Home » HP Manuals » Storage Devices » HP StorageWorks 2/16V » Manual Viewer

HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 103

Removing Secure Fabric OS Capability, Preparing the Fabric for Removal of Secure Fabric OS Policies

View all HP StorageWorks 2/16V manuals

Add to My Manuals
Save this manual to your list of manuals

Page 103 highlights

Removing Secure Fabric OS Capability Appendix A You cannot remove Secure Fabric OS capability from a fabric by disabling secure mode and deactivating the Secure Fabric OS license keys on the individual switches. Removing Secure Fabric OS capability is not recommended unless absolutely required. If at all possible, consider disabling only secure mode and leaving the Secure Fabric OS feature available so that secure mode can be reenabled if desired. One possible reason for disabling secure mode or removing Fabric OS capability includes the addition of new switches to the fabric that do not support Secure Fabric OS. Disabling secure mode includes the following tasks: • "Preparing the Fabric for Removal of Secure Fabric OS Policies," next • "Disabling Secure Mode" on page A-2 In addition, undertake the following tasks if desired: • "Deactivating the Secure Fabric OS License on Each Switch" on page A-3 • "Uninstalling Related Items from the Host" on page A-3 Preparing the Fabric for Removal of Secure Fabric OS Policies Note This section provides general recommendations only. For best-practice information, refer to the SOLUTIONware and other documentation provided on the Brocade Partner Web site. The following tasks are recommended to prepare the fabric before disabling secure mode: • Review the current Secure Fabric OS policies and the devices and users affected by each policy. The current policy set can be displayed by entering the secPolicyDump command. • Review the types of attempted policy violations that have been occurring. The current Secure Fabric OS statistics can be displayed by entering the secStatsShow command. • Evaluate the zoning configuration and other aspects of the fabric for any changes that could be implemented to decrease the chance of security violations when Secure Fabric OS is disabled. • Educate users to minimize security risks and the impact of any security violations. Secure Fabric OS Administrator's Guide A-1 Publication Number: 53-1000244-01

