Education brocade Significantly Higher SAN Efficiency product training BCSM in a Nutshell Study Guide for Exam 143-350 Revision 0308 Exam Preparation Materials Brocade Education Services ©2008 Brocade Communications Systems, Inc.
Education Corporate Headquarters San Jose, CA USA T: (408) 333-8000 info@brocade.com European Headquarters Geneva, Switzerland T: +41 22 799 56 40 emea-info@brocade.com Asia Pacific Headquarters Singapore T: +65-6538-4700 apac-info@brocade.com © 2008 Brocade Communications Systems, Inc. All Rights Reserved.
BCSM IN A NUTSHELL 2008 Welcome to the BCSM in a Nutshell 2008 edition. Objective: We've put this guide together to help you prepare for the BCSM certification exam number 143-350. This exam tests SAN management skills using the following Brocade products: • Brocade switches, routers and Directors running up through Fabric OS v5.3.0 • All licensed (software) features through Fabric OS v5.3.0 • M-EOS 9.6 • EFCM 9.5 and Fabric Manager 5.
BCSM IN A NUTSHELL 2008 TABLE OF CONTENTS List of Tables ......................................................................................................................................3 List of Figures .....................................................................................................................................4 1 Security.....................................................................................................................................5 1.
BCSM IN A NUTSHELL 2008 LIST OF TABLES Table 1: Password Policy CLI Commands.........................................................................................8 Table 2: Policy Distribution.............................................................................................................9 Table 3: BB Credits .....................................................................................................................37 © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 LIST OF FIGURES Figure 1: EFCM Routing...............................................................................................................11 Figure 2: EFCM Group Manager..................................................................................................13 Figure 3: Fabric Merge Troubleshooting Tree .................................................................................21 Figure 4: Marginal Link/Port Fault Troubleshooting Tree ......................
BCSM IN A NUTSHELL 2008 1 SECURITY 1.1 MANAGING SAN SECURITY PROTECTING YOUR MANAGEMENT INTERFACES A goal is to minimize threats by limiting access to the management interfaces.
BCSM IN A NUTSHELL 2008 ADDITIONAL BEST PRACTICES • Implement the Track Changes feature in Fabric OS to see who logged in and when, and it reports them as messages in the RASlog • Restrict responsibilities by assigning a different user name to each SAN administrator and a specific role using Role-Based Access Controls (RBAC) • Use Virtual Fabrics and Fibre Channel routing • Use a login banner to provide legal support • Manage multiple user accounts with RADIUS for centralized login management RBAC
BCSM IN A NUTSHELL 2008 ACCOUNT LOCKOUT POLICY • Disables a user account when the user exceeds a configurable number of failed login attempts • Policy can be configured to: • o Keep account locked until explicit administrative action is taken o Automatically unlock after a specified duration Administrator may unlock a locked account at any time PASSWORD EXPIRATION POLICY • Forces expiration of a password after a configurable period of time • When a password expires, user must change the passwor
BCSM IN A NUTSHELL 2008 Table 1: Password Policy CLI Commands BASE FABRIC OS V5.
BCSM IN A NUTSHELL 2008 POLICY DISTRIBUTION • Each switch can be set to Accept or Reject individual security policies • The policies are manually distributed to fabric switches • Fabric Wide Consistency Policy (Absent/Tolerant/Strict) o Each fabric could have a consistency policy that would require automatic distribution of the SCC and DCC policies only o The PWD, IPFILTER, FCS, AUTH policies can only be manually distributed Fabric-Wide Consistency Policy set to: Distribution Setting Reject Acce
BCSM IN A NUTSHELL 2008 DH-CHAP Fabric OS v5.3.
BCSM IN A NUTSHELL 2008 2 MANAGEMENT TOOLS 2.1 IMPLEMENTING SAN MANAGEMENT TOOLS EFCM AND ROUTING Show route Figure 1: EFCM Routing SHOWING ROUTES BETWEEN TWO END-PRODUCTS NOTE: This feature is only available for fabrics consisting solely of manageable products You can use the Show Route feature to view the path that Fibre Channel frames must take between two end-products in a multi-switch fabric. If you intend to show a different route within the same fabric, the previous route is automatically hidden.
BCSM IN A NUTSHELL 2008 REQUIREMENTS To view the route between two products, the following conditions must be met: • There must be two or more switches in the fabric • All switches or Directors in the route must be managed by the application and attached to the same server • All switches or Directors in the route must be manageable products and must be running firmware version M-EOS 7.
BCSM IN A NUTSHELL 2008 EFCM GROUP MANAGER Select which action to perform Group Manager allows Event logs, firmware installation, and data collections to be done on a group of similar switches simultaneously Figure 2: EFCM Group Manager Group Manager can be used to define logical groups, not necessarily groups that are dependent on a selected task.
