HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 413

Data protection, FCS policy, DCC policies, IPFilter policy, Switch name, Domain ID, Switch port WWN

Get HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays PDF manuals and user guides View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 413 highlights

NOTE: FTP is not a secure protocol. File contents are in clear text during transfer, including remote login information. This limitation affects the following commands: saveCore, configUpload, configDownload, and firmwareDownload. IPFilter policy The B-series IPFilter policy applies a set of rules to IP management interfaces as a packet filtering firewall. The firewall permits or denies traffic through the IP management interfaces according to policy rules. Consider the following when setting IPFilter policies: • Fabric OS supports multiple IPFilter policies, which can be defined at the same time. Each policy is identified by name and has an associated IPFilter type (IPv4 or IPv6). Do not mix IPFilter and IP address types. You can have up to six IPFilter policies defined, but only one IPFilter policy for each IPFilter type can be activated on the management IP interface. • Audit messages are generated for changes to the IPFilter policies. • The IPFilter policy rules are examined one by one in a list until the end of the list is reached. • To ensure optimal performance, the most important rules should be listed first. Data protection This section describes features for data protection with B-series Fabric OS. Fibre Channel ACLs B-series Fabric OS uses ACLs to restrict access to data resources based on defined policies. Fabric OS provides the following policies: • FCS policy-Determines which switches can change fabric configurations • DCC policies-Determines which Fibre Channel device ports can connect to which switch ports • SCC policy-Determines which switches can join with another switch • IPFilter policy-Filters traffic based on IP addresses Each supported policy is identified by name; only one policy of each type can exist (except for DCC policies). Table 196 describes the methods for identifying policy numbers. Table 196 Methods for identifying policy numbers Policy Device port WWN Switch port WWN Domain ID Switch name FCS_POLICY No Yes Yes Yes DCC_POLICY_nnn Yes Yes Yes Yes SCC_POLICY No Yes Yes Yes SAN Design Reference Guide 413

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
NOTE:
FTP is not a secure protocol. File contents are in clear text during transfer, including remote login
information. This limitation affects the following commands:
saveCore
,
configUpload
,
configDownload
, and
firmwareDownload
.
IPFilter policy
The B-series IPFilter policy applies a set of rules to IP management interfaces as a packet filtering
firewall. The firewall permits or denies traffic through the IP management interfaces according to
policy rules.
Consider the following when setting IPFilter policies:
Fabric OS supports multiple IPFilter policies, which can be defined at the same time. Each policy
is identified by name and has an associated IPFilter type (IPv4 or IPv6). Do not mix IPFilter and IP
address types. You can have up to six IPFilter policies defined, but only one IPFilter policy for each
IPFilter type can be activated on the management IP interface.
Audit messages are generated for changes to the IPFilter policies.
The IPFilter policy rules are examined one by one in a list until the end of the list is reached.
To ensure optimal performance, the most important rules should be listed first.
Data protection
This section describes features for data protection with B-series Fabric OS.
Fibre Channel ACLs
B-series Fabric OS uses ACLs to restrict access to data resources based on defined policies.
Fabric OS provides the following policies:
FCS policy
Determines which switches can change fabric configurations
DCC policies
Determines which Fibre Channel device ports can connect to which switch ports
SCC policy
Determines which switches can join with another switch
IPFilter policy
Filters traffic based on IP addresses
Each supported policy is identified by name; only one policy of each type can exist (except for DCC
policies).
Table 196
describes the methods for identifying policy numbers.
Table 196 Methods for identifying policy numbers
Switch name
Domain ID
Switch port WWN
Device port
WWN
Policy
Yes
Yes
Yes
No
FCS_POLICY
Yes
Yes
Yes
Yes
DCC_POLICY_nnn
Yes
Yes
Yes
No
SCC_POLICY
SAN Design Reference Guide
413