HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R
HP StorageWorks MSA 2/8 - SAN Switch Manual
View all HP StorageWorks MSA 2/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP StorageWorks MSA 2/8 manual content summary:
- HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 1
user guide hp StorageWorks secure fabric OS version 1.0 Product Version: 1.0 First Edition (June 2003) Part Number: AA-RU57A-TE This user guide outlines how to set up the Secure Fabric OS feature in an existing Storage Area Network (SAN). Topics discussed include activating the Secure Fabric OS - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 2
herein or for incidental or consequential damages in connection with the furnishing, performance, or use of weave logo, Brocade: the Intelligent Platform for Networking Storage, SilkWorm, and SilkWorm Express, are trademarks or registered User Guide First Edition (June 2003) Part Number: AA-RU57A-TE - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 3
9 Getting Help 11 HP Technical Support 11 HP Storage Website 11 HP Authorized Reseller 11 1 Introducing Secure Fabric OS 13 Security of Management Channels 14 Secure Shell 14 Sectelnet 15 Telnet 15 Switch-to-Switch Authentication Using PKI 16 Fabric Configuration Server Switches 17 Fabric - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 4
Fabric OS to a Core Switch 2/64 41 Installing a Supported CLI Client on a Computer Workstation 45 3 Creating Secure Fabric OS Policies 47 Default Fabric and Switch Accessibility 48 Enabling Secure Changes 80 Aborting a Secure Fabric OS Transaction 81 4 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 5
the Non-FCS Switch Admin Password 97 Using Temporary Passwords 97 Creating a Temporary Password for a Switch 98 Removing a Temporary Password from a Switch 99 Resetting the Version Number and Time Stamp 100 Adding Switches and Merging Secure Fabrics 101 Troubleshooting 106 Frequently Asked - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 6
106 19 Secure Fabric OS Commands 114 20 Secure Fabric OS Commands Executable on Specific Switches When Secure Mode Is Enabled 117 21 Zoning Commands Executable on the Primary FCS Switch 118 22 Miscellaneous Commands Executable on Specific Switches 119 6 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 7
devices. ■ Manage the fabric-wide Secure Fabric OS parameters through a single switch. ■ Enable and disable Secure Fabric OS as desired. ■ Contact technical support for additional assistance. "About this Guide" topics include: ■ Overview, page 8 ■ Conventions, page 9 ■ Getting Help, page 11 Secure - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 8
Channel SAN Switches. ■ HP StorageWorks Fabric OS v3.1.x or later. Related Documentation For a list of related documents included with this product, see the "Related Documents" section of the Release Notes that came with this product. For the latest information, documentation, and firmware releases - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 9
and dialog box titles File names, application names, and text emphasis User input, command and directory names, and system responses (output and > Blue, underlined sans serif font text: http://www.hp.com Text Symbols The following symbols may be found in the text of this guide. They have the - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 10
About this Guide Note: Text set off in this manner presents commentary, sidelights, or interesting points of information. 10 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 11
still have a question after reading this guide, contact an HP authorized service provider or access our website: http://www.hp.com. HP Technical Support Telephone numbers for worldwide technical support are listed on the following HP website: http://www.hp.com/support/. From this website, select the - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 12
About this Guide 12 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 13
-to-switch authentication. This chapter provides the following information: ■ Security of Management Channels, page 14 ■ Switch-to-Switch Authentication Using PKI, page 16 ■ Fabric Configuration Server Switches, page 17 ■ Fabric Management Policy Set, page 19 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 14
supports Secure Shell (SSH), which is a fully encrypted protocol for CLI. Use of SSH requires installation of a SSH client on the host computer. It does not require a digital certificate on the switch. SSH access is configurable , HMAC-SHA1-96, HMACMD5-96. 14 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 15
telnet through the telnetd option of the configure command. You do not have to disable the switch in order to select this option. For more information about the configure command, refer to the HP StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide. Secure Fabric OS Version 1.0 User Guide 15 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 16
Installation utility (PKICERT) is provided for generating Certificate Signing Requests (CSRs) and installing digital certificates on switches. For information about how to use the PKICERT utility, see "Adding Secure Fabric OS to the Fabric" on page 22. 16 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 17
