Around the Storage Block
cancel
Showing results for 
Search instead for 
Did you mean: 

Rely on HPE 3PAR File Data Access Security

StorageExpert

 

HPE 3PAR file data access balances the resource access and system security needs of your organization by preventing unauthorized access to information which can compromise your organization’s security and stability. 

3PAR File Data Access_blog.jpgYou, like every user, have a specific role and purpose in your organization. To accomplish your goals, you must be able to access certain resources and perform specific tasks. However, allowing every user unlimited access to system and network resources and functionality can compromise your organization’s security and stability.

Authentication and authorization are essential components of home directories consolidation, corporate/group shares, content management and collaboration in the data center.

As a user, when you try to access your home directory over the network, you need to be identified as yourself with your associated credentials. The process of identifying an individual usually based on a username and password is called authentication. In order to identify users who may or may not be allowed to access data, it is imperative to implement strong authentication for the relevant file access protocol such that a user's real identity can be determined. Strong authentication means that the identity of a user is determined via authentication at the point of access of the user to the network and is done with reference to an authoritative authentication service.

HPE 3PAR File Persona for strong authentication

HPE 3PAR File Persona software supports strong authentication like Active Directory, LDAP and local database for users and groups. It supports Kerberos, NTLMv2 and NTLM for Active Directory authentication (for SMB).

Authorization is a process used to verify what effective permissions a user has on files and folders. For shared folder access, after the user is authenticated, there are two levels of authorization to first check the access through the share permissions, then next level is the file or folder level ACLs to get the effective permissions for that file or directory.

HPE 3PAR File Persona authorization is done in two levels: share permissions and file system permissions. SMB users are granted access based on the advanced access rights allowed through NTFS ACLs permissions set on files and directories. NFS users are granted access based on the POSIX or NFSv4 ACLs set on file or directories. The user’s name or UID and all group memberships/GIDs are evaluated in determining access to files and directories

File servers being a shared work space are vulnerable to security breach and unauthorized accesses by rogue elements within and outside organization. Considering the fact that a number of users connect to and disconnect from file servers at any given time depending on their requirement, security of file servers is of paramount importance for administrators. File access auditing ensures safe and secure file server environment and is absolutely critical requirement for your organization that helps you to secure your business critical data achieved through HPE 3PAR File Access Auditing Framework. For more information, you can refer to my blog on HPE 3PAR File Access Auditing Framework for a Safe, Secure File Server Environment.

How HPE 3PAR File Persona supports SMB Signing

SMB signing is a security mechanism in the SMB protocol and is also known as security signatures. With this feature, communications over SMB protocol can be digitally signed at the packet level. Digitally signing the packets enables the recipient of the packets to confirm their point of origination and their authenticity. This security mechanism in the SMB protocol helps avoid issues like tampering of packets thus preventing so-called ““man-in-the-middle” attacks. HPE 3PAR File Persona supports SMB Signing to secure SMB communications between client and server, by enabling “SMB Signing required” option to accept only digitally signed communications.

Many NAS customers want multi-protocol access for common data on the storage controller allowing simultaneous read/write access ensuring data integrity. HPE 3PAR File Persona enables the support for cross-protocols locking allowing customers to access the same data from more than one protocol with simultaneous read/write access ensuring NFS clients can access the files opened by SMB clients through share mode locks.

To enable this, File Persona offers to choose from two different security modes for File Stores at the time of creation:

  • NTFS—for near native experience for Windows clients while allowing for simultaneous read/write access for both Windows and POSIX clients using share mode locks
  • Legacy—One protocol with read/write while other protocols have read-only access which offers backward compatibility with File Persona versions running on HPE 3PAR OS 3.3.1 or earlier

In addition to validating users’ identity, securing client-server communications, authorizing their access to file data, HPE 3PAR File Persona supports Access-based Enumeration (ABE) that enables administrators to simplify the display of large directory structures for the benefit of users who do not need access to the full range of content. End users see only the files and folders that they have been given access to, rather than looking through a busy folder structure with hundreds of users folders in it, more importantly reduce the temptation for attacks

Protecting critical data from accidental deletion or malicious alteration is a key requirement for most organizations today. File Lock on HPE 3PAR StoreServ with File Persona enables you to make the content of files immutable via WORM (Write Once, Read Many) and prevents the deletion of files via customizable retention and hold policies, both automatically and/or by ad hoc action. This new capability allows you to expand the use of your HPE 3PAR StoreServ flash storage to include production workload adjacent data preservation for an even greater return on your investment. For more information check out this blog: New File Lock Feature for HPE 3PAR StoreServ for Production Workload Adjacent Data Preservation

HPE 3PAR file data access balances the resource access and system security needs of your organization by preventing unauthorized access to information which can compromise your organization’s security and stability.

Get more information right away

If you don't want to wait to learn more, check-out these resources about some of the technologies mentioned.  

 

Vivek Pamadi HPE Storage.jpeg

 Meet Around the Storage Block blogger Vivek Pamadi, Senior Product Manager, HPE Storage.

 

0 Kudos
About the Author

StorageExpert

Our team of Hewlett Packard Enterprise storage experts helps you to dive deep into relevant infrastructure topics.

Labels
Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all