Nas 8000 Security Level Guidelines; Preparing Sql Server To Utilize The Nas 8000; Enabling Networked Storage On Sql Server - HP StorageWorks 8000 - NAS User Manual

usage plan calls for the use of NAS 8000 snapshots, space must be reserved in the volume group for the
snapshots.
After creating volume groups, the next step is to create file volumes. A file volume is somewhat equivalent
to a file system. There are many possibilities at this level, and each choice should be weighed carefully
before committing to an overall storage design. One or more file volumes are entirely contained in a single
volume group. A file volume cannot be a member of more than one volume group. Placing an entire
database into one single file volume may facilitate easier backup through the snapshot features of the NAS
8000. Snapshots can be utilized for backing up the database even if the database data files exist in
multiple file volumes and multiple volume groups.
Finally, once the file volumes have been created, the DBA/NAS 8000 administrator can create the desired
directory structure and CIFS/SMB shares. A directory structure can be created from the Command View
NAS GUI and then individual directories can be shared. Another method is to share the root directory of
the storage file volume(s) for read/write access by the DBA. The DBA can then create directories under the
file volume as desired and set the permissions. The CIFS/SMB shares must be defined through the
Command View NAS GUI. Once the shares have been defined, the database server(s) may connect to the
shares, and the database may be moved, started or created. Please read carefully the section in the
"problems, challenges and constraint" section below about defining new CIFS/SMB shares while SQL
Server is active.

NAS 8000 security level guidelines

The NAS 8000 has two different security setting options for Windows (CIFS/SMB) shares. The security
level of the NAS 8000 only applies to CIFS/SMB shares, not to nfs exports. When the NAS 8000 is in
Share level security, all security is handled by the NAS 8000 through the use of passwords on each share.
A share can have a "read" password, a "read/write" password, or no passwords assigned on it. In order
to gain access to a share with a password on it, NAS 8000 clients (e.g. the database servers) must provide
the appropriate password. Every share can have a different set of passwords associated with it. When
the NAS 8000 is in User/Domain level security, the NAS 8000 joins the domain and the Public Domain
Controller for the domain handles all security. In order to gain access to the shares, every NAS 8000 client
must be a valid member of the domain or of a trusted domain, or must be able to access the storage as
though it were a valid member of the domain. All CIFS/SMB shares defined on the NAS 8000 will be in
either Share level security or Domain level security. The CIFS/SMB security level must be set before any
CIFS/SMB shares are defined. Although it is possible to change security levels once CIFS/SMB shares
have been defined, if there are data files in those shares, the changing of security attributes may have
undesirable results. Because of this, it is crucial that the NAS 8000 administrator and the DBA plan out the
security model that best fits the planned use. The NAS 8000 can serve SQL Server database data files in
either Windows security setting; however, the security setting can affect the database creation process. The
sections under 'Creating a Database' will describe these issues in detail.

preparing SQL Server to utilize the NAS 8000

There are two tasks to perform on the SQL Server before it will access the NAS 8000 for storing SQL
database data/log files; both of these tasks can be accomplished through SQL Server's Enterprise Manager
utility. The first task is to enable SQL Server to use networked storage (e.g. the NAS 8000) to store data
files associated with SQL databases. The second task is to set the owner of the SQL Server service for the
Windows server if the NAS 8000 is in User/Domain level security.

enabling networked storage on SQL Server

Starting with SQL Server 6.5, Microsoft Corporation disallowed the use of "non-local" storage for homing
database data/log files. However, SQL Server 7.0 and SQL Server 2000 both support the use of a special
"trace flag (1807)", that enables SQL Server to utilize "non-local" storage such as the NAS 8000. It is best
to set this trace flag in the startup parameters for SQL Server so that it does not have to be set manually
each time SQL Server is started. To set the trace flag in the startup parameters, open the SQL Server
Enterprise Manager and drill down through the navigation tree until the SQL Server to be managed has
been selected. Select 'Tools' from the menu, and then select SQL Server Configuration Properties. Under
the General tab, click on the "Startup Parameters" button. Append to the list of startup parameters the
6