policy and is participating in the fabric acts as the Primary FCS switch, and distributes the following information to the other switches in the fabric: ■ Zoning configuration ■ Secure Fabric OS policies ■ Fabric password database ■ SNMP community strings ■ System date and time Note: The role of - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 18
FCS policy are defined as Non-FCS switches. Root and Factory accounts are disabled on Non-FCS switches. For information about customizing the FCS policy and configuration download restrictions while in Secure Mode, see "Enabling Secure Mode" on page 49. 18 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 19
OS Policies You can use Secure Fabric OS to create the following supported Secure Fabric OS policies: ■ Fabric Configuration Server (FCS) policy: This policy specifies the Primary FCS and Backup FCS switches. ■ Management Access Control (MAC) policies: These policies restrict management access to - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 20
(DCC) policies: You can use this policy to manage which Fibre Channel device ports are allowed to connect to which Fibre Channel switch ports. ■ Switch Connection Control (SCC) policy: You can use this policy to manage which switches can join the fabric. 20 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 21
to Switches Shipped with Fabric OS v3.1.x or v4.1.x, page 24 ■ Adding Secure Fabric OS to Switches that Require Upgrading, page 27 ■ Adding Secure Fabric OS to a Core Switch 2/64, page 41 ■ Installing a Supported CLI Client on a Computer Workstation, page 45 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 22
To implement Secure Fabric OS in a fabric, each switch in the fabric must have the following: ■ A compatible HP StorageWorks Core Switch 2/64 with any version of Fabric OS v4.x, follow the instructions provided under "Adding Secure Fabric OS to a Core Switch 2/64" on page 41. ■ Install a supported - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 23
OS installed on each switch in the fabric: 1. Open a CLI connection (serial or telnet) to one of the switches in the fabric. 2. Log into the switch as Admin. The default password is password. 3. Enter the version command. Example for entering the version command on an HP StorageWorks 2 Gb SAN switch - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 24
Fabric OS v4.1.x, set the Core processor ID (PID) on the v3.1.x switches accordingly. Refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide for instructions. 3. Ensure that the switch has an activated Secure Fabric OS and Zoning Software License as described - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 25
instructions on activating a license through Web Tools, refer to the HP StorageWorks Web Tools Version 3.1.x/4.1.x User Guide. To verify or activate a software license through the CLI: 1. Open a CLI connection (serial or telnet) to the switch. 2. Log into the switch as Admin. The default password - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 26
5. Contact HP to purchase the switch:admin> 7. Enter the licenseshow command to verify that the license was successfully activated. If the license is listed, the feature is immediately available (the Secure Fabric OS license displays as Security license). 26 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 27
OS v4.1.x, set the Core PID on the v2.6.1 and v3.1.x switches accordingly. Refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide for instructions. 2. Back up the configuration and upgrade the switch to Fabric OS v2.6.1, v3.1.x, or v4.1.x, as appropriate to - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 28
on setting the Core PID, refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide. If Secure Fabric OS is already implemented on a switch that is being upgraded, you can upgrade while the switch is in Secure Mode. To install the required versions of Fabric OS on - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 29
v2.6.1 or v3.1.x). For instructions on setting these passwords, refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide. To log in and change the passwords: 1. Open a CLI connection (serial or telnet) to the switch. 2. Log into the switch as Admin. The default - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 30
(named PKICERT Utility) is provided by HP and is used to generate CSRs and install digital certificates on switches. The utility must be installed on a computer workstation. To install the PKICERT utility on a Sun Solaris workstation, follow the instructions provided in the PKICERT utility ReadMe - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 31
from switches & write a CSR file 2) Install Certificates contained in a Certificate file 3) Generate a Licensed-Product/Installed- Certificates 4) Help using PKI-Cert to get & install certificates q) Quit PKI Certificate installation utility Enter choice> 1 report Secure Fabric OS Version 1.0 User - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 32
installation utility Enter choice> 1 4. Specify the desired method for entering the fabric addresses: ■ To manually enter the fabric address: a. Type 1 and press Enter. The utility prompts for the IP address or switch name of a switch in the fabric. Only one switch IP addresses or switch names, each - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 33
