HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 19

Fabric Management Policy Set, Available Secure Fabric OS Policies

Get HP StorageWorks MSA 2/8 - SAN Switch PDF manuals and user guides View all HP StorageWorks MSA 2/8 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

Introducing Secure Fabric OS Fabric Management Policy Set Secure Fabric OS supports the creation of a number of specific policies that you can use to customize specific aspects of the fabric. Each supported policy is recognized by a specific name. By default, only the FCS policy exists when Secure Mode is first enabled. You can create, display, modify, and delete the Secure Fabric OS policies. You can also create and save a policy without activating it immediately, to allow implementation at a future time. Once you save policy changes, the new policies are persistent, meaning that they are saved in flash memory and remain available after switch reboot or power cycle. The group of existing policies is referred to as the Fabric Management Policy Set (FMPS), which includes an Active Policy Set and a Defined Policy Set. The Active Policy Set contains the policies that are activated and currently in effect. The Defined Policy Set contains all the policies that have been defined, whether activated or not. Both policy sets are distributed to all switches in the fabric by the Primary FCS switch. You can create and manage the Secure Fabric OS policies by CLI or Fabric Manager. Available Secure Fabric OS Policies You can use Secure Fabric OS to create the following supported Secure Fabric OS policies: ■ Fabric Configuration Server (FCS) policy: This policy specifies the Primary FCS and Backup FCS switches. ■ Management Access Control (MAC) policies: These policies restrict management access to switches. The following specific MAC policies are provided: - Read and Write SNMP policies: Restrict which SNMP hosts are allowed read and write access to the fabric. - Telnet policy: Restricts the workstations that can use sectelnet or SSH to connect to the fabric (telnet is not available when Secure Fabric OS is enabled). - HTTP policy: Restricts the workstations that can use HTTP to access the fabric. - API policy: Restricts the workstations that can use API to access the fabric. Secure Fabric OS Version 1.0 User Guide 19

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
Introducing Secure Fabric OS
19
Secure Fabric OS Version 1.0 User Guide
Fabric Management Policy Set
Secure Fabric OS supports the creation of a number of specific policies that you
can use to customize specific aspects of the fabric. Each supported policy is
recognized by a specific name. By default, only the FCS policy exists when
Secure Mode is first enabled.
You can create, display, modify, and delete the Secure Fabric OS policies. You can
also create and save a policy without activating it immediately, to allow
implementation at a future time. Once you save policy changes, the new policies
are persistent, meaning that they are saved in flash memory and remain available
after switch reboot or power cycle.
The group of existing policies is referred to as the Fabric Management Policy Set
(FMPS), which includes an Active Policy Set and a Defined Policy Set. The
Active Policy Set contains the policies that are activated and currently in effect.
The Defined Policy Set contains all the policies that have been defined, whether
activated or not. Both policy sets are distributed to all switches in the fabric by the
Primary FCS switch.
You can create and manage the Secure Fabric OS policies by CLI or Fabric
Manager.
Available Secure Fabric OS Policies
You can use Secure Fabric OS to create the following supported Secure Fabric OS
policies:
Fabric Configuration Server (FCS) policy: This policy specifies the Primary
FCS and Backup FCS switches.
Management Access Control (MAC) policies: These policies restrict
management access to switches. The following specific MAC policies are
provided:
Read and Write SNMP policies: Restrict which SNMP hosts are allowed
read and write access to the fabric.
Telnet policy: Restricts the workstations that can use sectelnet or SSH to
connect to the fabric (telnet is not available when Secure Fabric OS is
enabled).
HTTP policy: Restricts the workstations that can use HTTP to access the
fabric.
API policy: Restricts the workstations that can use API to access the
fabric.