Home » HP Manuals » Storage Devices » HP Surestore 64 » Manual Viewer

HP Surestore 64 FW 05.01.00 and SW 07.01.00 HP StorageWorks SAN High Availabil - Page 33

Security Features, SNMP workstation restrictions

Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

Introduction to HP Fibre Channel Products ■ State change notification - Directors and switches support a state change notification function that allows attached N_Ports to request notification when other N_Ports change operational state. ■ Port binding - Directors and switches support a feature that binds an attached Fibre Channel device to a specified port through the device's World Wide Name (WWN). Security Features The HAFM and Product Manager applications offer the following security features: ■ Password protection - Users must provide a user name and password to log in to the HAFM server and access managed directors and switches. Administrators can configure user names and passwords for up to 16 users, and can authorize or prohibit specific management permissions for each user. ■ Remote user restrictions - Remote user access to directors and switches is either disabled or restricted to configured IP addresses. ■ SNMP workstation restrictions - SNMP workstations can only access management information base (MIB) variables managed by a director or switch SNMP agent. SNMP workstations must belong to SNMP communities configured through the HAFM application or EWS interface. If configured, the agent can send authorization failure traps when unauthorized SNMP workstations attempt to access a director or switch. ■ Audit log tracking - Configuration changes to a director or switch are recorded in an audit log stored on the HAFM server, where they are accessible to users for display. Log entries include the date and time of the configuration change, a description of the change, and the source of the change. ■ Port blocking - System administrators can block or unblock any port to restrict device access to a director or switch. ■ Zoning - System administrators can create zones that provide director or switch access control to increase network security, differentiate between operating systems, and prevent data loss or corruption. Zoning can be implemented in conjunction with server-level access control and storage device access control. SAN High Availability Planning Guide 33