not cause a problem except for the time required to retrieve CSRs and load digital certificates to a very large fabric. The utility displays the success/failure of CSR retrieval. Example: PKI CERTIFICATE INSTALLATION UTILITY Retrieving CSR's from 1 fabric(s) 1. Got a CSR for Switch: Name="U3_122 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 34
INSTALLATION UTILITY 1.0.1 FUNCTIONS 1) Retrieve CSRs from switches & write a CSR file 2) Install Certificates contained in a Certificate file 3) Generate a Licensed-Product/Installed certificate file, contact HP and provide the HP provides a confirmation number nt_pki\.xml. - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 35
switches in the fabric. The utility ensures that each digital certificate is installed on the correctly corresponding switch. If the utility is run without any task argument, it defaults to Interactive User created at the PKICert installation location. The utility prompts for the function that - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 36
installation utility Enter choice> 1 4. Specify the desired method for entering the fabric addresses: ■ To manually enter the fabric address: a. Type 1 and press Enter. The utility prompts for the IP address or switch name of a switch switch must be operating and available. Only one switch - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 37
HP. Example: PKI CERTIFICATE INSTALLATION Switch primaryfcsswitch: WWN-10:00:00:60:69:11:fc:52 2. Loaded Certificate on Switch backupfcsswitch: WWN-10:00:00:60:69:11:fc:54 2 Certificates were loaded. 0 Certificate loads failed. Press Enter to Continue. Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 38
are installed on all the switches in the fabric: 1. Log into one of the switches in the fabric as Admin. 2. Display the PKI objects: ■ For Fabric OS v4.1.x, enter pkishow. If the switch is a Core Switch 2/ , displaying PKI objects on Fabric OS v4.1.x: 38 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 39
switch:admin> Displaying PKI objects on Fabric OS v2.6.1 and v3.1.x: switch : Exist switch:admin> Distributing Digital Certificates to the Switches" on page 35. If procedure for the remaining switches in the fabric. the switch segments from the fabric. rebooting the switch. In addition - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 40
: Exist CSR : Exist Certificate : Exist Root Certificate: Exist switch:admin> 4. Repeat for any other switches, as required. 5. If the switch was segmented from the fabric, log into the switch and enter the switchdisable and switchenable commands. 40 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 41
installed on the active control processor (CP) card. If the firmware is Fabric OS v4.0.0c or later, you can also enter the firmwareshow command for more detailed information about which firmware versions are installed on the partitions within both CP cards. Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 42
> 3. If the firmware version is not Fabric OS v4.1.x or later, back up the configuration and install Fabric OS v4.1.x on both CP cards. For instructions, see "Upgrading to a Compatible Version of Fabric OS" on page 28. 4. Log into one logical switch and change the account passwords from the default - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 43
certificates from HP, as described in "Obtaining the Digital Certificate File" on page 34. d. Use the PKICERT utility to load the certificates onto both logical switches, as described in "Distributing Digital Certificates to the Switches" on page 35. Secure Fabric OS Version 1.0 User Guide 43 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 44
switches, as described in "Verifying Installation of the Digital Certificates" on page 38. The pkishow command referenced in this procedure must be executed from both logical switches. If necessary, see "Re-creating PKI Objects If Required" on page 39. 44 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 45
supported only for switches running Fabric OS v4.1.x. Fabric OS v4.1.x supports any SSH client that supports version 2 of the protocol (for example, PuTTy or F-Secure). Refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide for client installation instructions - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 46
Adding Secure Fabric OS to the Fabric 46 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 47
information: ■ Default Fabric and Switch Accessibility, page 48 ■ Enabling Secure Mode, page 49 ■ Modifying the FCS Policy, page 54 ■ Creating Secure Fabric OS Policies Other Than the FCS Policy, page 58 ■ Managing Secure Fabric OS Policies, page 76 Secure Fabric OS Version 1.0 User Guide 47 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 48
- Any computer can establish an API connection to any switch in the fabric. ■ Devices: - All devices can access the management server. - Any device can connect to any Fibre Channel port in the fabric. ■ Zoning: Node WWNs can be used for WWN-based zoning. 48 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 49