BCSM IN A NUTSHELL 2008 ESCM HBA MANAGEMENT TOOL With ESCM you can: • Collect event logs • Manage HBA firmware upgrades • Access the Boot BIOS • View port statistics including error statistics • Manage remote hosts (Import HBAs from other hosts) • Perform diagnostics • Configure device persistence • Access the HBA via a GUI or CLI ISCSI • The FC4-16IP blade is the only device that runs the iSCSI protocol • Allowed access is from iSCSI initiators to Fibre Channel targets only • It can be
BCSM IN A NUTSHELL 2008 MONITORING B-SERIES SWITCHES • Use pathinfo, topologyshow or urouteshow to visualize the fabric • Use porterrshow and portstatsshow to see if there are any port errors / discarded frames. Note: These are just counters so you would need a set of logs, duplicate the problem and then capture a second set of logs to determine if the errors are incrementing at the time the problem was happening • Use portperfshow / APM to see the I/O (must be captured during the time of the problem).
BCSM IN A NUTSHELL 2008 FABRIC MANAGER Fabric Manager is a GUI based application that allows monitoring and management of an entire SAN from one central location Fabric Manager • Has the ability to get high-level or detailed information about fabrics, switches and ports • Launches Brocade Web Tools and related services, as needed, for detailed switch information • Assists SAN administrators by centralizing the configuration, monitoring and management tasks of SANs • Reduces the overall cost of SAN ma
BCSM IN A NUTSHELL 2008 FABRIC MANAGER CHANGE MANAGEMENT Fabric Manager Change Management provides a common interface to monitor and manage changes to a Fabric Manager SAN Profile • Tracks changes to a range of SAN components • Checks for changes against a previously-created Fabric Manager baseline • Notifies you when changes are detected You can review detailed reports of all detected changes A Change Management profile has three components: 1.
BCSM IN A NUTSHELL 2008 3 REPORTING AND DOCUMENTATION 3.1 SAN DOCUMENTATION SAN documentation comes in many forms. The various manuals give relevant information.
BCSM IN A NUTSHELL 2008 3.
BCSM IN A NUTSHELL 2008 4 TROUBLESHOOTING 4.
BCSM IN A NUTSHELL 2008 For device sharing related issues, two commands are very useful.
BCSM IN A NUTSHELL 2008 SAMPLE FABRIC MERGE ERROR MESSAGES Domain ID Conflict error message: 2007/12/27-14:38:37, [FABR-1014], 8517, FFDC, ERROR, r3-st02-b20-1, Port 8 Disabled: Insistent Domain ID 1 could not be obtained.
BCSM IN A NUTSHELL 2008 COLLECTING INFORMATION FOR TROUBLESHOOTING Start Issue switchshow from switch with suspected marginal link (tip #1) Insert suspected marginal interface media in same or different port (tip #2) Re-run the failing application to replicate the error (tip #3) Does the error follow? Yes Single-switch Does the test fail? No Focus on Nx_Port (tip #5) Yes Replace with known good media (tip #4) No Figure 4: Marginal Link/Port Fault Troubleshooting Tree Tip #1 – Configure Fabric Watch
BCSM IN A NUTSHELL 2008 The fcping command can also be used to identify a marginal link. Issue fcping from the switch with the questionable connection; use WWN of questionable device as the source and look at the response times, consider using the length and number of frame operands to send more data.
BCSM IN A NUTSHELL 2008 4.2 IDENTIFYING INFORMATION REQUIRED FOR PROBLEM ESCALATION ESCALATIONS Data must be gathered for problem escalation, depending upon the type of situation. In the case of switches, Directors and routers, the bulk of the information should be gathered with supportsave, along with a detailed problem description. Other pieces of information would include core files, panic dump output and the output from supportshow, which are all part of supportsave.
BCSM IN A NUTSHELL 2008 5 SAN MONITORING 5.
BCSM IN A NUTSHELL 2008 5.2 HOW TO MONITOR AND MANAGE SHARED DEVICES BETWEEN EDGE FABRICS DOMAIN MANAGEMENT It is important to keep track of domains in a routed fabric environment. Look at this diagram of a routed fabric: Figure 5: Sample Routed Fabric The EX_Ports on each router will generate a front domain, and proxy devices will generate a translate domain. Phantom Front Domain (fd): A logical domain created when edge fabrics are connected to backbone fabrics. Starting with Fabric OS v5.
