Home » HP Manuals » Storage Devices » HP StorageWorks 2/16V » Manual Viewer

HP StorageWorks 2/16V Brocade Fabric Manager Administrator's Guide (53-1000019 - Page 253

Managing Secure Fabrics, Enabling Secure Mode

View all HP StorageWorks 2/16V manuals

Add to My Manuals
Save this manual to your list of manuals

Page 253 highlights

Managing Secure Fabrics Chapter 17 This chapter provides information on enabling secure mode for a fabric, adding a switch to a secure fabric, and checking secure fabrics prior to merging them. It also includes information about using the policy editor to configure security policies, and provides instructions on how to configure no node WWN zoning, how to change admin security passwords (for FCS or non-FCS switches/directors), and how to use telnet on a secure fabric. See the following sections for specific secure fabric information: • "Enabling Secure Mode" on page 17-1 • "Using the Policy Editor" on page 17-3 • "Adding a Switch to a Secure Fabric" on page 17-17 • "Merging Secure Fabrics" on page 17-18 • "Using Telnet on a Secure Fabric" on page 17-19 Enabling Secure Mode This section describes how to create a secure fabric using the Secure Fabric wizard. To use the Secure Fabric wizard, your primary FCS switch must be running Fabric OS v5.0.0 or later, Fabric OS v4.4.0 or later, or Fabric OS v3.2x or later. If your primary FCS switch is not running one of these operating systems, you must enable or disable secure mode using the CLI. See the Secure Fabric OS Administrator's Guide for CLI information. All switches in the fabric must be running Fabric OS v5.0.0 or later, Fabric OS v4.1x or later, Fabric OS V3.1x or later, or Fabric OS v2.6.1x or later regardless of whether you are using CLI or the Secure Fabric wizard. If you enable secure mode on a fabric that contains any Fabric OS v5.2.x switches, any switch local ACL policies (SCC, DCC, and Distributed Passwords) are discarded. You cannot enable secure mode under the following conditions: • You cannot enable secure mode on a fabric unless all switches in the fabric have a Secure Fabric OS license, a zoning license, and security certificates installed. For more information about security certificates, see the Secure Fabric OS Administrator's Guide. • You cannot enable secure mode for an edge fabric that is configured for Fibre Channel routing. See "FC-FC Routing and Secure Fabrics" on page 19-12 for additional limitations when using the FCFC Routing Service and secure fabrics. • You cannot enable secure mode on Admin Domain-aware fabrics. • You cannot enable secure mode if a fabric-wide consistency policy is configured on the switch. Fabric Manager Administrator's Guide Publication Number: 53-1000196-01-HP 17-1