Section	Page
Contents	3
About this Guide	9
Overview	10
Intended Audience	10
Related Documentation	10
Conventions	11
Document Conventions	11
Table 1: Document Conventions	11
Text Symbols	12
Equipment Symbols	12
Rack Stability	13
Getting Help	14
HP Technical Support	14
HP Storage Website	14
HP Authorized Reseller	14
Introduction to HP Fibre Channel Products	15
Product Overview	15
Figure 1: Rack-mount HP products	17
Directors	18
Director Performance	19
Director 2/64	21
Figure 2: Director 2/64 (front view)	21
Figure 3: Director 2/64 (rear view)	22
Director 2/140	23
Figure 4: Director 2/140 (front view)	23
Figure 5: Director 2/140 (rear view)	24
Edge Switches	25
Edge Switch Performance	25
Edge Switch 2/16	26
Figure 6: Edge Switch 2/16 (front view)	26
Figure 7: Edge Switch 2/16 (rear view)	27
Edge Switch 2/24	28
Figure 8: Edge Switch 2/24 (front view)	28
Figure 9: Edge Switch 2/24 (rear view)	29
Edge Switch 2/32	30
Figure 10: Edge Switch 2/32 (front view)	30
Figure 11: Edge Switch 2/32 (rear view)	31
Product Features	32
Connectivity Features	32
Security Features	33
Serviceability Features	34
Product Management	37
Product Management	38
Figure 12: Out-of-band product management	39
Figure 13: Inband product management	40
HAFM Server Description	41
Figure 14: HAFM Server	41
HAFM Server Specifications	42
Ethernet Hub	43
Figure 15: HP Ethernet hub	43
Remote User Workstations	43
Product Firmware	44
Backup and Restore Features	45
Product Software	47
Management Services Application	47
Graphical User Interface	48
HAFM Application	48
Products View	49
Figure 16: Products View	49
Fabrics View	51
Figure 17: Fabrics View - Topology tab	51
Figure 18: Fabrics View - Zone Set tab	52
Product Manager Application	53
Figure 19: Hardware View	53
Embedded Web Server Interface	54
Figure 20: View Panel (Embedded Web Server interface)	55
Command Line Interface	56
Planning Considerations for Fibre Channel Topologies	57
Fibre Channel Topologies	58
Planning for Point-to-Point Connectivity	59
Characteristics of Arbitrated Loop Operation	60
Shared Mode Versus Switched Mode	60
Figure 21: Shared mode operation	61
Figure 22: Switched mode operation	62
Public Versus Private Devices	62
Figure 23: Public device connectivity	63
Figure 24: Private device connectivity	64
Public Versus Private Loops	65
Figure 25: Public loop connectivity	65
Figure 26: Private loop connectivity	66
Planning for Private Arbitrated Loop Connectivity	66
Shared Mode Operation	67
Figure 27: Shared Mode operation and logical equivalent	67
Figure 28: 20-Device private arbitrated loop	68
Switched Mode Operation	70
Figure 29: Switched mode operation and logical equivalent	70
Figure 30: Switched mode operation with eight independent looplets	71
Planning for Fabric-Attached Loop Connectivity	73
Connecting a SAN to a Switched Fabric	73
Figure 31: Arbitrated loop to switched fabric connectivity	74
Figure 32: ISL bandwidth limitation	75
Server Consolidation	76
Figure 33: Server consolidation	76
Tape Device Consolidation	77
Figure 34: Tape drive consolidation	77
Planning for Multi-Switch Fabric Support	78
Figure 35: Example multi-switch fabric	78
Fabric Topology Limits	79
Factors to Consider When Implementing a Fabric Topology	80
Table 2: ISL Transfer Rate versus Fabric Port Availability (Two-Director Fabric)	82
Fabric Topologies	89
Cascaded Fabric	89
Figure 36: Cascaded fabric	90
Ring Fabric	91
Figure 37: Ring fabric	91
Mesh Fabric	92
Figure 38: Full mesh fabric	92
Core-to-Edge Fabric	94
Figure 39: 2-by-14 Core-to-Edge fabric	94
Figure 40: 4-by-12 Core-to-Edge fabric	95
Fabric Island	96
Planning a Fibre Channel Fabric Topology	97
Fabric Performance	97
I/O Requirements	98
Application I/O Profiles	98
ISL Oversubscription	99
Figure 41: ISL oversubscription	99
Device Locality	100
Figure 42: Device locality	101
Device Fan-Out Ratio	101
Figure 43: Device fan-out ratio	102
Performance Tuning	102
Figure 44: Fabric performance tuning	103
Fabric Availability	104
Redundant Fabrics	105
Figure 45: Redundant fabrics	106
Fabric Scalability	107
Obtaining Professional Services	107
Fabric Topology Design Considerations	107
Large Fabric Design Implications	107
FCP and FICON in a Single Fabric	108
Director or Switch Management	109
Port Numbering Versus Port Addressing	110
Figure 46: Director 2/64 port numbers and logical port addresses	110
Management Limitations	111
Protocol Intermix Recommendations	112
Multiple Data Transmission Speeds in a Single Fabric	114
Physical Planning Considerations	115
Port Connectivity and Fiber-Optic Cabling	116
Port Requirements	116
Optical Transceivers	117
Data Transmission Distance	118
Cost Effectiveness	118
Device or Cable Restrictions	118
Extended-Distance Ports	119
High-Availability Considerations	119
Cables and Connectors	120
Cables	120
Director and Switch Connectors	121
Figure 47: SFP transceiver and LC duplex connector	121
Routing Fiber-Optic Cables	121
HAFM Server, LAN, and Remote Access Support	122
HAFM Server	122
HAFM Server Connectivity	123
Connectivity Planning Considerations	124
Remote User Workstations	124
Figure 48: Typical network configuration (one Ethernet connection)	126
Figure 49: Typical network configuration (two Ethernet connections)	127
SNMP Management Workstations	128
Web Browser Access	128
Inband Management Access (Optional)	129
Security Provisions	131
Password Protection	131
Table 3: Types of User Rights	131
Name Server Zoning	132
Figure 50: Product zoning	132
Benefits of Zoning	133
Configuring Zones	133
Joining Zoned Fabrics	135
Factors to Consider When Implementing Zoning	136
Server and Storage-Level Access Control	136
Obtaining Professional Services	137
Optional Features	138
Inband Management Console Access	139
Open Systems Management Server	139
FICON Management Server	139
Flexport Technology	140
SANtegrity Binding	140
Enterprise Fabric Mode	141
SANtegrity Binding Planning Considerations	142
Open Trunking	142
Figure 51: Open Trunking configuration	142
Configuration Planning Tasks	145
Task 1: Prepare a Site Plan	146
Table 4: Physical Planning and Hardware Installation Tasks	148
Table 5: Operational Setup Tasks	149
Task 2: Plan Fibre Channel Cable Routing	151
Task 3: Consider Interoperability with Fabric Elements and End Devices	152
Task 4: Plan Console Management Support	153
Task 5: Plan Ethernet Access	154
Task 6: Plan Network Addresses	155
Task 7: Plan SNMP Support (Optional)	156
Task 8: Plan E-Mail Notification (Optional)	157
Task 9: Establish Product and HAFM Server Security Measures	157
Task 10: Plan Phone Connections	158
Task 11: Diagram the Planned Configuration	158
Task 12: Assign Port Names and Nicknames	158
Rules for Port Names	159
Rules for Nicknames	159
Task 13: Complete the Planning Worksheet	159
Task 14: Plan AC Power	164
Task 15: Plan a Multi-Switch Fabric (Optional)	165
Task 16: Plan Zone Sets for Multiple Products (Optional)	166
Index	167
A	167
B	167
C	167
D	168
E	168
F	168
G	169
H	169
I	170
J	170
L	170
M	170
N	170
O	171
P	171
R	172
S	172
T	173
U	173
W	173

Match case Limit results 1 per page

Introduction to HP Fibre Channel Products

SAN High Availability Planning Guide

■

State change notification —

Directors and switches support a state change

notification function that allows attached N_Ports to request notification when

other N_Ports change operational state.

■

Port binding —

Directors and switches support a feature that binds an

attached Fibre Channel device to a specified port through the device’s World

Wide Name (WWN).

Security Features

The

HAFM

and

Product Manager

applications offer the following security

features:

■

Password protection —

Users must provide a user name and password to log

in to the HAFM server and access managed directors and switches.

Administrators can configure user names and passwords for up to 16 users,

and can authorize or prohibit specific management permissions for each user.

■

Remote user restrictions —

Remote user access to directors and switches is

either disabled or restricted to configured IP addresses.

■

SNMP workstation restrictions —

SNMP workstations can only access

management information base (MIB) variables managed by a director or

switch SNMP agent. SNMP workstations must belong to SNMP communities

configured through the

HAFM

application or EWS interface. If configured,

the agent can send authorization failure traps when unauthorized SNMP

workstations attempt to access a director or switch.

■

Audit log tracking —

Configuration changes to a director or switch are

recorded in an audit log stored on the HAFM server, where they are accessible

to users for display. Log entries include the date and time of the configuration

change, a description of the change, and the source of the change.

■

Port blocking —

System administrators can block or unblock any port to

restrict device access to a director or switch.

■

Zoning —

System administrators can create zones that provide director or

switch access control to increase network security, differentiate between

operating systems, and prevent data loss or corruption. Zoning can be

implemented in conjunction with server-level access control and storage

device access control.