Home » HP Manuals » Storage Devices » HP StorageWorks 2/16V » Manual Viewer

HP StorageWorks 2/16V Brocade Web Tools Administrator's Guide (53-0000194-01, - Page 38

Admin Domains and Zoning, Role-Based Access Control

View all HP StorageWorks 2/16V manuals

Add to My Manuals
Save this manual to your list of manuals

Page 38 highlights

1 For example, if the switch WWN is: 10:00:00:60:69:e4:24:e0 then the converted WWN for that switch in AD1 is: 50:06:06:9e:42:4e:09:01 Admin Domains and Zoning Each Admin Domain has its own zone database, with both defined and effective zone configurations and all related zone objects (zones, zone aliases, and zone members). Within an Admin Domain, you can configure zoning only with the devices that are present in that Admin Domain. Before you implement Admin Domains, you must set the default zoning mode. See "Implementing Administrative Domains" on page 8-3 for additional information. You cannot perform all zoning operations from AD255. Role-Based Access Control Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the role the account has been assigned. For each role, there is a set of pre-defined permissions on the jobs and tasks that can be performed on a fabric and its associated fabric elements. When you log in to a switch, your user account is associated with a pre-defined role. The role that your account is associated with determines the level of access you have on that switch and in the fabric. Following is a description of each of the roles: Admin You have full access to all of the Web Tools features. Operator You can perform any actions on the switch that do not affect the stored configuration. SwitchAdmin You can perform all actions on the switch, except the following: • You cannot modify zoning configurations. • You cannot create new accounts. • You cannot view or change account information for any accounts. You can only view your own account and change your account password. ZoneAdmin You can only create and modify zones. FabricAdmin You can do everything the Admin role can do except create new users. BasicSwichAdmin You have a subset of Admin level access. User You have nonadministrative access and can perform tasks such as monitoring system activity. For information about changing user account roles, see "Creating and Maintaining User-Defined Accounts" on page 17-1. 1-12 Web Tools Administrator's Guide Publication Number: 53-0000194-01