Section	Page
Fabric Manager	1
Contents	5
About This Document	19
How This Document Is Organized	19
Supported Hardware and Software	21
What’s New in This Document	21
Document Conventions	22
Text Formatting	22
Notes, Cautions, and Warnings	22
Key Terms	23
Additional Information	23
Brocade Resources	23
Other Industry Resources	25
Getting Technical Help	26
Document Feedback	27
Introducing Fabric Manager	29
Overview of Fabric Manager	29
Browser and Platform Requirements	30
Configuring Internet Explorer	31
System Requirements	32
Fabric and Switch Access	33
Administrative Domains	34
Role-Based Access Control	35
Installation	37
Planning for the Installation	37
Installation and Troubleshooting Information	37
Uninstalling or Upgrading Fabric Manager	38
Single Server Monitoring a Fabric	38
Java Runtime Environment (JRE)	38
Video Drivers	38
Install Wizard	38
Web Tools Java Plug-in and Web Browser	38
Fabric Manager Server	38
IP Connection to Switches	39
Blocked Port Numbers	39
HTTP	39
Solaris Installation Considerations	39
Windows Installation Considerations	40
Upgrading Fabric Manager	40
Licence Keys	41
Upgrading from the Evaluation Version	41
Installing the Fabric Manager Server	42
Installing Fabric Manager Server on Windows	42
Installing Fabric Manager Server on Solaris	50
Installing Fabric Manager Server on Linux	53
Copying an Installation from Server to Server	56
Uninstalling the Fabric Manager Server	58
Fabric Manager Client	61
Launching Fabric Manager	61
Uninstalling the Fabric Manager Client	64
Understanding the Fabric Manager Layout	66
Scope Panel	67
View Panel	69
Task Panel	72
Information Panel	72
Menu Bar	74
Status Indicators	74
Refreshing the Window	76
Selecting Elements and Accessing Modules	77
Customizing Fabric Manager	78
Displaying Fabrics by IP Address, Domain ID, WWN, and Name	78
Customizing Tables	78
Filtering Elements in a Table	80
Customizing Tool Tips	81
Resizing Panels	82
Discovering and Customizing Fabrics	83
Discovering a Fabric	83
Discovering a Single Fabric	84
Discovering Multiple Fabrics (Subnet Scan)	85
Logging In to Multiple Switches Simultaneously	86
Monitoring Fabrics	88
Changing the Seed Switch	89
Deleting a Fabric from Fabric Manager	91
Renaming Fabric Components	92
Renaming a Fabric	92
Renaming a Switch	92
Renaming a Port	93
Renaming a Device	93
Importing Device Names	94
Using Zone Aliases	95
Importing Names from a .csv File	95
Importing FDMI Host Names	96
Working With Switch and Port Groups	96
Understanding the Groups View	97
Creating and Populating Switch Groups	98
Editing a Switch Group	100
Creating Port Groups	101
Editing a Port Group	102
Deleting a Switch or Port Group	102
Viewing Fabric Topologies	103
Understanding the View Panel	103
View Panel Toolbar Items	104
Viewing Tool Tips	105
Selecting Items in the Topology	106
Changing the Layout	106
Saving View Preferences	106
Topology Views	107
Displaying Monitored Fabrics	107
Displaying Switch Interconnectivity	108
Displaying Attached Devices	109
Displaying Zone Configurations	110
Viewing Link Information	111
Displaying Name Server Information	113
Monitoring Alerts and Events	115
Monitoring Alerts	115
Viewing Alerts	115
Identifying Alerts	116
Filtering Alerts	121
Acknowledging Alerts	122
Resolving Alerts	122
Deleting Alerts	122
Deleting Alerts Manually	122
Deleting Alerts Automatically	123
Configuring Alert Display Options	124
Monitoring Fabric Events	125
Viewing Fabric Events	125
Filtering Fabric Events	126
Configuring Notification Parameters	127
Using Performance Monitoring	129
Performance Monitoring Components	130
Port Statistics	130
End-to-End Monitoring	130
Granularity	131
Reports	131
Graphs	132
Templates	132
Enabling Performance Monitoring	133
Disabling Performance Monitoring	135
Generating Custom Reports and Graphs	135
Creating Custom Reports	136
Creating Custom Graphs	139
Creating and Using Report Templates	141
Creating Templates for Reports and Graphs	142
Generating Reports and Graphs from Templates	144
Saving Performance Monitor Reports or Graphs	145
Printing Performance Monitor Reports	145
Exporting Reports	146
Displaying Saved Reports and Graphs	146
Deleting Reports and Graphs	147
Editing Performance Monitor Graphs	147
Displaying Performance Monitor Reports in External Applications	148
Change Management	149
Using Change Management Profiles	149
Creating a Profile	152
Cloning a Profile	153
Editing a Profile	153
Deleting a Profile	154
Using Snapshots and Change Reports	154
Displaying a Change Report	154
Creating Snapshots on Demand	156
Comparing Snapshots	157
Exporting Snapshot and Change Reports	157
Exporting Switch Configuration Information	158
Displaying Change Reports in External Applications	158
Printing Snapshot and Change Reports	159
Changing Baseline Snapshot	159
Call Home Support	161
About Call Home	161
Call Home Email Messages	162
Call Home External Executable	162
Configuring Call Home	163
Editing Configurations	164
Enabling or Disabling Call Home Globally	165
Monitoring Call Home	166
Switch Configuration and Management	167
Viewing Switch Information	167
Viewing Port Information	170
Synchronizing Date and Time Across a Fabric	171
Opening a Telnet Session for a Nonsecure Switch	172
Enabling/Disabling Switches and Ports	172
Configuring Ports	173
Swapping Ports	174
Administering ISL Trunking	175
Administering License Keys	176
Exporting License Keys	176
Importing and Restoring License Keys	178
Removing License Keys	179
Using Baseline Configurations for Configuration Management	179
Saving a Baseline Configuration to a File	180
Comparing Switches to a Baseline File	182
Comparing Switches to a Baseline Switch	184
Downloading a Configuration	185
Downloading to Switches from a Baseline File	185
Downloading to Switches from a Baseline Switch	186
Customizing Baseline Configurations	187
Saving Switch Configuration Files	189
Checking the Physical Health of a Switch	191
Replacing a Switch in the Fabric	192
Configuring Standard Security Features	193
Managing Passwords	193
Enabling and Disabling Switch Passwords	193
Changing Admin Password on Multiple Switches	194
Enabling Secure Communication Over HTTPS	195
Managing the Truststore	195
Managing Administrative Domains	196
Requirements for Admin Domains	196
Launching the Admin Domain Module	197
Managing Access Control Lists	198
Propagating RADIUS Configuration Across Switches	199
Managing the iSCSI Target Gateway	201
About the iSCSI Target Gateway	201
Viewing iSCSI Information	202
iSCSI Summary	203
iSCSI Ports	203
iSCSI Initiators	204
iSCSI Targets	205
Virtual Initiators	205
Exported FC Targets	206
iSCSI Sessions	207
Setting Up iSCSI Target Gateway Services	207
