Secure virtual servers

Server and Cluster Administration Guide for Hitachi NAS Platform

Part Number

A secure virtual server is a file serving EVS that has a specifically defined security configuration (called an individual security context). When no individual security context is specified for an EVS, it uses the global (server or cluster-wide) security configuration settings (the global security context). By defining an individual security context for a particular EVS, you create a secure virtual server (secure EVS).

Note: Secure virtual servers are a licensed feature, identified as EVS Security. Without an EVS Security license, all EVSs use the global security settings (context).
  • When no individual security context is defined for an EVS, the global security settings (the global context) are used by default.

    When an individual security context is added to an EVS, the new individual security context is created using the same settings as are used by the global security context. After adding the individual security context, you can then change settings to make the individual security context settings different than the global settings.

  • When using an individual security context, the EVS security context can be configured independently of the global (server or cluster-wide) security settings.

When present, individual security context settings override the global security context settings, allowing a storage server (or cluster) to be shared by multiple groups (departments, customers, or organizations), while maintaining strong security so that no group has access to another group’s data.

For example, if a server/cluster has six EVSs, you could define individual security contexts for two of the EVSs, turning them into secure EVSs. Each secure EVS could then be associated with an NT domain that is different than the one used by the cluster, meaning that each of those secure EVSs could be assigned to its own domain. For network clients, access to the file systems in the secure EVSs can then be restricted or allowed as desired using standard network security policies such as user name or user group membership.