Section	Page
Web Tools	1
Contents	5
About This Document	5
Chapter 1 Introducing Web Tools	5
Chapter 2 Using the Web Tools Interface	6
Chapter 3 Managing Fabrics and Switches	7
Chapter 4 Maintaining Configurations and Firmware	8
Chapter 5 Managing Your Ports	8
Chapter 6 Administering ISL Trunking	8
Chapter 7 Using the FCIP Tunneling Service	9
Chapter 8 Managing Administrative Domains	9
Chapter 9 Administering Zoning	10
Chapter 10 Monitoring Performance	12
Chapter 11 Using the FC-FC Routing Service	12
Chapter 12 Working With Diagnostic Features	13
Chapter 13 Administering Fabric Watch	13
Chapter 14 Administering Extended Fabrics	14
Chapter 15 Administering the iSCSI Target Gateway	14
Chapter 16 Routing Traffic	14
Chapter 17 Configuring Standard Security Features	15
Chapter 18 Administering FICON CUP Fabrics	15
Chapter 19 Limitations	16
Index	16
About This Document	17
How This Document Is Organized	17
Supported Hardware and Software	18
What’s New in This Document	19
Document Conventions	20
Text Formatting	20
Notes, Cautions, and Warnings	20
Key Terms	20
Additional Information	21
Brocade Resources	21
Optional Brocade Features	23
Other Industry Resources	24
Getting Technical Help	24
Document Feedback	25
Introducing Web Tools	27
Requirements, Installation, and Support	27
Requirements	28
Installing a Web Tools License	32
Value Line Licenses	33
Launching Web Tools	34
Administrative Domains	36
Admin Domains and Login	37
Admin Domains and Switch WWN	37
Admin Domains and Zoning	38
Role-Based Access Control	38
Session Management	39
Logging In	39
Logging Out	42
Using the Web Tools Interface	43
Viewing the Switch Explorer	43
SilkWorm 24000 Director	45
SilkWorm 48000 Director	46
SilkWorm 4100 Switch	47
Blade View	48
Fabric Tree	49
Fabric Toolbar	49
Admin Domain Context	50
Switch View	52
Switch View Button Menu	53
Switch Information View	54
Status Legend	54
AD/User/Role Indicator	54
Displaying Tool Tips	54
Refresh Rates	55
Displaying Switches in the Fabric	56
Using Web Tools and Secure Mode	57
Web Tools Access and HTTP_POLICY	57
Opening Modules in a Secure Fabric	57
Primary-FCS-Only Functionality	57
Disabled Functionality	58
Working with Web Tools: Recommendations	58
Managing Fabrics and Switches	59
Managing Fabrics and Switches Using Web Tools	59
Launching the Switch Admin Module	61
Refreshing the Switch Admin Module	61
Launching the Telnet Window	61
Configuring IP and Netmask Information	62
Configuring a syslog IP Address	63
Enabling and Disabling Blades	64
Configuring a Switch	65
Enabling and Disabling a Switch	65
Changing the Switch Name	65
Changing the Switch Domain ID	66
Viewing and Printing a Switch Report	66
Rebooting the Switch	66
Performing a Fast Boot	67
Performing a Reboot	67
Changing System Configuration Parameters	67
Configuring Fabric Parameters	68
Enabling Insistent Domain ID Mode	70
Configuring Virtual Channel Settings	70
Configuring Arbitrated Loop Parameters	71
Configuring System Services	71
Managing Licensed Features	72
Activating a License on a Switch	73
Removing a License from a Switch	73
Administering High Availability	74
Launching the High Availability Module	74
Synchronizing Services on the CP	76
Initiating a CP Failover	77
Monitoring Events	78
Displaying Fabric Events	79
Displaying Switch Events	80
Filtering Fabric and Switch Events	81
Displaying a Fabric Topology Report	83
Displaying the Name Server Entries	84
Physically Locating a Switch Using Beaconing	86
Maintaining Configurations and Firmware	87
Maintaining Configurations	87
Backing Up a Configuration File	88
Restoring a Configuration	89
Performing a Firmware Download	90
Managing Your Ports	93
Viewing and Managing Ports Using Web Tools	93
Port Management Module Components	95
Identifying Controllable Ports	96
Configuring Ports	97
Configuring FC Ports	97
Configuring FCIP Ports	98
Configuring GbE Ports	99
Enabling and Disabling a Port	101
Persistent Enabling and Disabling Ports	102
Enabling and Disabling NPIV Ports	103
Activating Ports	104
Swapping Port Index	105
Administering ISL Trunking	107
About Interswitch Link Trunking	107
Displaying Trunk Group Information	108
Disabling or Reenabling Trunking Mode on a Port	109
Using the FCIP Tunneling Service	111
About the FCIP Tunneling Service	111
Compression	113
Fastwrite	113
Tape Pipelining	114
IKE/IPSec Policy	114
Configuring an FCIP Interswitch/Interfabric Link	117
Configuring an IKE or IPSEC Policy	117
Configuring Virtual Ports	118
Configuring Interfaces, Routes, and Tunnels	119
Enabling Persistently Disabled Ports	121
Managing the FCIP Tunneling Service	121
Managing IP Interfaces for a GbE Port	122
Managing IP Routes for a GbE Port	124
Managing FCIP Tunnels	125
Managing Administrative Domains	129
About Administrative Domains	129
Requirements for Admin Domains	129
User-Defined Admin Domains	130
System-Defined Admin Domains	130
Admin Domain Membership	131
Implementing Administrative Domains	131
Using the Admin Domain Module	132
Launching the Admin Domain Module	134
Refreshing Fabric Information	134
Refreshing Admin Domain Information	135
Saving Local Admin Domain Changes	135
Closing the Admin Domain Module	136
Creating and Populating Domains	136
Managing Administrative Domains	139
Adding and Removing Members	139
Renaming Admin Domains	141
Deleting Admin Domains	141
Administering Zoning	143
Introducing Zoning	143
Zoning and Admin Domains	144
Configuring Zoning	144
Launching the Zone Admin Module	145
Setting the Default Zoning Mode	145
Managing Zoning with WebTools	146
Refreshing Fabric Information	148
Refreshing Zone Admin Module Information	148
Saving Local Zoning Changes	149
Closing the Zone Admin Module	150
Zoning Views	150