Firmware Management	209
Determining Availability of Firmware-Specific Features	209
Using Built-in FTP Server and Firmware Repository	211
Viewing the Firmware Repository	211
Importing and Removing Firmware	212
Defining a Fabric Profile	214
Viewing SAN Firmware Versions	216
Configuring File Transfer Options	217
Downloading Firmware to Multiple Switches	219
Downloading Firmware with Firmware Repository Support	220
Downloading Firmware Using an External FTP Server	221
Controlling Firmware Download Reboots	223
Downloading Firmware to HBAs	223
Downloading Firmware to XPath OS Switches	226
Accessing Firmware When Changing the FTP Server	226
Collecting FDMI Device Information	227
Rebooting Switches	227
Creating a Reboot Group with Multiple Switches	228
Creating Single-Switch Reboot Groups	229
Assigning Switches to a Reboot Group	230
Performing a Sequenced Reboot	231
Managing Zones	233
Introduction to Zoning	233
Managing Zoning Offline	234
Use Cases for Offline Zoning	235
Requirements for Offline Zoning	235
Access Control	235
Admin Domain Considerations	236
Limitations	236
Offline Zone Editing	236
Editing a Zone Database Offline	237
Copying a Zone Database from One Fabric to Another	239
Comparing Two Zone Databases	239
Merging Two Zone Databases	243
Exporting and Importing a Zone Database	245
Rolling Back Changes to the Zone Database on the Fabric	246
Deleting a Zone Database from the Local Repository	247
Undoing the Automatic Checkout of a Zone Database	247
Managing Zoning with Web Tools	248
Fabric Watch	251
Launching Fabric Watch	251
Using Fabric Watch with Web Tools	252
Managing Secure Fabrics	253
Enabling Secure Mode	253
Using the Policy Editor	255
Configuring FCS Policy Options	256
Configuring SCC Policy Options	258
Configuring Telnet, RSNMP, WSNMP, HTTP, and API Policy Options	259
Configuring DCC Policy Options	261
Configuring SES and MS Policy Options	263
Configuring Serial and Front Panel Policy Options	265
Changing the Admin Security Password	267
Configuring No-Node WWN Zoning	269
Adding a Switch to a Secure Fabric	269
Merging Secure Fabrics	270
Using Telnet on a Secure Fabric	271
FICON and CUP	273
Identifying Switches with FMS Mode Enabled	273
Editing the Current Port Connectivity Configuration	274
Editing a Stored Port Connectivity Configuration	276
Identifying Port Zone Conflicts	278
Configuring Insistent Domain ID Mode	278
Identifying Ports That Completed the RNID Exchange	280
Monitoring Link Incidents	281
Cascaded FICON Setup	281
Configure a Fabric for Cascaded FICON	281
Merge Two Fabrics for Cascaded FICON	283
Managing the FC-FC Routing Service	285
Requirements for Fibre Channel Routing	285
About Fibre Channel Routing	286
Setting Up FC-FC Routing	287
Connecting Edge Fabrics	288
Diagnosing Fabric Device Sharing	289
Sharing Devices Between Fabrics	290
Displaying Logical SANs	292
Displaying FC Router Information	293
Translate Domains and Virtual Device Status	295
FC-FC Routing and Secure Fabrics	296
FC-FC Routing and AD-Enabled Fabrics	296
Using the FCIP Tunneling Service	297
About FCIP Tunneling	297
Viewing FCIP Information	298
Configuring an FCIP Tunnel	299
Third-Party and Foreign Device Management	301
Accessing Third-Party Management Applications	301
Adding Third-Party Management Applications	302
Configuring Multiple Fabrics	303
Editing Third-Party Management Applications	304
Running Third-Party Management Applications	304
Examples of Launching Applications	304
Launching an application on the Fabric Manager client system	304
Launching Web Tools Switch Explorer	305
Importing Device WWNs	307
Creating Reports	311
Displaying the Switch Health Report	311
Storing Data and Performing Backups	315
Data Persistence	315
Performing Backups	315
Full Backup	316
Incremental Backup	317
Server Management Console	319
Introduction to Server Management Console	319
Launching the Server Management Console	320
Managing Fabric Manager Services	320
Changing Authentication Information	321
Backing Up and Restoring the Database	323
Capturing Technical Support Information	324
Creating a Login Banner	325
Changing Secure Communication Settings (HTTP or HTTPS)	326
Changing the Web Server Port Number	328
Fabric Troubleshooting Tools	331
General Device Diagnostics	331
Fabric Merge Check	332
Event Message Severity Level	334
Trace Route	335
Troubleshooting	339
Capturing Fabric Manager Support Information	339
Checking the Client Side	341
Authentication Issues (Unable to Login)	341
Account Lockout	342
Changing Authentication Method	342
Client Access to Switches	343
Client-Side CPU Usage	343
Capturing/Reporting Client-Side Issues	343
Checking Client/Server Interaction	343
No Client/Server Interaction	344
Client/Server Version Mismatch	344
Determine Whether Client or Server Problem	344
Checking the Server Side	345
Server Cannot Access Switches	345
Server-Side CPU Usage	345
Statistics Not Collected	345
Capturing/Reporting Server-Side Issues	345
Checking Fabric Discovery Problems	346
Capturing supportShow and supportSave Output	346
Topology	348
Nodes Swapped With Another Switch Node	348
Lettering in Legend Unreadable When Printed	348
Links Do Not Reconfigure After Disruptive Failover	349
Nodes Overlap	349
Pinpointing Additional Problem Areas	349
Locating Fabric Manager License Key and Serial Number	349
Switches and Hosts Do Not Recognize HBA After Firmware Download to HBA	350
503 Service Unavailable/Overloaded Error	350
Installation Wizard	350
Installation Wizard Does Not Launch	350
Installation Wizard Locks Up	350
Fabric Manager Client Does Not Start	350
Welcome Page Does Not Launch	351
Illegal Argument Error (Windows)	351
Failed to Load Resource	351
Web Tools Pages Do Not Launch	351
Wizard Hangs	352
Performance Monitoring	352
Incorrect Performance Monitoring Port Statistics	352
Performance Monitoring Configuration Window Hangs	352
Fabric Manager Database File Is Too Large	352
Sequenced Reboot Does Not Show Correct Status	352
Stopping Fabric Manager Server on Solaris and Linux	353
Changing Printers in Fabric Manager	353
Changing the Time in Fabric Manager	353
ODBC Driver Installer Error	353
fmsupportshow Output File is Empty	354
Repository	355
SAN	356
Fabric	356
Switch	356
Device	357
Switch Port	358
Device Port	361
Zone_config	361
Zone	362
Zone Membership	362
Zone Alias	363
Licenses for Third-Party Products	365
ABA Licence	365
Apache License	367
AXL License	370
Jason Hunter & Brett McLaughlin License	371
LGPL License 2.0	372
LGPL License 2.1	377
MIT License	384
ONC RPC License	384
Open SSL License	385
Public Domain	389
Reusable Objects/NetComponents License	389
Sun Java License	390
Wolf Paulus License	393

