There are a number of security measures available in Dynamic File Services, such as user access via the primary path and enforcement of user access there.
Consider the authentication requirements in this section for setting up and managing Novell Dynamic File Services.
In Active Directory domains, the installation must be done by a domain user that has local Administrator privileges and Active Directory Administrator rights. This allows the setup of the Dynamic File Services Storage Rights domain group and the NDFS-servername domain user. For information, see Section 4.4, Active Directory Domain Configuration for Remote Shares.
The domain user is automatically removed if you uninstall the Service component. The domain group is also removed if the domain user is the last member of the group.
In order to modify the configuration settings for the Dynamic File Service or to stop and start the Service, you must be logged in to the server desktop as the Administrator user or as a user with Administrator privileges. It does not matter if the user is a member of the Dynamic File Services group.
To connect to a Dynamic File Services server from the Management Console or when issuing pair, policy, and schedule commands at the command line, you must provide the login credentials (user name and password) of a user that is a member of the Dynamic File Services group on the target server, or as the Administrator user account of that server. Users with Administrator privileges (not the Administrator user account) must be added to the Dynamic File Services group. You can add the Administrator user account as a member of the group.
The DynamicFS administrator user identity can be validated in Workgroup and Active Directory Domain environments.
In an Active Directory environment, Dynamic File Services supports the use of remote shares as the secondary location in a pair. The remote share must be published in Active Directory. In addition, you must allow the default setup of the Dynamic File Services Storage Rights domain group and the NDFS-servername domain user, or manually set up an equivalent secure domain configuration. For information, see Section 4.4, Active Directory Domain Configuration for Remote Shares.
Dynamic File Services supports the use of cloud storage as the secondary location in a retention pair. The cloud account must be configured and available to the retention pair whenever actions are performed that involve the secondary path, such as the initial setup of the pair, policy moves, manual moves, and retention reviews.
The authentication credentials that are required by the cloud provider are stored securely by Dynamic File Services so that the software can access the files stored in the cloud on your behalf. For information about the supported cloud providers and the credentials required, see Section 4.11, Using Cloud Storage as the Secondary Path in a Retention Pair.
The Repair Tool GUI and Pair Check utility require that you be logged in as the Administrator user or as a user with Administrator privileges. If remote shares are used in pairs, the administrator user must also have access rights on the remote share and file system permissions on the secondary storage location. Otherwise, the secondary location is reported as missing. One way to assign the necessary rights is to add the administrator user as a member of the Dynamic File Services Storage Rights group.
In order to see the merged view of the two storage locations, users access the Dynamic File Services pair through a Windows network share that you set up on the primary location. Access to data is governed by file system access rights that are set by an administrator while viewing the merged view of the data.
Users should not access data stored in the pair via the secondary location, so you must not allow users to access the secondary location directly or via a network share. Network shares on, above, or below the secondary path should be removed, or they must be restricted from access by users.
In a Windows cluster, use cluster-managed network shares instead of server-based network shares.
Retention reviewers have rights to read all files on the secondary path. For example, assume that a file on server A is moved to server B by a policy run on the retention pair. The reviewer can view the file at server B during a Retention Review, even if that individual never had rights to access the file on server A.
The Dynamic File Services remote connection feature supports server-side SSL certificates. You can use a self-signed certificate (the default) or a signed certificate from a certification authority.
By default, remote communications between the Management Console running on a client and the Dynamic File Service running on a server are secured by using the SSL protocol. During the installation, DynamicFS creates and configures a self-signed certificate (servername‑DynamicFileServicesSSLCertificate) for SSL communications to use. The DynamicFS SSL connection uses standard RSA SHA1 encryption with a 2048-bit key size. It binds the SSL connection to the configured Dynamic File Service port (default 8999).
You can also generate a new self-signed certificate after the install by using the option in the Dynamic File Service Controller. For information, see Section 6.8.4, Creating a Dynamic File Services Self-Signed Certificate.
Signed SSL certificates that you acquire through a certification authority are also supported. Use this option if your enterprise security policy requires this level of security. You can set up a signed certificate by using the option in the Dynamic File Service Controller after the install. For information, see Section 6.8.5, Configuring a Signed Certificate for Dynamic File Services.
When you install DynamicFS on a cluster node, a self-signed SSL certificate is created for the Dynamic File Service on that node. You do not associate the SSL certificate with the Dynamic File Service cluster resource because each node of the cluster has a different self-signed SSL certificate.
When the Management Console connects to a Dynamic File Service cluster resource for remote management, DynamicFS uses the SSL certificate that is configured on the active node in the cluster. You are prompted to accept the certificate for the active server if it has not been previously accepted.
