FW V06.XX/HAFM SW V08.02.00 HP StorageWorks SAN High Availability Planning Guide (AA-RS2DD-TE, July 2004)
Table Of Contents
- SAN HA Planning Guide
- Contents
- About this Guide
- Introduction to HP Fibre Channel Products
- Product Management
- Planning Considerations for Fibre Channel Topologies
- Fibre Channel Topologies
- Planning for Point-to-Point Connectivity
- Characteristics of Arbitrated Loop Operation
- Planning for Private Arbitrated Loop Connectivity
- Planning for Fabric-Attached Loop Connectivity
- Planning for Multi-Switch Fabric Support
- Fabric Topologies
- Planning a Fibre Channel Fabric Topology
- Fabric Topology Design Considerations
- FICON Cascading
- Physical Planning Considerations
- Port Connectivity and Fiber-Optic Cabling
- HAFM Appliance, LAN, and Remote Access Support
- Inband Management Access (Optional)
- Security Provisions
- Optional Features
- Configuration Planning Tasks
- Task 1: Prepare a Site Plan
- Task 2: Plan Fibre Channel Cable Routing
- Task 3: Consider Interoperability with Fabric Elements and End Devices
- Task 4: Plan Console Management Support
- Task 5: Plan Ethernet Access
- Task 6: Plan Network Addresses
- Task 7: Plan SNMP Support (Optional)
- Task 8: Plan E-Mail Notification (Optional)
- Task 9: Establish Product and HAFM Appliance Security Measures
- Task 10: Plan Phone Connections
- Task 11: Diagram the Planned Configuration
- Task 12: Assign Port Names and Nicknames
- Task 13: Complete the Planning Worksheet
- Task 14: Plan AC Power
- Task 15: Plan a Multi-Switch Fabric (Optional)
- Task 16: Plan Zone Sets for Multiple Products (Optional)
- Index
Configuration Planning Tasks
187SAN High Availability Planning Guide
Task 9: Establish Product and HAFM Appliance Security
Measures
Effective network security measures are recommended for directors, switches,
and the HAFM appliance. Physical access to the network should be limited and
monitored, and password control should be strictly enforced.
When planning security measures, consider the following:
■ Directors, switches, and the HAFM appliance are installed on a LAN segment
and can be accessed by attached devices (including devices connected
through a remote LAN). Access from remote devices is limited by installing
the HAFM appliance and managed products in a secure physical network
domain. HP recommends this approach.
■ Access to products is possible through the maintenance port. This connection
is for use by authorized service personnel only and should be carefully
monitored.
■ The number of remote workstations with access to the HAFM appliance and
managed products can and should be restricted. Obtain IP addresses for
workstations that should have exclusive access. Ensure that adequate security
measures are established for the configured workstations.
■ Carefully manage users (up to 16) who have access to the HAFM and Element
Manager applications, and assign user names, passwords, and user rights.
■ Ensure that adequate security controls are established for remote access
software, including the Embedded Web Server.