Match case Limit results 1 per page

Fabric Manager Administrator’s Guide

17-1

Publication Number: 53-1000196-01-HP

Chapter

Managing Secure Fabrics

This chapter provides information on enabling secure mode for a fabric, adding a switch to a secure

fabric, and checking secure fabrics prior to merging them. It also includes information about using the

policy editor to configure security policies, and provides instructions on how to configure no node

WWN zoning, how to change admin security passwords (for FCS or non-FCS switches/directors), and

how to use telnet on a secure fabric. See the following sections for specific secure fabric information:

•

“Enabling Secure Mode” on page 17-1

•

“Using the Policy Editor” on page 17-3

•

“Adding a Switch to a Secure Fabric” on page 17-17

•

“Merging Secure Fabrics” on page 17-18

•

“Using Telnet on a Secure Fabric” on page 17-19

Enabling Secure Mode

This section describes how to create a secure fabric using the Secure Fabric wizard.

To use the Secure Fabric wizard, your primary FCS switch must be running Fabric OS v5.0.0 or later,

Fabric OS v4.4.0 or later, or Fabric OS v3.2x or later. If your primary FCS switch is not running one of

these operating systems, you must enable or disable secure mode using the CLI. See the

Secure Fabric

OS Administrator’s Guide

for CLI information.

All switches in the fabric must be running Fabric OS v5.0.0 or later, Fabric OS v4.1x or later, Fabric OS

V3.1x or later, or Fabric OS v2.6.1x or later regardless of whether you are using CLI or the Secure

Fabric wizard.

If you enable secure mode on a fabric that contains any Fabric OS v5.2.x switches, any switch local

ACL policies (SCC, DCC, and Distributed Passwords) are discarded.

You cannot enable secure mode under the following conditions:

•

You cannot enable secure mode on a fabric unless all switches in the fabric have a Secure Fabric OS

license, a zoning license, and security certificates installed. For more information about security

certificates, see the

Secure Fabric OS Administrator’s Guide

•

You cannot enable secure mode for an edge fabric that is configured for Fibre Channel routing. See

“FC-FC Routing and Secure Fabrics” on page 19-12

for additional limitations when using the FC-

FC Routing Service and secure fabrics.

•

You cannot enable secure mode on Admin Domain-aware fabrics.

•

You cannot enable secure mode if a fabric-wide consistency policy is configured on the switch.