HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 21

1 Because the primary FCS switch distributes the zoning configuration, zoning databases do not merge when new switches join the fabric. Instead, the zoning information on the new switches is overwritten when the primary FCS switch downloads zoning to these switches, if secure mode is enabled on all of them. For more information about zoning, see the Fabric OS Administrator's Guide. For more information about merging fabrics, see "Adding Switches and Merging Fabrics with Secure Mode Enabled" on page 4-13. The remaining switches listed in the FCS policy act as backup FCS switches. If the primary FCS switch becomes unavailable for any reason, the next switch in the list becomes the primary FCS switch. You should have at least one backup FCS switch, to reduce the possibility of having no primary FCS switch available. You can designate as many backup FCS switches as you like; however, all FCS switches should be physically secure. Any switches not listed in the FCS policy are defined as non-FCS switches. The root and factory accounts are disabled on non-FCS switches. For information about customizing the FCS policy, see "Enabling Secure Mode" on page 3-2. For information about configuration download restrictions while in secure mode, see "Enabling Secure Mode" on page 3-2. Fabric Management Policy Set Using Secure Fabric OS, you can create several types of policies to customize various aspects of the fabric. By default, only the FCS policy exists when secure mode is first enabled. Use the CLI or Fabric Manager to create and manage Secure Fabric OS policies. Note Fibre Channel routers, such as the Silkworm 7500, do not enforce security policies. Secure Fabric OS policies can be created, displayed, modified, and deleted. They can also be created and saved without being activated immediately, to allow future implementation. Saved policies are persistent, meaning that they are saved in flash memory and remain available after switch reboot or power cycle. The group of existing policies is referred to as the "fabric management policy set" or FMPS, which contains an active policy set and a defined policy set. The active policy set contains the policies that are activated and currently in effect. The defined policy set contains all the policies that have been defined, whether activated or not. Both policy sets are distributed to all switches in the fabric by the primary FCS switch. Secure Fabric OS recognizes each type of policy by a predetermined name. Secure Fabric OS Administrator's Guide 1-5 Publication Number 53-1000244-01