information about this command, refer to the HP StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide. You can enable Secure Mode using the secmodeenable command. This command must be entered through a sectelnet, SSH, or serial connection to the switch that you want to designate as the Primary - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 50
certificate is installed on the switch. SSH can be used at any time. ■ A number of commands can be entered only from the FCS switches. See "Command Restrictions in Secure Mode" on page 117 for a list of these commands. ■ If downloading a configuration: - Download the configuration to the Primary - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 51
switch ■ User password for the fabric ■ Admin password for the Non-FCS switches Note: The Root and Factory accounts are disabled on the Non-FCS switches. All passwords are saved. The new FCS list and passwords are distributed to all switches in the fabric. Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 52
password: New FCS switch factory password: Re-enter new password: New FCS switch admin password: Re-enter new password: New FCS switch user password: Re-enter new password: New Non FCS switch admin password: Re-enter new password: Saving passwd...done. 52 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 53
Saving Defined FMPS ... done Saving Active FMPS ... done Committing configuration...done. Secure mode is enabled. Saving passwd...done. Rebooting... primaryfcs:admin> Creating Secure Fabric OS Policies Secure Fabric OS Version 1.0 User Guide 53 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 54
for any reason, the fabric is left without an FCS switch. A Primary FCS switch and one or more Backup FCS switches are designated. If the Primary FCS switch becomes unavailable for any reason, the next switch in the list becomes the Primary FCS switch. 54 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 55
From, To Where: ■ From is the position number of the FCS switch that you want to move. ■ To is the position to which you want to move the FCS switch. Note: You can also activate the command's interactive mode by entering it with no operands. Secure Fabric OS Version 1.0 User Guide 55 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 56
Primary FCS switch to the top of the list in the FCS policy. Note: Disabling a switch or removing it from the fabric does not change the order of the FCS policy. During FCS failover, all transactions in process on the current Primary FCS are aborted. 56 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 57
00:22:2c 2 fcsswitchb fcsswitchc:admin> Entering secpolicyshow from the current Primary FCS switch, "fcsswitcha": fcsswitcha:admin> secPolicyshow "active","FCS_POLICY" ACTIVE POLICY SET FCS_POLICY Pos Primary fcsswitchc fcsswitcha:admin> logout Secure Fabric OS Version 1.0 User Guide 57 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 58
of the configuration file, which contains all the Secure Fabric OS information. For more information about this command, refer to the HP StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide. Policy members can be specified by device port WWN, switch WWN, Domain IDs, or switch WWN, depending - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 59
If IP addresses are used, you can use "0" in an octet to indicate that any number can be matched for that octet. For example, 192.168.11.0 would allow access for by device ports using Management Server ■ Access through switch serial ports and front panels Secure Fabric OS Version 1.0 User Guide 59 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 60
must contain all members of the FCS policy, to ensure consistent read/write access to the Primary FCS switch. Table 4 lists the expected read and write behaviors resulting from combinations of the RSNMP and WSNMP policies. host can write Only B can write 60 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 61
read Only B can write This combination is not supported. If the WSNMP policy is not defined the or SSH session, log into the Primary FCS switch as Admin. 2. Enter the following: secpolicycreate "0" in an octet to indicate that any number can be matched in that octet. 3. To User Guide 61 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 62
workstations that can use sectelnet or SSH to connect to the fabric. The policy is named TELNET as soon as a digital certificate is installed on the switch, and SSH. It does not pertain to in the API, HTTP, or SERIAL policies to provide some form of access to the switch. If you want to restrict - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 63
. Only specified hosts can connect by sectelnet or SSH to the fabric. To create a telnet policy: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the "192.168.5.0" TELNET_POLICY has been created. primaryfcs:admin> Secure Fabric OS Version 1.0 User Guide 63 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 64
HTTP connections to the switches in switch as Admin. 2. Enter the following: secpolicycreate policy_name, "member;...;member" Where: ■ policy_name is HTTP_POLICY. ■ member is one or more IP addresses in dot-decimal notation. You can enter "0" in an octet to indicate that any number User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 65
