HP StorageWorks 8/20q HP StorageWorks 8/20q Fibre Channel Switch Installation - Page 27

8/20q Fibre Channel Switch Installation and Reference Guide

27

The SSL handshake process between the workstation and the switch involves the exchanging of certificates.

These certificates contain the public and private keys that define the encryption. When the SSL service is

enabled, a certificate is automatically created on the switch. The workstation validates the switch certificate

by comparing the workstation date and time to the switch certificate creation date and time. For this

reason, it is important to synchronize the workstation and switch with the same date, time, and time zone.

The switch certificate is valid 24 hours before its creation date and 365 days after its creation date. If the

certificate should become invalid, create a new certificate using the

create certificate

CLI

command. For information about the

create certificate

CLI command, see the

HP StorageWorks

8/20q Fibre Channel Switch Command Line Interface Guide

.

NOTE:

Simple SAN Connection Manager version 1.0 does not support the SSL service. If SSL is enabled,

you will be unable to manage the switch using this version of Simple SAN Connection Manager.

Consider your requirements for connection security: for the command line interface (SSH), management

applications (SSL), or both. If an SSL connection security is required, also consider using the Network Time

Protocol (NTP) to synchronize workstations and switches.

Device security

Device security provides for the authorization and authentication of devices that you attach to a switch. You

can configure a switch with a group of devices against which the switch authorizes new attachments by

devices, other switches, or devices issuing management server commands. Device security is configured

through the use of security sets and groups. Use the CLI to configure device security. For more information

about device security configuration, see the

HP StorageWorks 8/20q Fibre Channel Switch Command Line

Interface Guide

.

A group is a list of device worldwide names that are authorized to attach to a switch. There are three types

of groups: one for other switches (ISL), another for devices (port), and a third for devices issuing

management server commands (MS).

A security set is a set of up to three groups with no more than one of each group type. The security

configuration is made up of all security sets on the switch. The security database has the following limits:

•

Maximum number of security sets is 4.

•

Maximum number of groups is 16.

•

Maximum number of members in a group is 1,000.

•

Maximum total number of group members is 1,000.

In addition to authorization, the switch can be configured to require authentication to validate the identity

of the connecting switch, device, or host. Authentication can be performed locally using the switch’s

security database, or remotely using a RADIUS server such as Microsoft RADIUS. With a RADIUS server,

the security database for the entire fabric resides on the server. In this way, the security database can be

managed centrally, rather than on each switch. You can configure up to five RADIUS servers to provide

failover.

You can configure the RADIUS server to authenticate just the switch or both the switch and the initiator

device if the device supports authentication. When using a RADIUS server, every switch in the fabric must

have a network connection. A RADIUS server can also be configured to authenticate user accounts as

described in ”

User account security

” on page 26. A secure connection is required to authenticate user

logins with a RADIUS server. For more information, see ”

Connection security

” on page 26.

Consider the devices, switches, and management agents and evaluate the need for authorization and

authentication. Also consider whether the security database is to be distributed on the switches or

centralized on a RADIUS server and how many servers to configure. Use the CLI to configure RADIUS

servers. For more information about RADIUS server configuration, see the

HP StorageWorks 8/20q Fibre

Channel Switch Command Line Interface Guide

.

