HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 50

Creating Secure Fabric OS Policies The following restrictions apply when Secure Mode is enabled: ■ Standard telnet cannot be used after Secure Mode is enabled. However, sectelnet can be used as soon as a digital certificate is installed on the switch. SSH can be used at any time. ■ A number of commands can be entered only from the FCS switches. See "Command Restrictions in Secure Mode" on page 117 for a list of these commands. ■ If downloading a configuration: - Download the configuration to the Primary FCS switch. A configuration downloaded to a Backup FCS switch or Non-FCS switch is overwritten by the next fabric-wide update from the Primary FCS switch. - The active FCS policy in the configdownload file must be identical to the active FCS policy already implemented in the fabric. The active FCS policy cannot be modified by downloading a configuration with different information. - The defined FCS policy in the configdownload file must have at least one switch in common with the fabric's defined FCS policy. - If the configuration file is modified in a text editor, maintain both a Defined and an Active Security Policy Set (do not delete either). For information about displaying the existing Secure Fabric OS policies, see "Managing Secure Fabric OS Policies" on page 76. To enable Secure Mode in the fabric: Note: Enabling Secure Mode fastboots all the switches in the fabric. 1. Ensure that all switches in the fabric have the following items: ■ Fabric OS v2.6.1, v3.1.x, or v4.1.x ■ An activated Secure Fabric OS license ■ An activated Zoning license ■ Digital certificate 2. Ensure that any zoning configuration downloads have completed on all switches in the fabric. 50 Secure Fabric OS Version 1.0 User Guide