and contains a list of the IP addresses that are allowed to establish an API connection to switches in the fabric. The possible API policy states are shown in Table 7. Table enter "0" in an octet to indicate that any number can be matched in that octet. Secure Fabric OS Version 1.0 User Guide 65 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 66
24" to establish an API connection to any switch in the fabric: primaryfcs:admin> configuration and control functions can be performed only by requesters that are directly connected to the Primary FCS switch SSH session, log into the Primary FCS switch as Admin. 2. Enter the following: - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 67
policy Policy with no entries Policy with entries Characteristics All serial ports of the switches in the fabric are enabled. All serial ports of the switches in the fabric are disabled. Only specified switches can be accessed through the serial ports. Secure Fabric OS Version 1.0 User Guide 67 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 68
to Secure Fabric OS Policies" on page 77. Example, creating a SERIAL_POLICY that allows serial port access to a switch that has a WWN of 12:24:45:10:0a:67:00:40: primaryfcs:admin> secPolicyCreate "SERIAL_POLICY", "12:24:45:10:0a:67:00:40" SERIAL_POLICY has been created. primaryfcs:admin> Front - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 69
FRONTPANEL_POLICY. ■ member is a switch WWN, domain ID, or switch name. If a domain ID or switch name is used to specify a switch, the associated switch must be present in the fabric ", "3; 4" FRONTPANEL_POLICY has been created. primaryfcs:admin> Secure Fabric OS Version 1.0 User Guide 69 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 70
zoning. To create an Options policy: 1. Log into the Primary FCS switch as Admin from a sectelnet or SSH session. 2. Enter the following: the change to affect current transactions, disable then re-enable the switch by entering the switchdisable and switchenable commands. This stops any current - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 71
or area number) ■ deviceWWN;switchname(port or area number) By default, all device ports are allowed to connect to all switch ports; no DCC policies exist until they are created by the administrator. The possible DCC policy states are shown in Table 12. Secure Fabric OS Version 1.0 User Guide 71 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 72
by port or area number. Designating ports automatically includes the devices currently attached to those ports. The ports can be specified using any of the following syntax methods: (1-6) Selects ports 1 through 6. (*) Selects all ports on the switch. 72 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 73
and port 1 and port 3 of switch domain 1: primaryfcs:admin> secPolicyCreate "DCC_POLICY_server all ports of switch domain 2, and all currently connected devices of switch domain 2: cc, ports 1-4 of switch domain 4, and all devices currently connected to ports 1-4 of switch domain 4: primaryfcs:admin - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 74
secpolicycreate SCC_POLICY, "member;...;member" Where member indicates a switch that you want to be able to join the fabric. Switches can be specified by WWN, Domain ID, or switch name. You can enter an asterisk (*) to indicate all switches in the fabric. 74 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 75
Fabric OS Policies" on page 77 and "Activating Changes to Secure Fabric OS Policies" on page 77. Example, creating an SCC policy that allows switches that have Domain IDs 2 and 4 to join the fabric: primaryfcs:admin> secPolicyCreate "SCC_POLICY", "2;4" primaryfcs:admin> Secure Fabric OS Version - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 76
. Once the policy has at least one member, that aspect of the fabric becomes closed to access by all devices/switches that are not listed in that policy. ■ Removing a Member from a Policy, page 79 Remove one or more time changes were saved or activated. 76 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 77
SSH session, log into the Primary FCS switch as Admin. 2. Enter the secpolicysave command. Example: primaryfcs:admin> secPolicySave Committing configuration...done. Saving Define FMPS ... done primaryfcs: volatile memory only, and are lost upon rebooting. Secure Fabric OS Version 1.0 User Guide 77 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 78
the change immediately, enter the secpolicyactivate command. Example, adding a member to the MS_POLICY using the device WWN: primaryfcs:admin> secPolicyAdd "MS_POLICY", "12:24:45:10:0a:67:00:40" Member(s) have been added to MS_POLICY. primaryfcs:admin> 78 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 79
from the FCS_POLICY, because a Primary FCS switch must be designated. To remove a member 12:24:45:10:0a:67:00:40 from MS policy: primaryfcs:admin> secPolicyRemove "MS_POLICY","12:24:45:10:0a:67:00:40" Member(s) have been removed from MS_POLICY. primaryfcs:admin> Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 80
. To abort all unsaved changes: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the secpolicyabort command. All changes since the last time the secpolicysave or secpolicyactivate commands were entered are aborted. 80 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 81
