This section describes remote support security for the TS3500 Tape Library through a
system console when using the Tape Library Specialist Web interface.
The TS3500 Tape Library Tape Library Specialist Web interface does not allow any access to
customer data, and it does not allow FTP or TELNET type operations. It only provides those
functions that are specifically coded in the library firmware. The only files it can offload are
library logs, drive logs, a backup of the nonvolatile random access memory (NVRAM)
configuration information for the library, and certain usage and error statistics files. It
cannot be used to read or write a customer cartridge or otherwise access customer data.
The Tape Library Specialist Web interface allows the customer to set up an administrator
password, and no one without the password can use the Tape Library Specialist Web
interface to do anything to the library. The Tape Library Specialist Web interface also
provides several levels of access through roles, and these roles have lower levels of access
than the administrator. In addition, when password protection is enabled, the Tape Library
Specialist Web interface also provides an option to authenticate through the Storage
Authentication Service (SAS). For more information, go to Web security.
Security concerns when using the Tape Library Specialist Web interface are similar to those
of using the operator panel. For example:
• A specialist user could move a cartridge from one location to another within the
library, potentially confusing a host application or making a cartridge unavailable by
moving it to a different partition.
• A user could re-configure the library, possibly causing problems at the hosts because
of changes in partitioning or device IDs.
• A remote user could update library or drive code. However, since the library and
drives ignore any code they do not recognize, the only exposure is to loading down
level code.
These security concerns can be addressed by utilizing the password, user role, and
authentication features provided by the Tape Library Specialist Web interface and also by
enabling SNMP audit logging. When SNMP audit logging is enabled, the library sends
notifications when certain events occur in the library. For more information, refer to SNMP
audit logging.
Parent topic: Remote support security
Security considerations for the IBM TS3500 Tape Library RS/232
Port
This section describes security information for the IBM TS3500 Tape Library RS/232 Port
through the debug/CETool interface.
To Next Page
Loading...
