HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 51

Chapter 3 Enabling Secure Fabric OS and Creating Policies Secure Fabric OS policies make it possible to customize access to the fabric. The FCS policy is the only required policy; all other policies are optional. This chapter includes the following sections: • "Default Fabric and Switch Accessibility," next • "Enabling Secure Mode" on page 3-2 • "Modifying the FCS Policy" on page 3-8 • "Creating Secure Fabric OS Policies Other Than the FCS Policy" on page 3-11 • "Managing Secure Fabric OS Policies" on page 3-25 To implement Secure Fabric OS policies: • Determine which trusted switches to use as FCS switches to manage Secure Fabric OS. • Enable secure mode in the fabric and specify the primary FCS switch and one or more backup FCS switches. This automatically creates the FCS policy. • Determine which additional Secure Fabric OS policies to implement in the fabric; then create and activate those policies. An access policy must be created for each management channel that is used. • Verify that the Secure Fabric OS policies are operating as intended. Testing a variety of scenarios to verify optimal policy settings is recommended. For troubleshooting information, see "Troubleshooting" on page 4-17. Prerequisites to Enabling Secure Mode For more information on any of the following items, see Fabric OS Administrator's Guide. Before enabling secure mode, do the following: • Disable the FC-FC routing on all backbone fabrics. • Set the Password policies to the default values. • Remove user-defined Administrative Domains (AD 1-254). • Assign users to the default Administrative Domain for their role. • Clear Fabric-wide Consistency policies on all switches. • Back up the switch-local SCC and DCC policies. These policies are deleted when secure mode is enabled. Secure Fabric OS Administrator's Guide 3-1 Publication Number: 53-1000244-01