makes it possible to abort a transaction that has become frozen due to a failed host (if a switch goes down, the transaction aborts by default). This command cannot be used to abort an active transaction. Transaction has been aborted. primaryfcs:admin> Secure Fabric OS Version 1.0 User Guide 81 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 82
Creating Secure Fabric OS Policies 82 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 83
and Resetting Secure Fabric OS Statistics, page 90 ■ Managing Passwords, page 94 ■ Resetting the Version Number and Time Stamp, page 100 ■ Adding Switches and Merging Secure Fabrics, page 101 ■ Troubleshooting, page 106 ■ Frequently Asked Questions, page 108 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 84
Fabric OS statistics, see "Displaying and Resetting Secure Fabric OS Statistics" on page 12:53 2 Ready 192.168.100.147 "backup" Primary 10:00:00:60:69:22:32:83 3 Ready 192.168.100.135 "primaryfcs" Secured switches in the fabric: 3 primaryfcs:admin> 84 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 85
the Secure Fabric OS policy database: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the following: secpolicydump listtype, policy_name Where: ■ listtype is the type of Secure both the Active and Defined Policy Sets. Secure Fabric OS Version 1.0 User Guide 85 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 86
command to view information about one or more specified Secure Fabric OS policies. This command displays information with page breaks. 86 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 87
specific Secure Fabric OS policy: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the following: secpolicyshow listtype, policy_name Where: ■ listtype is the type of Showing the active version of the FCS policy. Secure Fabric OS Version 1.0 User Guide 87 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 88
The command displays the status of Secure Mode, the version number and time stamp, and the list of switches in the FCS policy. Example: primaryfcs:admin> secmodeshow Secure Mode Position of switch in FCS list "Yes" if switch is Primary FCS, "no" if not. 88 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 89
Managing Secure Fabric OS Table 14: Secure Mode Information Column Heading WWN DId swName Indicates WWN of each FCS switch Domain ID of each FCS switch Switch name of each FCS switch Secure Fabric OS Version 1.0 User Guide 89 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 90
of attempted violations to the Serial policy. The number of attempted violations to the Front Panel policy. The number of attempted violations to the SCC policy. The number of attempted violations to the DCC policy. The number of invalid logins attempts. 90 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 91
switch-to-switch authentication process. Displaying Secure Fabric OS Statistics You can use the secstatsshow command to display statistics for one or all Secure Fabric OS policies, depending on the operand entered. This command can be issued on any switch. Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 92
secstatsshow "MS_POLICY" Name Value MS 20 primaryfcs:admin> Resetting Secure Fabric OS Statistics You can use the secstatsreset command to reset statistics for a particular policy or all policies to zero. This command can be issued on any switch. Recording and resetting the statistics allows you to - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 93
counters. Are you sure (yes, y, no, n):[no] y Security statistics reset to zero. primaryfcs:admin> Resetting the DCC_POLICY statistics on domains 1 and 69: primaryfcs:admin> secstatsreset "DCC_POLICY", "1;69" Reset DCC_POLICY statistic. primaryfcs:admin> Secure Fabric OS Version 1.0 User Guide 93 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 94
recovering lost passwords, refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide. This section provides the following information: ■ Modifying Passwords in Secure Mode, page 96 - Modifying the FCS Switch Passwords or the Fabric-wide User Password, page 96 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 95
FCS switch. Available on FCS switches only. However, can temporarily enable Root and Factory accounts on Non-FCS switches by creating a temporary password. Password is common to all FCS switches; can modify using passwd command on the Primary FCS switch. Secure Fabric OS Version 1.0 User Guide 95 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 96
OS database. Any existing telnet connections to the switches are terminated and must be re-initiated if access is required. Example: primaryfcs:admin> passwd For username - admin Old password: New password: Re-enter new password: For username - user New password: Re-enter new passwd: primaryfcs - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 97
. Any existing Admin-level telnet connections to these Non-FCS switches are terminated. Example: primaryfcs:admin> secnonfcspasswd Non FCS switch password: Re-enter new password: Committing configuration...done. primaryfcs:admin> Using Temporary Passwords You can create and remove a temporary - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 98
ID of 2: primaryfcs:admin> sectemppasswdset 2, "admin" Set remote switch admin password: swimming Re-enter remote switch admin password: swimming Committing configuration........done Password successfully set for domain 2 for admin. primaryfcs:admin> 98 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 99
