Home » HP Manuals » Storage Devices » HP StorageWorks 2/140 » Manual Viewer

HP StorageWorks 2/140 FW 08.01.00 McDATA Products in a SAN Environment Plannin - Page 57

Security Features, Port binding, Password protection, Remote user restrictions

View all HP StorageWorks 2/140 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Security Features Introduction to McDATA Multi-Protocol Products 1 • Port binding - Directors and fabric switches support an optional feature that binds an attached Fibre Channel device to a specified product port through the device's WWN. NOTE: SAN routers support port binding only for R_Ports. SAN management and Element Manager applications offer the following security features for McDATA switching products. Products or product classes that do not support a security feature are noted. • Password protection - Users must provide a user name and password to log in to the management server and access all managed products. Administrators can configure user names and passwords for up to 16 users, and can authorize or prohibit specific management permissions for each user. • Remote user restrictions - Remote user access to all managed products is either disabled or restricted to configured IP addresses. • SNMP workstation restrictions - Remote users on SNMP workstations can only access management information base (MIB) variables managed by the product SNMP agent. SNMP workstations must belong to SNMP communities configured through the Element Manager application. If configured, the agent can send authorization failure traps when unauthorized SNMP workstations attempt to access a managed product. • Port blocking - System administrators can restrict device access by blocking or unblocking any director or fabric switch port through the associated Element Manager application. NOTE: SAN routers do not support port blocking. • Audit log tracking - Configuration changes to a director or fabric switch are recorded in an audit log stored on the management server. Users can display the audit log through the Element Manager application. Log entries include the date and time of the configuration change, a description of the change, and the source of the change. NOTE: SAN routers do not support audit log tracking. Introduction to McDATA Multi-Protocol Products 1-31

Section	Page
Cover	1
Introduction to McDATA Multi-Protocol Products	27
Product Overview	28
Multi-Protocol Hardware	28
SAN Management Applications	31
Directors	32
Director Performance	33
Intrepid 6064 Director	34
Intrepid 6140 Director	36
Intrepid 10000 Director	38
Fabric Switches	40
Fabric Switch Performance	41
Sphereon 3232 Fabric Switch	41
Sphereon 4300 Fabric Switch	42
Sphereon 4400 Fabric Switch	44
Sphereon 4500 Fabric Switch	45
Sphereon 4700 Fabric Switch	47
SAN Routers	48
SAN Router Performance	49
Eclipse 1620 SAN Router	50
Eclipse 2640 SAN Router	52
Product Features	54
Connectivity Features	54
Security Features	57
Serviceability Features	58
Product Management	63
Product Management	64
Out-of-Band Management	64
Inband Management	67
Management Interface Summary	68
Management Server Support	69
Management Server Specifications	70
Ethernet Hub	72
Remote User Workstations	72
Product Firmware	73
Firmware Services	74
Backup and Restore Features	75
SAN Management Applications	77
SANavigator and EFCM Applications	77
SANvergence Manager Application	80
EFCM Basic Edition Interface	82
Command Line Interface	83
Planning Considerations for Fibre Channel Topologies	85
Fibre Channel Topologies	85
Characteristics of Arbitrated Loop Operation	86
Shared Mode Versus Switched Mode	87
Public Versus Private Devices	90
Public Versus Private Loops	92
FL_Port Connectivity	94
Planning for Private Arbitrated Loop Connectivity	94
Planning for Fabric-Attached Loop Connectivity	95
Connecting FC-AL Devices to a Switched Fabric	95
Server Consolidation	96
Tape Device Consolidation	97
Fabric Topologies	98
Mesh Fabric	98
Core-to-Edge Fabric	100
SAN Islands	102
Planning for Multiswitch Fabric Support	102
Fabric Topology Limits	103
Factors to Consider When Implementing a Fabric Topology	104
General Fabric Design Considerations	113
Fabric Initialization	113
Fabric Performance	114
Fabric Availability	121
Fabric Scalability	123
Obtaining Professional Services	124
Mixed Fabric Design Considerations	124
FCP and FICON in a Single Fabric	125
Multiple Data Transmission Speeds in a Single Fabric	135
FICON Cascading	136
High-Integrity Fabrics	137
Minimum Requirements	137
FICON Cascading Best Practices	138
Implementing SAN Internetworking Solutions	143
SAN Island Consolidation	144
Flexible Partitioning Technology	146
SAN Routing	150
Implementing BC/DR Solutions	178
Extended-Distance Operational Modes	179
SAN Extension Transport Technologies	181
Distance Extension Through BB_Credit	191
Intelligent Port Speed	193
Distance Extension Best Practices	197
Consolidating and Integrating iSCSI Servers and Storage	200
iSCSI Protocol	201
iSCSI Server Consolidation	202
iSCSI Storage Consolidation	203
Physical Planning Considerations	205
Port Connectivity and Fiber-Optic Cabling	205
Port Requirements	206
SFP Optical Transceivers	208
Extended-Distance Ports	210
High-Availability Considerations	210
Fibre Channel Cables and Connectors	211
Routing Fiber-Optic Cables	212
Management Server, LAN, and Remote Access Support	213
Management Server	214
Remote User Workstations	215
SNMP Management Workstations	217
EFCM Basic Edition Interface	218
Security Provisions	219
Password Protection	219
SANtegrity Authentication	220
SANtegrity Binding	223
PDCM Arrays	224
Preferred Path	227
Zoning	229
Server and Storage-Level Access Control	233
Security Best Practices	234
Optional Feature Keys	237
Inband Management Access	239
Flexport Technology	240
SANtegrity Authentication	240
SANtegrity Binding	240
OpenTrunking	241
Full Volatility	242
Full Fabric	242
Remote Fabric	243
N_Port ID Virtualization	243
Element Manager Application	243
Configuration Planning Tasks	245
Task 1: Prepare a Site Plan	246
Task 2: Plan Fibre Channel Cable Routing	247
Task 3: Consider Interoperability with Fabric Elements and End Devices	248
Task 4: Plan Console Management Support	249
Task 5: Plan Ethernet Access	251
Task 6: Plan Network Addresses	251
Task 7: Plan SNMP Support (Optional)	254
Task 8: Plan E-Mail Notification (Optional)	255
Task 9: Establish Product and Server Security Measures	255
Task 10: Plan Phone Connections	256
Task 11: Diagram the Planned Configuration	256
Task 12: Assign Port Names and Nicknames	257
Rules for Port Names	257
Rules for Nicknames	258
Task 13: Complete the Planning Worksheet	258
Task 14: Plan AC Power	272
Task 15: Plan a Multiswitch Fabric (Optional)	273
Task 16: Plan Zone Sets for Multiple Products (Optional)	274
Task 17: Plan SAN Routing (Optional)	275
Task 18: Complete Planning Checklists	278
Product Specifications	283
Director, Fabric Switch, and SAN Router Specifications	283
Dimensions	283
Power Requirements	285
Heat Dissipation	287
Clearances	287
Acoustical Noise and Physical Tolerances	288
Storage and Shipping Environment	288
Operating Environment	289
FC-512 Fabricenter Cabinet Specifications	289
Dimensions	290
Power Requirements	290
Clearances	290
Cabinet Footprint	290
Firmware Summary	293
System-Related Differences	293
Fibre Channel Protocol-Related Differences	295
Management-Related Differences	297
Index	305
A	305
B	305
C	306
D	307
E	308
F	309
G	310
H	310
I	311
J	311
L	312
M	312
N	313
O	313
P	313
R	315
S	315
T	317
V	318
W	318