Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
21222324252627282930
Secure Fabric OS Administrator’s Guide 5
53-1000244-02
1
Because the primary FCS switch distributes the zoning configuration, zoning databases do not
merge when new switches join the fabric. Instead, the zoning information on the new switches is
overwritten when the primary FCS switch downloads zoning to these switches, if secure mode is
enabled on all of them. For more information about zoning, see the Fabric OS Administrator’s
Guide. For more information about merging fabrics, see Adding Switches and Merging Fabrics with
Secure Mode Enabled” on page 70.
The remaining switches listed in the FCS policy act as backup FCS switches. If the primary FCS
switch becomes unavailable for any reason, the next switch in the list becomes the primary FCS
switch. You should have at least one backup FCS switch, to reduce the possibility of having no
primary FCS switch available. You can designate as many backup FCS switches as you like;
however, all FCS switches should be physically secure.
Any switches not listed in the FCS policy are defined as non-FCS switches. The root and factory
accounts are disabled on non-FCS switches.
For information about customizing the FCS policy, see “Enabling Secure Mode” on page 34. For
information about configuration download restrictions while in secure mode, see “Enabling Secure
Mode” on page 34.
Fabric Management Policy Set
Using Secure Fabric OS, you can create several types of policies to customize various aspects of
the fabric. By default, only the FCS policy exists when secure mode is first enabled. Use the CLI or
Fabric Manager to create and manage Secure Fabric OS policies
NOTE
Fibre Channel routers, such as the Brocade 7500, do not enforce security policies.
Secure Fabric OS policies can be created, displayed, modified, and deleted. They can also be
created and saved without being activated immediately, to allow future implementation. Saved
policies are persistent, meaning that they are saved in flash memory and remain available after
switch reboot or power cycle.
The group of existing policies is referred to as the “fabric management policy set” or FMPS, which
contains an active policy set and a defined policy set. The active policy set contains the policies
that are activated and currently in effect. The defined policy set contains all the policies that have
been defined, whether activated or not. Both policy sets are distributed to all switches in the fabric
by the primary FCS switch. Secure Fabric OS recognizes each type of policy by a predetermined
name.
Secure Fabric OS supports the following policies:
FCS policy—Use to specify the primary FCS and backup FCS switches. This is the only required
policy.