the fabric. Example, removing a temporary password for the Admin account from a switch that has a Domain ID of 2. switch:admin> sectemppasswdreset 2, "admin" Committing configuration.....done Password successfully reset on domain 2 for admin switch:admin> Secure Fabric OS Version 1.0 User Guide 99 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 100
reset the time stamp of a fabric to zero: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the secversionreset command. If the fabric contains no FCS switch, you can enter the secversionreset command on any switch. 100 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 101
a fabric is merged, the Security policy set, Zoning configuration, password information, and SNMP community strings are overwritten by the fabric to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide. Table 17 indicates the results of moving switches in and out - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 102
is Backup FCS. Segments unless FCS policies are identical. If policies are identical, switch is Non-FCS. Segments from fabric. If moved into a non-secure fabric: Segments from fabric. Segments from fabric. Segments from fabric. Standard operation. 102 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 103
OS v4.1.x, the switches running v2.6.1 or v3.1.x must have the Core PID set to "1". This parameter is available through the configure command; for more information about the Core PID, refer to the HP StorageWorks Fabric Operating System Procedures Version 3.1.x/4.1.x User Guide. Secure Fabric OS - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 104
Management Server services that are enabled and disabled are consistent across all the switches to be merged. For information about Management Server support provided by Fabric OS, refer to the HP StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide. 5. Ensure that all switches to be merged - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 105
final Primary FCS switch has the desired Secure Fabric OS policy set, Zoning configuration, password information, and SNMP community strings. For information about managing Zoning configurations, refer to the HP StorageWorks Fabric Zoning Version 3.1.x/4.1.x User Guide (AA-RS26C-TE). 12. Verify that - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 106
Policy" on page 59 for instructions). Reassign the Primary FCS role to a Backup FCS switch by entering the secfcsfailover command on the switch that you want to become the new Primary FCS switch. Troubleshoot the previous Primary FCS switch as required. 106 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 107
fabrics, see the instructions under "Adding Switches and Merging Secure Fabrics" on page 101. Likely Problem Port may be disabled. The new policy was not saved or activated. Incorrect policy name used. SCC_POLICY is excluding the segmented switches. Management Server services on the segmented - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 108
about certification, and is located at http://www.cert.org. Which switches and fabrics support Secure Fabric OS? Any HP StorageWorks switch that is running Fabric OS v2.6.1, v3.1.x, or v4.1.x, as appropriate to the switch. Secure Fabric OS may be implemented across fabrics containing any mixture of - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 109
policy. Management Access What version of SSH and the SSH clients does Fabric OS v4.1.x support? Fabric OS v4.1.x supports version 2 of the SSH protocol. Any SSH client that supports version 2 of the protocol is supported. For example, PuTTy or F-Secure. Secure Fabric OS Version 1.0 User Guide 109 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 110
already has a digital certificate, follow the instructions for verifying the PKI objects. Do all switches already have a digital certificate? No, only switches that were shipped with v3.1.x or v4.1.x installed have digital certificates. For switches that are upgraded, follow the procedures provided - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 111
. Before merging fabrics, back up the zoning configurations and ensure that the switch that will succeed as the Primary FCS switch has the desired zoning configuration. Passwords What if I forget the Root password? See "Managing Passwords" on page 94. Secure Fabric OS Version 1.0 User Guide 111 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 112
Managing Secure Fabric OS 112 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 113
switch. This appendix provides the following information: ■ Secure Fabric OS Commands, page 114 ■ Command Restrictions in Secure Mode, page 117 For more detailed information about commands, refer to the HP StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide. Secure Fabric OS Version 1.0 User - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 114
Mode ■ Fail over the Primary FCS switch ■ Create and modify Secure Fabric OS policies ■ View all Secure Fabric OS-related information ■ Modify passwords ■ Create and remove temporary passwords ■ View and reset Secure Fabric OS statistics ■ View and reset version stamp information Most Secure Fabric - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 115
