Home » HP Manuals » Storage Devices » HP StorageWorks 2/24 » Manual Viewer

HP StorageWorks 2/24 FW 07.00.00/HAFM SW 08.06.00 McDATA Products in a SAN Env - Page 223

Manager EFCM, SANavigator, CLI, and SANpilot management, Port DHCHAP authentication, CT authentication

View all HP StorageWorks 2/24 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 223 highlights

Physical Planning Considerations 5 The fabric element transmits a random value (used only once), an ID value (incremented at each login), and a shared CHAP secret (16-byte random value) to the server. The server concatenates the random value, ID value, and CHAP secret, and calculates a oneway message digest (also called a hash value). The hash value is transmitted to the authenticator (fabric element). The fabric element then builds the same concatenated string and compares the result with the value received from the server. If the values match, the connection is authenticated. • Port DHCHAP authentication - Enhanced security for device connections and ISLs is provided through Diffie-Hellman challenge handshake authentication protocol (DHCHAP). A fabric element uses DHCHAP to authenticate any device (node) that attempts a node port (N_Port) connection and any director or switch that attempts an expansion port (E_Port) connection. This ensures only authorized devices can be added to the fabric. DHCHAP is an authentication protocol based on transmission of a one-way hash value (comprised of a sequentially-incremented ID value and CHAP secret). Because the hash cannot be reversed to discover the CHAP secret, the protocol provides protection from discovery through the network. • CT authentication - Common transport (CT) authentication authorizes management server access to fabric elements through the open-system management server (OSMS) interface. The feature is software-enforced and allows an attached fabric to authenticate the OSMS management application. A single shared secret is configured for each fabric-attached director or switch (because OSMS is a fabric service that assumes all attached fabric elements are authenticated). The same secret is used by the management application. • PCP user database - All authentication users are configured in a product control point (PCP) user database. The database includes usernames, passwords, and authorized interfaces for management server and device access. The database controls password authentication for Enterprise Fabric Connectivity Manager (EFCM), SANavigator, CLI, and SANpilot management interfaces. The database also controls CHAP and CT authentication for Fibre Channel ports. Physical Planning Considerations 5-17