Section	Page
Contents	3
About this guide	7
Intended audience	7
Related documentation	7
Document conventions and symbols	8
Table 1 Document conventions	8
Rack stability	9
HP technical support	9
Customer self repair	9
Product warranties	9
Subscription service	9
HP web sites	10
Documentation feedback	10
General description	11
Figure 1 8/20q Fibre Channel Switch	11
Switch LEDs and controls	12
Figure 2 Switch LEDs and controls	12
Input power LED (green)	12
Heartbeat LED (green)	12
System fault LED (amber)	12
Maintenance button	13
Resetting a switch	13
Placing the switch in maintenance mode	13
Fibre Channel ports	14
Figure 3 Fibre Channel ports	14
Port LEDs	14
Figure 4 Port LEDs	14
Port Logged-in LED (green)	14
Port Activity LED (green)	15
Transceivers	15
Port types	15
Table 2 Fibre Channel port types	15
Ethernet port	16
Figure 5 Ethernet port	16
Serial port	16
Figure 6 Serial port and pin identification	16
Table 3 Serial port pin identification	17
Power supply and fans	17
Switch management	17
QuickTools web applet	18
Simple SAN Connection Manager	18
Command line interface	18
Simple Network Management Protocol	18
Storage Management Initiative–Specification (SMI-S)	18
File transfer protocols	18
Planning	19
Devices	19
Device access	19
Table 4 Zoning database limits	20
Performance	20
Distance	20
Bandwidth	20
Latency	21
Table 5 Port-to-port latency	21
Feature licenses	21
Multiple switch fabrics	21
Optimizing device performance	21
Domain ID, principal priority, and domain ID lock	22
Common topologies	22
Transparent routing	23
Switch services	24
Security	26
User account security	26
IP security	26
Port binding	26
Connection security	26
Device security	27
Fabric management	28
Installation	29
Site requirements	29
Management Station and Workstation requirements	29
Table 6 Management station requirements for Simple SAN Connection Manager	29
Table 7 Workstation requirements for QuickTools	30
Switch power requirements	30
Environmental conditions	30
Installing a switch	30
Mount the switch	31
Before you begin	31
Collect the required items	32
Verify the kit contents	32
Table 8 8/20q Fibre Channel Switch rack mount kit hardware	32
Rack the switch	33
Figure 7 Attaching the rails to the switch	33
Figure 8 Installing the rear mounting brackets	33
Figure 9 Installing the switch and rail assembly	33
Figure 10 Fastening the rail to the front of the rack	34
Figure 11 Fastening the rail to the rear mounting bracket	34
Figure 12 Installing the filler panel	34
Install the transceivers	35
Configure the workstation	35
Configuring the workstation IP address for Ethernet connections	35
Configuring the workstation serial port	35
Apply power to the switch	36
Connect the management station or workstation to the switch	37
Figure 13 Management station and workstation cable connections	37
Configure the switch	37
Simple SAN Connection Manager switch configuration	37
QuickTools switch configuration	37
CLI switch configuration	38
Cable devices to the switch	38
Installing firmware	38
Using QuickTools to install firmware	39
Using the CLI to install firmware	39
One-step firmware installation	40
Custom firmware installation	41
Adding a switch to an existing fabric	41
Installing feature license keys	42
Configuring Call Home to HP Services (optional)	42
Role of the Remote Support Software Manager	42
Role of OSEM and versions required	42
Installation instructions and documentation for SIM, RSP, OSEM, and ISEE	43
RSP requirements for the CMS	43
Infrastructure requirements for implementing Call Home to HP Services	44
Configuring Call Home to HP services	44
Diagnostics and troubleshooting	47
Switch diagnostics	47
Figure 14 Switch LEDs	47
Input power LED is extinguished	47
System fault LED is illuminated	48
Power-On self test diagnostics	48
Heartbeat LED blink patterns	48
Internal firmware failure blink pattern	48
Fatal POST error blink pattern	49
Configuration file system error blink pattern	49
Over-temperature blink pattern	49
Logged-in LED indications	50
Figure 15 Logged-in LED	50
E_Port isolation	50
Excessive port errors	51
Transceiver diagnostics	52
Recovering a switch using maintenance mode	53
Exiting the maintenance menu (option 0)	53
Unpacking a firmware image file in maintenance mode (option 1)	54
Resetting the network configuration in maintenance mode (option 2)	54
Resetting user accounts in maintenance mode (option 3)	54
Copying log files in maintenance mode (option 4)	54
Removing the switch configuration in maintenance mode (option 5)	54
Remaking the file system in maintenance mode (option 6)	54
Resetting the switch in maintenance mode (option 7)	55
Updating the boot loader in maintenance mode (option 8)	55
Regulatory compliance and safety	57
Regulatory compliance	57
Federal Communications Commission notice for Class A equipment	57
Cables	57
Laser device	57
Laser safety warning	57
Certification and classification information	58
Laser product label	58
Figure 16 Class 1 laser product label	58
International notices and statements	58
Canadian notice (avis Canadien)	58
European Union regulatory notice	59
Japanese notice	59
Korean notice	59
Taiwan notice	59
Electrostatic discharge	61
How to prevent electrostatic discharge	61
Grounding methods	61
Technical specifications	63
General specifications	63
Table 9 General specifications	63
Maintainability features	64
Table 10 Maintainability features	64
Fabric management specifications	65
Table 11 Fabric management specifications	65
Weight and physical dimensions	65
Table 12 Switch physical dimensions	65
Electrical specifications	65
Table 13 Electrical specifications	65
Environmental requirements	66
Table 14 Environmental requirements	66
Factory configuration defaults	67
Factory switch configuration	67
Table 15 Switch configuration defaults	67
Factory port configuration	68
Table 16 Port configuration defaults	68
Factory port threshold alarm configuration	69
Table 17 Port threshold alarm configuration defaults	69
Factory zoning configuration	69
Table 18 Zoning configuration defaults	69
Factory SNMP configuration	70
Table 19 SNMP configuration defaults	70
Factory switch services configuration	70
Table 20 Services configuration defaults	70
Factory DNS host name configuration	71
Table 21 DNS host name configuration defaults	71
Factory IP version 4 Ethernet configuration	71
Table 22 IP version 4 Ethernet configuration defaults	71
Factory IP version 6 Ethernet configuration	71
Table 23 IP version 6 Ethernet configuration defaults	71
Factory event logging configuration	72
Table 24 Event logging configuration defaults	72
Factory NTP server configuration	72
Table 25 NTP server configuration defaults	72
Factory timer configuration	72
Table 26 Timer configuration defaults	72
Factory RADIUS configuration	73
Table 27 RADIUS configuration defaults	73
Factory security configuration	73
Table 28 Security configuration defaults	73
Factory Call Home configuration	74
Table 29 Call Home service configuration defaults	74
Glossary	75
Index	79
Numerics	79
A	79
B	79
C	79
D	79
E	79
F	79
G	80
H	80
I	80
L	80
M	80
N	80
O	80
P	80
Q	81
R	81
S	81
T	81
U	81
V	81
W	81

HP StorageWorks 8/20q HP StorageWorks 8/20q Fibre Channel Switch Installation - Page 27

Device security

Page 27 highlights