After the base HBAnyware software, which includes the HBAnyware utility and remote server, is installed on a group of systems, the HBAnyware utility on any of those systems can remotely access and manage the HBAs on any of the other systems. This may not be a desirable situation, because any system can perform actions such as resetting boards or downloading firmware.
The HBAnyware security package can be used to control which HBAnyware systems can remotely access and manage HBAs on other systems in a Fibre Channel network. HBAnyware security is systems-based, not user-based. Anyone with access to a system that has been granted HBAnyware client access to remote HBAs can manage those HBAs. Any unsecured system is still remotely accessible by the HBAnyware client software (HBAnyware utility).
The HBAnyware security software is designed to provide two main security features:
Prevent remote HBA management from systems in the enterprise that the administrator does not want to have this capability.
Prevent an accidental operation (such as firmware download) on a remote HBA. In this case, the administrator does not want to have access to HBAs in systems he or she is not responsible for maintaining.
The first time the HBAnyware Security Configurator is run on a system in an environment where no security as been configured, the initial Access Control Group (ACG) is created. At this point, only this system has remote access to the HBAs in the systems in the ACG. They are no longer remotely accessible from any other system.
Subsequently, additional Access Sub-Groups (ASGs) can be created. This grants systems in the ACG the ability to remotely access the HBAs of other selected systems in the ACG.