ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TSM security - sharing STK library with other apps

2000-12-21 12:34:03
Subject: Re: TSM security - sharing STK library with other apps
From: "Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU>
Date: Thu, 21 Dec 2000 12:36:37 -0500 
We are using ACSLS-controlled libraries from an AIX TSM server.
We are not currently sharing, but I can give you a bit of information.

One, TSM will only use tapes for which you have run a TSM CHECKIN command.
So you can put a zillion other tapes in the library, and TSM will ignore
them.
The CHECKIN gives TSM permission to use the tape.
When you enter the command Q LIBV libname, TSM will show you a list of the
tapes currently checked in.

I strongly recommend you use different ranges of VOLSERS for different
applications - that will make it easier to get your CHECKINS done right.


TSM also will not use a tape until it has an IBM-standard internal tape
label written on it.
(Something you do with a TSM LABEL LIBV command - yes, it uses tape labels
even in a UNIX environment....)
And every time the tape is mounted, TSM checks the label before doing
anything with it, so the wrong tape can't get used by accident.

Also, when TSM writes on a tape (or it may happen during a CHECKIN, I'm not
sure), it assigns an ACSLS lock value to the tape, which is stored (I
think), in the ACSLS data base.  If you CHECKOUT the tape, TSM removes the
ACSLS lock it put on the tape.  TSM will not use a mount a tape that has in
incorrect lock value.

So TSM has everything in place to insure that it uses ONLY its own tapes,
and doesn't tromp on any others.
So I would think your concern should be whether the sharing application will
honor any of those same protocols...TSM is more likely to be a victim than a
perpetrator!


************************************************************************
Wanda Prather
The Johns Hopkins Applied Physics Lab
443-778-8769
wanda_prather AT jhuapl DOT edu

"Intelligence has much less practical application than you'd think" -
Scott Adams/Dilbert
************************************************************************








> -----Original Message-----
> From: Walker, Lesley R [SMTP:lesley.walker AT EDS DOT COM]
> Sent: Thursday, December 21, 2000 12:49 AM
> To:   ADSM-L AT VM.MARIST DOT EDU
> Subject:      TSM security - sharing STK library with other apps
>
> Does anyone have experience of using an ACSLS-controlled STK library and
> sharing it with other applications?
>
> Our customer is very concerned about the possibility of Application A
> being
> able to read/overwrite tapes belonging to Application B, and the question
> has been asked:
>
> Most (all?) tape management systems have the ability to automatically
> load the entire ACSLS database into their own database and this is where
> the main risk arises.  Does TSM have this ability?
>
> They will be implementing access control, but it's not in place yet.  Can
> I
> assure them that TSM will not be a security risk?
>
> (Version 3.7.3 on Solaris)
>
> --
> Lesley Walker
> Distributed Systems Services, EDS New Zealand
> Lesley.Walker AT nz.eds DOT com
> "Where a calculator on the ENIAC is equipped with
> 18,000 vacuum tubes and weighs 30 tons,
> computers in the future by the year 2000, may have
> only 1,000 vacuum tubes and weigh only 1.5 tons"
>     Popular Mechanics, March 1949
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TSM security - sharing STK library with other apps, Kelly J. Lipp
Next by Date:  Re: your take...., Kelly J. Lipp
Previous by Thread:  Re: TSM security - sharing STK library with other apps, Kelly J. Lipp
Next by Thread:  Re: TSM security - sharing STK library with other apps, Christine Wickham
Indexes:  [Date] [Thread] [Top] [All Lists]