Resource groups for Copy Services scope limiting
Resource groups are used to dene a collection of resources and associate a set of policies relative to
how the resources are congured and managed. You can dene a network user account so that it has
authority to manage a specic set of resources groups.
Copy Services scope limiting overview
Copy services scope limiting is the ability to specify policy-based limitations on Copy Services requests.
With the combination of policy-based limitations and other inherent volume-addressing limitations, you
can control which volumes can be in a Copy Services relationship, which network users or host LPARs
issue Copy Services requests on which resources, and other Copy Services operations.
Use these capabilities to separate and protect volumes in a Copy Services relationship from each other.
This can assist you with multitenancy support by assigning specic resources to specic tenants, limiting
Copy Services relationships so that they exist only between resources within each tenant's scope of
resources, and limiting a tenant's Copy Services operators to an "operator only" role.
When managing a single-tenant installation, the partitioning capability of resource groups can be used to
isolate various subsets of an environment as if they were separate tenants. For example, to separate
mainframes from distributed system servers, Windows from UNIX, or accounting departments from
telemarketing.
Using resource groups to limit Copy Service operations
Figure 5 on page 51 illustrates one possible implementation of an exemplary environment that uses
resource groups to limit Copy Services operations. Two tenants (Client A and Client B) are illustrated that
are concurrently operating on shared hosts and storage systems.
Each tenant has its own assigned LPARs on these hosts and its own assigned volumes on the storage
systems. For example, a user cannot copy a Client A volume to a Client B volume.
Resource groups are congured to ensure that one tenant cannot cause any Copy Services relationships
to be initiated between its volumes and the volumes of another tenant. These controls must be set by an
administrator as part of the conguration of the user accounts or access-settings for the storage system.
Figure 5. Implementation of multiple-client volume administration
Resource groups functions provide additional policy-based limitations to users or the DS8000 storage
systems, which in conjunction with the inherent volume addressing limitations support secure partitioning
of Copy Services resources between user-dened partitions. The process of specifying the appropriate
limitations is completed by an administrator using resource groups functions.
Note: User and administrator roles for resource groups are the same user and administrator roles used
for accessing your DS8000 storage system. For example, those roles include storage administrator, Copy
Services operator, and physical operator.
The process of planning and designing the use of resource groups for Copy Services scope limiting can be
complex. For more information on the rules and policies that must be considered in implementing
Chapter 3. Data management features
51
To Next Page
Loading...
Need help?
General