Section	Page
Contents	3
Preface	13
Introduction to McDATA Multi-Protocol Products	27
Product Overview	28
Multi-Protocol Hardware	28
SAN Management Applications	31
Directors	32
Director Performance	33
Intrepid 6064 Director	34
Intrepid 6140 Director	36
Intrepid 10000 Director	38
Fabric Switches	41
Fabric Switch Performance	41
Sphereon 3232 Fabric Switch	42
Sphereon 4300 Fabric Switch	43
Sphereon 4500 Fabric Switch	44
SAN Routers	46
SAN Router Performance	47
Eclipse 1620 SAN Router	48
Eclipse 2640 SAN Router	50
Product Features	51
Connectivity Features	52
Security Features	54
Serviceability Features	55
Product Management	61
Product Management	62
Out-of-Band Management	62
Inband Management	65
Management Interface Summary	66
Management Server Support	67
Management Server Specifications	68
Ethernet Hub	70
Remote User Workstations	70
Product Firmware	71
Firmware Services	72
Backup and Restore Features	73
SAN Management Applications	75
SANavigator and EFCM Applications	75
SANvergence Manager Application	81
SANpilot Interface	84
Command Line Interface	86
Planning Considerations for Fibre Channel Topologies	87
Fibre Channel Topologies	87
Characteristics of Arbitrated Loop Operation	88
Shared Mode Versus Switched Mode	89
Public Versus Private Devices	92
Public Versus Private Loops	94
FL_Port Connectivity	96
Planning for Private Arbitrated Loop Connectivity	96
Planning for Fabric-Attached Loop Connectivity	97
Connecting FC-AL Devices to a Switched Fabric	97
Server Consolidation	98
Tape Device Consolidation	99
Fabric Topologies	100
Mesh Fabric	100
Core-to-Edge Fabric	102
SAN Islands	104
Planning for Multiswitch Fabric Support	104
Fabric Topology Limits	105
Factors to Consider When Implementing a Fabric Topology	106
General Fabric Design Considerations	115
Fabric Initialization	116
Fabric Performance	117
Fabric Availability	123
Fabric Scalability	125
Obtaining Professional Services	126
Mixed Fabric Design Considerations	126
FCP and FICON in a Single Fabric	127
Multiple Data Transmission Speeds in a Single Fabric	137
FICON Cascading	138
High-Integrity Fabrics	139
Minimum Requirements	140
FICON Cascading Best Practices	141
Implementing SAN Internetworking Solutions	145
SAN Island Consolidation	146
Flexible Partitioning Technology	148
SAN Routing	152
Implementing BC/DR Solutions	180
Extended-Distance Operational Modes	181
SAN Extension Transport Technologies	183
Distance Extension Through BB_Credit	193
Intelligent Port Speed	195
Distance Extension Best Practices	199
Consolidating and Integrating iSCSI Servers and Storage	202
iSCSI Protocol	203
iSCSI Server Consolidation	204
iSCSI Storage Consolidation	205
Physical Planning Considerations	207
Port Connectivity and Fiber-Optic Cabling	207
Port Requirements	208
SFP Optical Transceivers	209
Extended-Distance Ports	212
High-Availability Considerations	212
Fibre Channel Cables and Connectors	212
Routing Fiber-Optic Cables	214
Management Server, LAN, and Remote Access Support	215
Management Server	215
Remote User Workstations	217
SNMP Management Workstations	219
SANpilot Interface	220
Security Provisions	221
Password Protection	221
SANtegrity Authentication	222
SANtegrity Binding	225
PDCM Arrays	226
Preferred Path	229
Zoning	231
Server and Storage-Level Access Control	235
Security Best Practices	236
Optional Feature Keys	239
Inband Management Access	241
Flexport Technology	242
SANtegrity Authentication	243
SANtegrity Binding	243
OpenTrunking	243
Full Volatility	244
Full Fabric	245
Remote Fabric	245
CNT WAN Support	246
Element Manager Application	246
Configuration Planning Tasks	249
Task 1: Prepare a Site Plan	250
Task 2: Plan Fibre Channel Cable Routing	251
Task 3: Consider Interoperability with Fabric Elements and End Devices	252
Task 4: Plan Console Management Support	253
Task 5: Plan Ethernet Access	254
Task 6: Plan Network Addresses	255
Task 7: Plan SNMP Support (Optional)	258
Task 8: Plan E-Mail Notification (Optional)	259
Task 9: Establish Product and Server Security Measures	259
Task 10: Plan Phone Connections	260
Task 11: Diagram the Planned Configuration	261
Task 12: Assign Port Names and Nicknames	261
Task 13: Complete the Planning Worksheet	262
Task 14: Plan AC Power	276
Task 15: Plan a Multiswitch Fabric (Optional)	277
Task 16: Plan Zone Sets for Multiple Products (Optional)	278
Task 17: Plan SAN Routing (Optional)	279
Task 18: Complete Planning Checklists	282
Product Specifications	287
Director, Fabric Switch, and SAN Router Specifications	287
Dimensions	287
Power Requirements	289
Heat Dissipation	290
Clearances	290
Acoustical Noise and Physical Tolerances	292
Storage and Shipping Environment	292
Operating Environment	293
FC-512 Fabricenter Cabinet Specifications	293
Dimensions	293
Power Requirements	294
Clearances	294
Cabinet Footprint	294
Firmware Summary	297
System-Related Differences	297
Fibre Channel Protocol-Related Differences	299
Management-Related Differences	301

Match case Limit results 1 per page

Physical Planning Considerations

5-17

Physical Planning Considerations

The fabric element transmits a random value (used only once), an

ID value (incremented at each login), and a shared CHAP secret

(16-byte random value) to the server. The server concatenates the

random value, ID value, and CHAP secret, and calculates a one-

way message digest (also called a hash value). The hash value is

transmitted to the authenticator (fabric element). The fabric

element then builds the same concatenated string and compares

the result with the value received from the server. If the values

match, the connection is authenticated.

•

Port DHCHAP authentication -

Enhanced security for device

connections and ISLs is provided through Diffie-Hellman

challenge handshake authentication protocol (DHCHAP). A

fabric element uses DHCHAP to authenticate any device (node)

that attempts a node port (N_Port) connection and any director or

switch that attempts an expansion port (E_Port) connection. This

ensures only authorized devices can be added to the fabric.

DHCHAP is an authentication protocol based on transmission of

a one-way hash value (comprised of a sequentially-incremented

ID value and CHAP secret). Because the hash cannot be reversed

to discover the CHAP secret, the protocol provides protection

from discovery through the network.

•

CT authentication -

Common transport (CT) authentication

authorizes management server access to fabric elements through

the open-system management server (OSMS) interface. The

feature is software-enforced and allows an attached fabric to

authenticate the OSMS management application. A single shared

secret is configured for each fabric-attached director or switch

(because OSMS is a fabric service that assumes all attached fabric

elements are authenticated). The same secret is used by the

management application.

•

PCP user database -

All authentication users are configured in a

product control point (PCP) user database. The database includes

usernames, passwords, and authorized interfaces for

management server and device access. The database controls

password authentication for Enterprise Fabric Connectivity

Manager (EFCM), SANavigator, CLI, and SANpilot management

interfaces. The database also controls CHAP and CT

authentication for Fibre Channel ports.