is already enabled unless all the FCS switches have failed. Shows current mode of Secure Fabric Non-FCS Admin account password. See "Modifying the Non-FCS Switch Admin Password" on page 97. in the FCS list. See "Changing the Position of a Switch Within the FCS Policy" on page 55. Removes members - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 116
on page 99. Sets a temporary password for a switch. See "Creating a Temporary Password for a Switch", on page 98. Aborts the current Secure Fabric OS transaction. See "Aborting a Secure Fabric OS Transaction" on page 81. Resets version stamp. See "Resetting the Version Number and Time Stamp" on page - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 117
No No Yes No No No Non-FCS switch No No Yes No Not unless all FCS switches in the fabric become unavailable, in which case this command can be entered on any switch in the fabric. Yes No No No No No No No No No No Secure Fabric OS Version 1.0 User Guide 117 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 118
20: Secure Fabric OS Commands Executable on Specific Switches When Secure Mode Is Enabled (Continued) Command secpolicyshow secstatsreset secstatsshow sectemppasswdreset sectemppasswdset sectransabort secversionreset Primary FCS switch zoneshow 118 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 119
switch Yes, except cannot modify community strings. Yes, except cannot modify community strings. Not recommended. The Zoning and Secure Fabric OS configurations are not uploaded if entered on a non-FCS switch. Yes No Yes No Yes No No No Yes No Yes No Yes No Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 120
Miscellaneous Commands Executable on Specific Switches (Continued) Command tsclockserver tsclockserver ipaddr wwn (display only-cannot modify WWNs in Secure Mode) Primary FCS switch Yes Yes Backup FCS switch Yes No Yes Yes Non-FCS switch Yes No Yes 120 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 121
removing Fabric OS capability, involves the addition of new switches to the fabric that do not support Secure Fabric OS. Disabling Secure Mode includes the following OS License on Each Switch, page 125 ■ Uninstalling Related Items from the Host, page 126 Secure Fabric OS Version 1.0 User Guide 121 - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 122
Fabric OS statistics, enter the secstatsshow command. ■ Evaluate the Zoning configuration and other aspects of the fabric for any changes that could be longer in use. ■ Educate users to minimize security risks and the impact of any security violations. 122 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 123
commands. For more information about these commands, refer to the HP StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide. You can disable Secure Mode only through a sectelnet, SSH, or serial connection to the Primary FCS switch. When Secure Mode is disabled, all current login sessions are - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 124
OS Capability Example: primaryfcs:admin> secmodedisable Warning!!! About to disable security. ARE YOU SURE (yes, y, no, n): [no] y Committing configuration...done. Removing Active FMPS... done Removing Defined FMPS... done Disconnecting current session. primaryfcs:admin> 124 Secure Fabric OS - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 125
. Note: If the user installs and activates a feature licence and then removes the license, the feature is not disabled until the next time the system is rebooted or a switch enable or switch disable is performed. To deactivate the software license: 1. Open a CLI connection (serial or telnet) to the - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 126
panel or just delete the folder. On a Sun Solaris host, you can use the rm command to remove the folder. 126 Secure Fabric OS Version 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 127
audience 8 authentication 16 authorized reseller, HP 11 C commands miscellaneous 119 secfcsfailover Fabric OS Version 1.0 User Guide Index Index index sectransabort related documentation 8 F failover of Primary FCS role 56 FCS switches about 17 Non-FCS 18 Fibre Channel Industry Association website - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 128
11 HP authorized reseller 11 storage array systems website 8 storage website 11 technical support 11 website 11 HTTP policy, about 64 I installing 30 65 Front Panel MAC 68 HTTP MAC 64 Management Server MAC 66 RSNMP 60 Serial Port 67 SNMP MAC 60 Telnet MAC 62 WSNMP 60 R recovery 106 1.0 User Guide - HP StorageWorks MSA 2/8 | HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 129
45 text symbols 9 troubleshooting 106 Index U upgraded switches 27 V version stamp about 100 resetting 100 W websites Carnegie Mellon software engineering institute 108 Fibre Channel Industry Association 8 HP home 11 HP storage 11 HP storage array systems 8 HP technical support 11 WSNMP policy
user guide
hp
StorageWorks
secure fabric OS version 1.0
Product Version:
1.0
First Edition (June 2003)
Part Number:
AA–RU57A–TE
This user guide outlines how to set up
the Secure Fabric OS feature in an existing Storage Area
Network (SAN). Topics discussed include activating the Secure Fabric OS license and creating
Secure Fabric policies.