Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsComputer AccessoriesHP StorageWorks 2/8-EL 2/16 w/V3.1 Document Kit
21222324252627282930
Secure Fabric OS Administrator’s Guide 1-5
Publication Number 53-1000244-01
1
Because the primary FCS switch distributes the zoning configuration, zoning databases do not merge
when new switches join the fabric. Instead, the zoning information on the new switches is overwritten
when the primary FCS switch downloads zoning to these switches, if secure mode is enabled on all of
them. For more information about zoning, see the Fabric OS Administrator’s Guide. For more
information about merging fabrics, see “Adding Switches and Merging Fabrics with Secure Mode
Enabled” on page 4-13.
The remaining switches listed in the FCS policy act as backup FCS switches. If the primary FCS switch
becomes unavailable for any reason, the next switch in the list becomes the primary FCS switch. You
should have at least one backup FCS switch, to reduce the possibility of having no primary FCS switch
available. You can designate as many backup FCS switches as you like; however, all FCS switches
should be physically secure.
Any switches not listed in the FCS policy are defined as non-FCS switches. The root and factory
accounts are disabled on non-FCS switches.
For information about customizing the FCS policy, see “Enabling Secure Mode” on page 3-2. For
information about configuration download restrictions while in secure mode, see “Enabling Secure
Mode” on page 3-2.
Fabric Management Policy Set
Using Secure Fabric OS, you can create several types of policies to customize various aspects of the
fabric. By default, only the FCS policy exists when secure mode is first enabled. Use the CLI or Fabric
Manager to create and manage Secure Fabric OS policies.
Secure Fabric OS policies can be created, displayed, modified, and deleted. They can also be created
and saved without being activated immediately, to allow future implementation. Saved policies are
persistent, meaning that they are saved in flash memory and remain available after switch reboot or
power cycle.
The group of existing policies is referred to as the “fabric management policy set” or FMPS, which
contains an active policy set and a defined policy set. The active policy set contains the policies that are
activated and currently in effect. The defined policy set contains all the policies that have been defined,
whether activated or not. Both policy sets are distributed to all switches in the fabric by the primary FCS
switch. Secure Fabric OS recognizes each type of policy by a predetermined name.
N
ote
Fibre Channel routers, such as the Silkworm 7500, do not enforce security policies.