BCSM IN A NUTSHELL 2008 VERIFYING DEVICE CONNECTIVITY Use the cfgshow command on the edge fabrics to verify device connectivity: NDA-T01-48K:admin> cfgshow Defined configuration: zone: fabAzone b48_w2k; b48_disk1 zone: lsan_fabBB_fabA b48_disk1; b75_w2k The zoneshow command will give the same information in slightly different format You may also use Fabric Manager, as long as you use the MetaSAN View VERIFYING PROXY DEVICES Display proxy devices with the fcrproxydev
BCSM IN A NUTSHELL 2008 5.3 HOW TO MONITOR AND MANAGE DEVICES EFCM AND ZONING IN M-SERIES FABRICS It is necessary to have the Zoning Module in EFCM to manage zoning. Figure 6: Active Zone Set Tab in EFCM Zone and Zone Set naming conventions: • Names are NOT case sensitive • Names cannot begin with “SANav_” or “SMP”. These prefixes are reserved. Any M-Series switch having a zone beginning with a reserved prefix will not be discovered.
BCSM IN A NUTSHELL 2008 ZONING IN A B-SERIES FABRIC Some best practices: • Monitor the zoning database size • Keep to a standard naming convention • Manage zoning from the latest Fabric OS revision switch • Keep 1 HBA/zone • Zone using a core switch over an edge switch • Manage zoning from user accounts that have admin, zone admin and fabric admin privileges MANAGING AN HBA The ESCM utility can be used to manage a Brocade-branded HBA.
BCSM IN A NUTSHELL 2008 © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 6 SAN CONFIGURATION 6.1 MANAGING FICON FABRICS Cascaded configuration (known as a high integrity fabric) Figure 7: Supported FICON Topologies SINGLE DIRECTOR REQUIREMENTS No licenses are required unless two-byte addressing is used.
BCSM IN A NUTSHELL 2008 CASCADED DIRECTOR REQUIREMENTS FOR B-SERIES Requires Secure Fabric OS License • Includes fabric binding, switch binding, and port binding security methods that prevent unauthorized devices from joining a fabric Switch Connection Control (SCC) Policy in Security Set • SCC policy is used to restrict which switches can join the fabric Insistent Domain ID (IDID) must be set on all switches Domain IDs need to be unique • If both switches have IDID set and the same Domain ID, the fabr
BCSM IN A NUTSHELL 2008 6.2 PERFORMING ROUTINE MAINTENANCE MEASURING LATENCY EFCM may be used to measure latency with the Latency Graphs feature Latency Graphs show the response time in microseconds (μs) for each LUN communicating with the HBA. Real time performance data is used to plot the latency graphs. • Historical data does not exist for latency graphs Latency is determined by the SCSI inquiry time.
BCSM IN A NUTSHELL 2008 ISL AND TRUNK MAINTENANCE In order to have fabrics merge there must be some requirements met: • No duplicate domain IDs • fabric.
BCSM IN A NUTSHELL 2008 6.
BCSM IN A NUTSHELL 2008 BB CREDITS Speed Credits/km Credits/50 km Credits/100 km 1 .5 25 50 2 1 50 100 4 2 100 200 Table 3: BB Credits If you double the speed, or double the distance, you need to double the credits available on the port If the speed doubles the maximum distance is cut if half If you double the speed make sure you have the correct SFP for that speed Starting with the 4 Gbit/sec ASICs, no port will be starved for BB credits.
BCSM IN A NUTSHELL 2008 6.4 MANAGING ACCESS GATEWAY SOLUTIONS Figure 8: Access Gateway In Fabric OS v5.
BCSM IN A NUTSHELL 2008 ACCESS GATEWAY PORT MAPPING A Brocade Access Gateway uses a port map to direct traffic from host HBAs to the N_Ports that connect to the fabric • The port map and N_Port configuration can be edited Enabling Access Gateway on a Brocade 200E sets a default port map • N_Ports: Ports 12, 13, 14, 15 • Three F_Ports mapped to each N_Port Figure 9: Access Gateway Default Port Map © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 The Access Gateway uses NPIV to assign the 24-bit FC address, based on the port map • F_Ports/devices share the same domain and area values as the 200E N_Ports to which they are mapped • The last byte is assigned in the order in which the devices log in to the fabric Example: • Port 14 address = 040500 • Host_5 address = 040501 • Host_6 address = 040502 Figure 10: Access Gateway 24-Bit FC Address Assignments © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 7 TAKING THE TEST Once the test begins, you will first see this screen: Figure 11: Introduction Screen © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 After the Introduction Screen, once you click on Next, you will see the non-disclosure agreement: Figure 12: Non-disclosure Agreement © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 Once you agree to the terms, then the timed test will begin. This is a sample of how the questions will look. In this example, you see a multiple-choice question. Figure 13: Sample Question © 2008 Brocade Communications Systems, Incorporated.
BCSM IN A NUTSHELL 2008 When you complete the test, you will see a summary of your results. This summary includes your overall score, as well as your score for each of the six major portions of the exam. Figure 14: Examination Summary © 2008 Brocade Communications Systems, Incorporated.