The first time that an authorized administrator connects to a target DynamicFS server from the Management Console, the user is prompted to accept the DynamicFS SSL certificate for the target server. If the server is in a Windows cluster, the user is prompted the first time that a connection is made to each node in the cluster.
The accepted certificate is added to the user’s personal local computer certificates on the management computer.
Each user that manages DynamicFS on a target server is prompted to accept the certificate when connecting for the first time to the server.
During the install, Dynamic File Services provides an option to modify the port to use for remote management of the Dynamic File Service. By default, DynamicFS uses port 8999. This port can be modified during or after the install. For information, see Section 6.10, Configuring Ports for the Service and Retention Review.
During the install, Dynamic File Services provides an option to enable an exception in the server firewall for the configured Dynamic File Service port (default 8999). The firewall exception is enabled by default. Disabling the firewall exception effectively disables the remote management capability for the Dynamic File Service. You can also enable and disable the firewall exception after the install. For information, see Section 6.9, Configuring Firewall Access for the Service Port.
When the option is enabled, DynamicFS automatically configures an exception for the configured Dynamic File Service port (default 8999) in the Windows Firewall. By default, the scope of the exception is set as . You can modify this manually by using the Windows Firewall dialog box. Other scope options can be found by going to the > page, double-clicking the exception to edit it, then selecting . The alternative manual settings are and .
During the install, a new administrator user group called Dynamic File Services is created on computers where you install Service component, or in Active Directory in a Domain. The user name you use to log in to the server when you install the software is automatically assigned as a member of the group. Other members can be added after the installation. Only members of the Dynamic File Services group and the Administrator user account on the machine are allowed to manage DynamicFS. In an Active Directory Domain, Domain Admins can also manage DynamicFS for the server. For information, see Section 4.2, Management Groups.
In a Workgroup, if you use Dynamic File Services in a Windows cluster, ensure that you assign the same users in the Dynamic File Services group on each node so they can log in on whatever node is active.
Logins to the Dynamic File Service are authenticated by using Kerberos in a Windows domain, or by using NTLM (NT LAN Manager) if a Windows domain is not present.
During the install, a group called Dynamic File Services Retention Review is created on computers where you install Service component, or in Active Directory in a Domain. Initially, there are no members assigned to the group. Members of the Dynamic File Services Retention Review group are allowed to perform reviews of data in the retention repository of all retention pairs. For information, see Section 4.2, Management Groups.
In a Workgroup, if you use Dynamic File Services in a Windows cluster, ensure that you assign the same users in the Dynamic File Services Retention Review group on each node so they can log in on whatever node is active.
Logins to the Dynamic File Service are authenticated by using Kerberos in a Windows domain, or by using NTLM (NT LAN Manager) if a Windows domain is not present.
You can assign individual users and groups to be reviewers of a given retention pair. Use the tab on the pair’s Properties page. It is not necessary for the reviewers assigned to a pair to also be members of the Dynamic File Services Retention Review group. The Dynamic File Services Retention Review group is assigned to the Reviewers list by default when you create the retention pair. You can remove the group from the list in order to restrict access to a few specific users and groups.
Windows User Account Control is available on some Windows platforms. If it is enabled, Windows User Account Control typically prompts you for permission to run an application when the application starts. If you are prompted for an administrator password or confirmation, specify the user name and password of the Administrator user or a user with Administrator privileges.
You can run the Management Console on the same server where you are configuring pairs, or from a different Windows server or workstation. If you use a different computer to manage pairs, you must have an IP-based network connection set up between the two computers.
DynamicFS supports connections for IP addresses that use the IPv4 format. It also supports the use of DNS (Domain Name Service) names.
You must publish a remote share in Active Directory in order to use it as the secondary location in a pair. For requirements, see Section 4.9, Using Remote Shares in an Active Directory Domain. For setup information, see Section 8.3, Preparing Remote Shares for Use in a Pair.
Auditing of the management of the Dynamic File Service, pairs, and policies is integrated with DynamicFS and is provided as a basic benefit. The following files are used for auditing:
Table 15-1 Auditing Log File and Logging Control File
|
File |
Description |
|---|---|
|
C:\ProgramData\Dynamic File Services\audit\DswAuditLog.xml |
Logs the management events for the Dynamic File Service, pairs, and policies |
|
AuditAndNotificationControl.xml in the C:\Program Files\Dynamic File Services\ folder, or in the folder where you installed the software. |
Controls the logging behavior for the audit log |
All Dynamic File Services management actions are audited, including authorized and non-authorized management actions. All authentication and authorization events for DynamicFS are also audited. No sensitive information is placed in the audit log.
DynamicFS uses Microsoft Event Viewer for logging the Dynamic File Service start/stop events and fatal errors such as application exceptions. See the Microsoft TechNet Library for documentation on viewing events with the Event Viewer snap-in for Microsoft Management Console (MMC).