Block Storage

Hello Experts,

Due to limited resources, we have set up both PROD and UAT environments within the same array. While pools, device IDs, and ports are segregated according to PROD and UAT, they still reside within the same array.

We now have an audit requirement to create a user who can only work on or modify either the PROD (pools, device IDs, ports) or UAT (pools, device IDs, ports) environment. Is there a way to configure user access so that a user has full access to specific pools and ports (either PROD or UAT), while having read-only access to the remaining resources? I heard about Virtual Storage Machine (VSM) but someone suggested that to impllement this, we need a host downtime.

Please advise or suggest possible solutions.

Thanks

Amit

Hi Amit

Yes, that is correct. Implementing VSM's will require downtime. And yes, I think this is the only way to fulfill the requirements from your audit.

In your case you need 2 pools if you haven't already (one for each environment), as you also need to move the pool-volumes to the VSM.

You create two VSMs (virtual storage systems with their own serialnumbers (you choose the serial)).

When the VSM is created, you need to move virtual LDEVs, ports and devices to these new VSMs.

Then you create user-groups, with roles that are only allowed to administrator one or the other VSM.

The reason for host downtime is that in order to move devices and virtual LDEVs to the new VSM, the LDEVs must be unallocated from the devices before moving.

Regards

Henrik

As Henrik mentioned, Resource Groups AKA VSM's are what you can use to accomplish this.
The E Series Document for this is the System Administrator Guide for Virtual Storage Platform E Series:
https://docs.hitachivantara.com/r/en-us/virtual-storage-platform-e-series/93-07-2x/mk-97hm85028/managing-users-and-user-groups/managing-resource-groups