HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 17

Fabric Configuration Server Switches, Secure Fabric OS policies

Get HP StorageWorks MSA 2/8 - SAN Switch PDF manuals and user guides View all HP StorageWorks MSA 2/8 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Introducing Secure Fabric OS Fabric Configuration Server Switches Fabric Configuration Server (FCS) switches are one or more switches that you specify as trusted switches (switches that are in a physically secure area) for use in managing Secure Fabric OS. These switches should be both electronically and physically secure. You can specify a Primary FCS switch and one or more Backup FCS switches, to provide failover ability in case the Primary FCS switch fails. You specify the FCS switches by listing their WWNs in a specific policy called the FCS policy. The first switch that is listed in this policy and is participating in the fabric acts as the Primary FCS switch, and distributes the following information to the other switches in the fabric: ■ Zoning configuration ■ Secure Fabric OS policies ■ Fabric password database ■ SNMP community strings ■ System date and time Note: The role of the FCS switch is separate from the role of the principal switch, which assigns Domain IDs. The role of the principle switch is not affected by whether Secure Mode is enabled. When Secure Mode is enabled, only the Primary FCS switch can propagate management changes to the fabric. When a new switch joins the fabric, the Primary FCS switch verifies the digital certificate and then provides the current configuration, overwriting the existing configuration of the new switch. Because the Primary FCS distributes the zoning configuration, zoning databases do not merge when new switches join the fabric. Instead, the zoning information on the new switches is overwritten when the Primary FCS downloads zoning to these switches, if Secure Mode is enabled on all the switches. For more information about merging fabrics, see "Adding Switches and Merging Secure Fabrics" on page 101. The remaining switches listed in the FCS policy act as Backup FCS switches. If the Primary FCS switch becomes unavailable for any reason, the next switch in the list becomes the Primary FCS switch. A minimum of one Backup FCS switch is strongly recommended to reduce the possibility of having no Primary FCS Secure Fabric OS Version 1.0 User Guide 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
Introducing Secure Fabric OS
17
Secure Fabric OS Version 1.0 User Guide
Fabric Configuration Server Switches
Fabric Configuration Server (FCS) switches are one or more switches that you
specify as
trusted
switches (switches that are in a physically secure area) for use in
managing Secure Fabric OS. These switches should be both electronically and
physically secure. You can specify a Primary FCS switch and one or more Backup
FCS switches, to provide failover ability in case the Primary FCS switch fails.
You specify the FCS switches by listing their WWNs in a specific policy called
the FCS policy. The first switch that is listed in this policy and is participating in
the fabric acts as the Primary FCS switch, and distributes the following
information to the other switches in the fabric:
Zoning configuration
Secure Fabric OS policies
Fabric password database
SNMP community strings
System date and time
Note:
The role of the FCS switch is separate from the role of the principal switch, which
assigns Domain IDs. The role of the principle switch is not affected by whether Secure
Mode is enabled.
When Secure Mode is enabled, only the Primary FCS switch can propagate
management changes to the fabric. When a new switch joins the fabric, the
Primary FCS switch verifies the digital certificate and then provides the current
configuration, overwriting the existing configuration of the new switch.
Because the Primary FCS distributes the zoning configuration, zoning databases
do not merge when new switches join the fabric. Instead, the zoning information
on the new switches is overwritten when the Primary FCS downloads zoning to
these switches, if Secure Mode is enabled on all the switches. For more
information about merging fabrics, see “
Adding Switches and Merging Secure
Fabrics
” on page 101.
The remaining switches listed in the FCS policy act as Backup FCS switches. If
the Primary FCS switch becomes unavailable for any reason, the next switch in
the list becomes the Primary FCS switch. A minimum of one Backup FCS switch
is strongly recommended to reduce the possibility of having no Primary FCS