Managing Zone Aliases	151
Creating and Populating Zone Aliases	151
Adding and Removing Members of a Zone Alias	152
Renaming Zone Aliases	152
Deleting Zone Aliases	153
Managing Zones	153
Creating and Populating Zones	153
Adding and Removing Members of a Zone	154
Renaming Zones	155
Copying Zones	155
Deleting Zones	156
Managing QuickLoops	156
Creating QuickLoops	156
Adding and Removing Members of a QuickLoop	157
Renaming QuickLoops	158
Deleting QuickLoops	158
Managing Fabric Assist Zones	159
Creating Fabric Assist Zones	159
Adding and Removing Fabric Assist Zone Members	160
Renaming Fabric Assist Zones	161
Deleting Fabric Assist Zones	161
Managing Zone Configurations	162
Creating Zone Configurations	163
Adding or Removing Zone Configuration Members	164
Renaming Zone Configurations	164
Copying Zone Configurations	165
Deleting Zone Configurations	165
Enabling Zone Configurations	165
Disabling Zone Configurations	166
Displaying Enabled Zone Configurations	167
Displaying Zone Configuration Summaries	168
Creating Configuration Analysis Reports	169
Displaying Zones Initiator/Target Accessibility	170
Managing the Zoning Database	171
Adding a WWN to Multiple Aliases, Zones, and FA Zones	172
Removing a WWN from Multiple Aliases, Zones, and FA Zones	172
Replacing a WWN in Multiple Aliases, FA Zones, and Zones	173
Searching for Zone Members	173
Clearing the Zoning Database	174
Using Zoning Wizards	174
Best Practices for Zoning	177
Monitoring Performance	179
Monitoring Performance Using Web Tools	179
Predefined Performance Graphs	180
User-Defined Graphs	184
Canvas Configurations	184
Launching the Performance Monitor Module	185
Creating Basic Performance Monitor Graphs	185
Customizing Basic Monitoring Graphs	186
Creating Advanced Performance Monitoring Graphs	188
Creating SID-DID Performance Graphs	188
Creating an SCSI vs. IP Traffic Graph	190
Creating SCSI Command Graphs	191
Creating AL_PA Error Graphs	191
Managing Performance Graphs	192
Saving Graphs to a Canvas	192
Adding Graphs to a Canvas	193
Printing Graphs	193
Modifying Graphs	194
Using the FC-FC Routing Service	195
Supported Switches for Fibre Channel Routing	195
About Fibre Channel Routing	195
McData Interoperability	196
Setting Up FC-FC Routing	197
Managing FC-FC Routing with Web Tools	198
Launching the FC Routing Module	198
Viewing and Managing LSAN Fabrics	199
Viewing and Configuring EX_Ports	200
Viewing and Configuring FCR Router Port Cost	202
Viewing and Configuring LSAN Zones	203
Viewing LSAN Devices	204
Configuring the Backbone Fabric ID	205
Working With Diagnostic Features	207
Managing Trace Dumps	207
How a Trace Dump Is Used	208
Setting Up Automatic Trace Dump Transfers	209
Disabling Automatic Trace Uploads	209
Displaying Switch Information	210
Displaying Detailed Fan Hardware Status	211
Displaying the Temperature Status	212
Displaying the Power Supply Status	212
Checking the Physical Health of a Switch	213
Interpreting Port LEDs	216
Port Icon Colors	216
LED Representations	216
SilkWorm 48000 Director LEDs	217
Administering Fabric Watch	219
Introduction to Fabric Watch	219
Using Fabric Watch with Web Tools	220
Configuring Fabric Watch Thresholds	221
Configuring Threshold Traits	221
Configuring Threshold Alarms	223
Enabling or Disabling Threshold Alarms for Individual Elements	224
Configuring Alarms for FRUs	225
Displaying Fabric Watch Alarm Information	225
Displaying an Alarm Configuration Report	225
Displaying Alarms	226
Configuring Email Notifications	227
Configuring the Email Server on a Switch	227
Configuring the Email Alert Recipient	227
Administering Extended Fabrics	229
About Extended Link Buffer Allocation	229
Configuring a Port for Long Distance	231
Administering the iSCSI Target Gateway	233
Supported Platforms for iSCSI	233
About the iSCSI Service	233
Common Functions in the iSCSI Target Gateway Admin module	234
Terminology	235
Saving Changes	237
Setting Up iSCSI Target Gateway Services	237
Launching the iSCSI Target Gateway Admin Module	238
Activating the iSCSI Feature	239
Configuring the IP Interface	239
Managing the iSCSI Virtual Targets	243
Viewing iSCSI Initiators	246
Managing Discovery Domains	247
Configuring CHAP	251
Configuring an iSCSI Fibre Channel Zone	252
Managing and Troubleshooting Accessibility	255
Routing Traffic	257
About Routing	257
Displaying FSPF Routing	258
Enabling and Disabling Dynamic Load Sharing	259
Specifying Frame Order Delivery	259
Configuring Link Cost	260
Configuring Standard Security Features	261
Creating and Maintaining User-Defined Accounts	261
Creating and Deleting User-Defined Accounts	264
Changing Account Parameters	265
Maintaining Passwords	267
Configuring Access Control List Policies	269
Configuring SNMP	272
Setting SNMP Trap Levels	273
Configuring SNMP Information	274
Managing RADIUS Service	275
Enabling and Disabling RADIUS Service	276
Configuring the RADIUS Service	277
Modifying the RADIUS Server	277
Modifying the RADIUS Server Order	278
Removing a RADIUS Server	278
Administering FICON CUP Fabrics	279
Enabling Port-Based Routing on the SilkWorm 4100 and SilkWorm 48000	280
Enabling or Disabling FMS Mode	281
Configuring FMS Parameters	282
Displaying Code Page Information	284
Displaying the Control Device State	284
Configuring CUP Port Connectivity	285
Displaying CUP Port Connectivity Configurations	286
Creating or Editing CUP Port Connectivity Configurations	288
Activating a CUP Port Connectivity Configuration	289
Copying a CUP Port Connectivity Configuration	290
Deleting a CUP Port Connectivity Configuration	290
Limitations	291
General Web Tools Limitations	291
Platform-Specific Limitations	296
Limitations of Using a Mozilla Browser	297

