Implementing a Security Partition
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
A security partition is a DCAM and associated managed servers that use a CAM account that is different than other DCAMs and managed servers in the same configuration group. Security partitioning can be used to enable different administrator groups to manage different resources within a single domain or across multiple domains. The account used for the CAM account on the DCAM must have administrator rights on the servers that it manages. You can have up to 10 security-partitioned DCAMs within a single configuration group.
After adding a new DCAM using a security-partitioned CAM account, remove all unnecessary domain administrators from the new DCAM and the managed servers. This prevents unauthorized access to your security-partitioned managed nodes. You should also maintain different OnePointOp group memberships than the other DCAMs in the configuration group.
To build in redundancy for a security partition, install security-partitioned DCAMs in pairs.
Note:
- You cannot use an integrated DAS and CAM account in a security partition because the DAS account must be the same across the entire configuration group.