentials of the user currently logged in fails, a set
of credentials is retrieved from the registry and is sent to the Storage Mirroring source or
target. The Storage Mirroring source or target checks the validity of the credentials and
determines if the user is a member of one of the Storage Mirroring security groups and then
grants the appropriate level of access.
Each valid set of credentials (credentials previously granting either Administrator or Monitor
level access) used by the Storage Mirroring client application is recorded in a memory-resident
credentials buffer maintained by the Storage Mirroring client application. If the logon attempts
using the credentials of the user currently logged in or those credentials stored in the registry
fails, a set of credentials is retrieved from the Storage Mirroring client application’s credentials
buffer and is sent to the source or target. This process is repeated until a valid set of
credentials is found or the credentials buffer is exhausted.
2.
The Storage Mirroring client tries each of these three methods until a set of credentials granting
Administrator access is found. If no credentials granting Administrator access are found, the
Storage Mirroring client attempts to find a set of credentials granting Monitor access. If no
credentials grant Monitor access, the user must manually logon to the Storage Mirroring source
or target by providing a user name, password, and domain.
NOTE:
You can disable the feature that maintains the security credentials in the registry
by following the instructions in the next section.
NOTE:
The credentials buffer is cleared each time the Storage Mirroring client application
is closed.
NOTE:
If a user name exists both on the local machine and on the network, Windows first
attempts to login to the machine with the local user name and password and ignores
the domain. If this fails, it then tries to login with the network user name, password
and domain.