Technical data
7-2 Fabric OS Administrator’s Guide
Publication Number: 53-0000518-09
FICON Overview
7
To incorporate and manage FICON on a switch or fabric, your system must have Fabric OS v4.1.2 or
later installed. If you are implementing FICON in a single-switch noncascaded environment, there are
no additional software requirements. The Secure Fabric OS and Advanced Zoning optional Brocade
licensed features are required on all switches participating in a FICON multiple-switch cascaded
environment.
The optional Secure Fabric OS license provides these fabric, switch, and port binding features:
• Fabric binding is a security method for restricting switches within a multiple-switch fabric. The
Switch Connection Control (SCC) policy prevents unauthorized switches from joining a fabric.
Switches are authenticated using digital certificates and unique private keys provided to the Switch
Link Authentication Protocol (SLAP).
• Switch binding is a security method for restricting devices that connect to a particular switch. If the
device is another switch, this is handled by the SCC policy. If the device is a host or storage device,
the Device Connection Control (DCC) policy binds those devices to a particular switch. Policies
range from completely restrictive to reasonably flexible, based upon customer needs.
• Port binding is a security method for restricting host or storage devices that connect to particular
switch ports. The DCC policy also binds device ports to switch ports. Policies range from
completely restrictive to reasonably flexible, based upon customer needs.
FICON protocol is supported on the following SilkWorm models and Fabric OS releases:
• SilkWorm 3900, Fabric OS v4.1.2 or later.
• SilkWorm 12000, Fabric OS v4.1.2 or later.
• SilkWorm 24000, Fabric OS v4.2.0 or later. The default one-domain configuration is supported;
dual domain configurations and SilkWorm 12000 and SilkWorm 24000 port blade configurations
are not.
There are two types of FICON configurations:
• A single-switch configuration (called switched point-to-point) requires that the channel be
configured to use single-byte addressing. If the channel is set up for two-byte addressing, then the
cascaded configuration setup applies. This type of configuration is described in “Configuring a
Single Switch” on page 7-5.
• A cascaded configuration (known as a high integrity fabric) requires a list of authorized switches.
This authorization feature (called fabric binding) is available through Brocade Secure Fabric OS.
The fabric binding policy allows a predefined list of switches (domains) to exist in the fabric and
prevents other switches from joining the fabric. This type of configuration is described in
“Configuring a High-Integrity Fabric” on page 7-5.
Control Unit Port (CUP) protocol is used by IBM mainframe management programs to provide in-band
management for FICON switches. When it is enabled, you can set up directors in a FICON environment
to be managed through IBM mainframe management programs. CUP is an optionally licensed feature
available with Fabric OS v4.4.0 or later.
CUP is supported on SilkWorm 3900, 12000, and 24000 models running Fabric OS 4.4.0 or later.
N
ote
Some licenses are installed and activated on the switch at the factory. Use a Brocade management
interface to verify that the required licenses are installed and activated on the switch.