HP StorageWorks X5000 Technical Manual page 118
Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy
Hide thumbs
Also See for StorageWorks X5000:
- Release note (39 pages) ,
- Limited warranty (76 pages) ,
- Support manual (17 pages)
Table of Contents
Advertisement
Service Name
Member Server
ClusSvc
Not installed
Important: Cluster Service must be set to Automatic for all HP NAS server systems running Microsoft
Clustering.
The Cluster Service system service controls server cluster operations and manages the cluster
database. A cluster is a collection of independent computers that is as easy to use as a single
computer, but it can be very difficult to manage. Managers see it as a single system, and
programmers and users see it as a single system. The Cluster Service spreads data and computation
among the nodes of the cluster. When a node fails, other nodes provide the services and data
formerly provided by the missing node. When a node is added or repaired, the Cluster Service
software migrates some data and computation to that node. To ensure greater security in the three
environments defined in this guide, disable this service.
Service Name
Member Server
EventSystem
Important: COM+ System Application should be set to Manual for HP NAS server systems that have
3
rd
party applications requiring COM+ functionality.
The COM+ System Application system service manages the configuration and tracking of components
based on COM+. This service is not a requirement for the baseline server policy. Therefore, this
service is configured to Disabled in the three environments defined in this guide.
Service Name
Member Server
Dfs
Important: This setting must be set to Automatic for all HP NAS server systems using DFS.
The Distributed File System (DFS) service manages logical volumes distributed across a local area
network (LAN) or wide area network (WAN) and is required for the Microsoft Active Directory®
SYSVOL share. DFS is a distributed service that integrates disparate file shares into a single logical
namespace. This namespace is a logical representation of the network storage resources that are
available to users on the network. Disabling the DFS service prevents users from accessing network
data through a logical namespace, and requires them to know the names of all the servers and shares
in the environment to access them. The File Server Incremental Group Policy disables the DFS service
to minimize the attack surface of the file servers on the network. For this reason, the Distributed File
System setting is configured to Disabled in all of the security environments defined in this guide.
Important: Organizations using DFS on file servers or on NAS server systems to simplify accessing
distributed resources must modify the File Server Incremental Group Policy or create a new GPO to
enable this service.
Service Name
Member Server
NtFrs
Important: This setting must be set to Automatic for all HP NAS server systems using DFS and FRS
Cluster Service
Legacy Client
Default
Disabled
COM+ System Application
Legacy Client
Default
Manual
Disabled
Distributed File System
Legacy Client
Default
Automatic
Disabled
File Replication
Legacy Client
Default
Manual
Disabled
118
Enterprise Client
High Security Client
Disabled
Disabled
Enterprise Client
High Security Client
Disabled
Enterprise Client
High Security Client
Disabled
Enterprise Client
High Security Client
Disabled
Disabled
Disabled
Disabled
Advertisement
Table of Contents
