HPE Community
HPE EVA Storage
1752278 Members
4623 Online
108786 Solutions
New Discussion юеВ

Re: ACU Security?

 
Wichard
Occasional Contributor

тАО07-19-2007 06:59 AM

тАО07-19-2007 06:59 AM

ACU Security?

Hello,

We have couple MSA1000s that we share out to clients that need additional space. By default we remove the ACU from their login profile but it does not prevent them from going to our profile (they are local admins of their server) or reinstall the ACU. I was thinking of just uninstalling the utility but it does not prevent them from installing and accessing the SAN. Is there a good way to prevent access to the SAN so they can not view or make any changes? I am surprised there is no sort of login to prevent unauthorized changes.
0 Kudos
Reply
3 REPLIES 3
Ranjith M
Advisor

тАО07-25-2007 09:31 PM

тАО07-25-2007 09:31 PM

Re: ACU Security?

Hello Wichard,

I guess you have to prevent the users to access SAN, rt? You can disable the ports thats not required for your setup.
For additional security change the password by login to switch as well.

Regards,

Ranjith
0 Kudos
Reply
pymsh
Frequent Advisor

тАО01-17-2009 08:59 PM

тАО01-17-2009 08:59 PM

Re: ACU Security?

Hi
I have the same problem.
I want to prevent access to MSA1500cs via ACU,
but ACU does not have any Login to prevent unauthorized access.
Any Help?
0 Kudos
Reply
prxhi
Advisor

тАО03-22-2010 07:57 PM

тАО03-22-2010 07:57 PM

Re: ACU Security?

Sorry to revive such an old thread but I just wanted to post my solution to this problem.

I've used ACLs to permit access to specific LUNS but I still needed a way to restrict the viewing of all my physical arrays via the HP ACU. My customers were local admins of the box and would have the ability to see all physical arrays via the ACU on my MSA regardless of using ACLs or SSP.

It seems to me the fix would be to uninstall the ACU or to use Windows software restriction policies.

I opted to deny access to the HP ACU executable via hash rules under my Windows 2008 server local group plicies and it worked great.

This obviously isn't a perfect solution because the hash rule only works for the installed version of the ACU. If the customer were to un-install/re-install with a older/newer version of the ACU, the policy would no longer work.

I guess taking it a step further would require a policy that would prevent the un-installation of the ACU for a specific local admin user.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.