Section	Page
About This Document	5
Chapter 1 Introducing Secure Fabric OS	5
Chapter 2 Preparing the Fabric for Secure Fabric OS	5
Chapter 3 Enabling Secure Fabric OS and Creating Policies	6
Chapter 4 Managing Secure Fabric OS	7
Appendix A Removing Secure Fabric OS Capability	7
Appendix B Secure Fabric OS Commands and Secure Mode Restrictions	7
Index	7
About This Document	9
How This Document Is Organized	9
Supported Hardware and Software	10
What’s New in This Document	10
Document Conventions	11
Text Formatting	11
Notes, Cautions, and Warnings	11
Key Terms	12
Additional Information	12
Brocade Resources	12
Other Industry Resources	14
Getting Technical Help	15
Document Feedback	16
Introducing Secure Fabric OS	17
Management Channel Security	18
Switch-to-Switch Authentication	19
Using PKI	19
Using DH-CHAP	20
Fabric Configuration Server Switches	20
Fabric Management Policy Set	21
Preparing the Fabric for Secure Fabric OS	23
Prerequisites for a Secure Fabric Environment	23
Verifying Compatible Fabric OS Version	24
Verifying or Activating Secure Fabric OS and Advanced Zoning Licenses	25
Verifying the Digital Certificate	26
Displaying the Digital Certificate Status	26
Creating PKI Objects	27
Removing PKI Objects	28
Obtaining the Digital Certificate File	29
Configuring Switch-to-Switch Authentication	44
Selecting Authentication Protocols	45
Managing Shared Secrets	46
Preparing SilkWorm 24000 for Secure Fabric OS	48
Installing a Supported CLI Client on a Workstation	50
Enabling Secure Fabric OS and Creating Policies	51
Prerequisites to Enabling Secure Mode	51
Default Fabric and Switch Accessibility	52
Enabling Secure Mode	52
Modifying the FCS Policy	58
Changing the Position of a Switch Within the FCS Policy	59
Failing Over the Primary FCS Switch	60
Creating Secure Fabric OS Policies Other Than the FCS Policy	61
Creating a MAC Policy	62
Creating an Options Policy	70
Creating a DCC Policy	71
Creating an SCC Policy	74
Managing Secure Fabric OS Policies	75
Saving Changes to Secure Fabric OS Policies	76
Activating Changes to Secure Fabric OS Policies	77
Adding a Member to an Existing Policy	77
Removing a Member from a Policy	78
Deleting a Policy	78
Aborting All Uncommitted Changes	79
Aborting a Secure Fabric OS Transaction	79
Managing Secure Fabric OS	81
Viewing Secure Fabric OS Information	81
Displaying General Secure Fabric OS Information	82
Viewing the Secure Fabric OS Policy Database	82
Displaying Individual Secure Fabric OS Policies	83
Displaying Status of Secure Mode	84
Displaying and Resetting Secure Fabric OS Statistics	85
Displaying Secure Fabric OS Statistics	86
Resetting Secure Fabric OS Statistics	87
Managing Passwords	88
Modifying Passwords in Secure Mode	90
Using Temporary Passwords	91
Resetting the Version Number and Time Stamp	92
Adding Switches and Merging Fabrics with Secure Mode Enabled	93
Preventing a LUN Connection	97
Troubleshooting	97
Removing Secure Fabric OS Capability	103
Preparing the Fabric for Removal of Secure Fabric OS Policies	103
Disabling Secure Mode	104
Deactivating the Secure Fabric OS License on Each Switch	105
Uninstalling Related Items from the Host	105
Secure Fabric OS Commands and Secure Mode Restrictions	107
Secure Fabric OS Commands	107
Command Restrictions in Secure Mode	112
Zoning Commands	112
Miscellaneous Commands	113
Index	115
A	115
C	115
D	116
E	116
F	116
H	116
I	116
J	116
L	116
M	116
N	116
O	117
P	117
R	117
S	117
T	118
U	118
V	118
W	118

Match case Limit results 1 per page

Secure Fabric OS Administrator’s Guide

A-1

Publication Number: 53-1000244-01

Appendix

Removing Secure Fabric OS Capability

You cannot remove Secure Fabric OS capability from a fabric by disabling secure mode and

deactivating the Secure Fabric OS license keys on the individual switches. Removing Secure Fabric OS

capability is not recommended unless absolutely required. If at all possible, consider disabling only

secure mode and leaving the Secure Fabric OS feature available so that secure mode can be reenabled if

desired.

One possible reason for disabling secure mode or removing Fabric OS capability includes the addition

of new switches to the fabric that do not support Secure Fabric OS.

Disabling secure mode includes the following tasks:

•

“Preparing the Fabric for Removal of Secure Fabric OS Policies,”

•

“Disabling Secure Mode”

on page A-2

In addition, undertake the following tasks if desired:

•

“Deactivating the Secure Fabric OS License on Each Switch”

on page A-3

•

“Uninstalling Related Items from the Host”

on page A-3

Preparing the Fabric for Removal of

Secure Fabric OS Policies

The following tasks are recommended to prepare the fabric before disabling secure mode:

•

Review the current Secure Fabric OS policies and the devices and users affected by each policy.

The current policy set can be displayed by entering the

secPolicyDump

command.

•

Review the types of attempted policy violations that have been occurring. The current Secure

Fabric OS statistics can be displayed by entering the

secStatsShow

command.

•

Evaluate the zoning configuration and other aspects of the fabric for any changes that could be

implemented to decrease the chance of security violations when Secure Fabric OS is disabled.

•

Educate users to minimize security risks and the impact of any security violations.

Note

This section provides general recommendations only. For best-practice information, refer to the

SOLUTIONware and other documentation provided on the Brocade Partner Web site.