Match case Limit results 1 per page

1-12

Web Tools Administrator’s Guide

Publication Number: 53-0000194-01

For example, if the switch WWN is:

10:00:00:60:69:e4:24:e0

then the converted WWN for that switch in AD1 is:

50:06:06:9e:42:4e:09:01

Admin Domains and Zoning

Each Admin Domain has its own zone database, with both defined and effective zone configurations

and all related zone objects (zones, zone aliases, and zone members). Within an Admin Domain, you

can configure zoning only with the devices that are present in that Admin Domain.

Before you implement Admin Domains, you must set the default zoning mode. See

“Implementing

Administrative Domains”

on page 8-3 for additional information.

You cannot perform all zoning operations from AD255.

Role-Based Access Control

Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the role

the account has been assigned. For each role, there is a set of pre-defined permissions on the jobs and

tasks that can be performed on a fabric and its associated fabric elements.

When you log in to a switch, your user account is associated with a pre-defined role. The role that your

account is associated with determines the level of access you have on that switch and in the fabric.

Following is a description of each of the roles:

Admin

You have full access to all of the Web Tools features.

Operator

You can perform any actions on the switch that do not affect the stored configuration.

SwitchAdmin

You can perform all actions on the switch, except the following:

•

You cannot modify zoning configurations.

•

You cannot create new accounts.

•

You cannot view or change account information for any accounts. You can only

view your own account and change your account password.

ZoneAdmin

You can only create and modify zones.

FabricAdmin

You can do everything the Admin role can do except create new users.

BasicSwichAdmin

You have a subset of Admin level access.

User

You have nonadministrative access and can perform tasks such as monitoring system

activity.

For information about changing user account roles, see

“Creating and Maintaining User-Defined

Accounts”

on page 17-1.