HP StorageWorks Secure Fabric OS 5.0.0 User Guide (AA-RW1UA-TE, May 2005)
75Secure Fabric OS 5.0.0 user guide
Management server policy
The Management Server policy can be used to restrict which devices can be accessed by the
management server. Fabric configuration and control functions can be performed only by
requesters that are directly connected to the primary FCS switch. The policy is named
MS_POLICY and contains a list of device port WWNs for which the management server
implementation in Fabric OS (designed according to FC-GS-3 standard) accepts and acts on
requests.
How to create a Management Server policy is described after Table 9, which shows the
possible Management Server policy states.
To create a Management Server policy:
1. From a sectelnet or Secure Shell session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “policy_name”, “member;...;member”.
Policy_name is MS_POLICY. Member is a device WWN.
3. To save or activate the new policy, enter either secPolicySave or
secPolicyActivate.
If neither of these commands is entered, the changes are lost when the session is logged
out. For more information about these commands, see ”Saving changes to Secure Fabric
OS policies” on page 84 and ”Activating changes to Secure Fabric OS policies” on
page 84.
For example, to create an MS_POLICY that allows access through a device that has a
WWN of 12:24:45:10:0a:67:00:40:
Table 9 Management server policy states
Policy State Characteristics
No policy All devices can access the management server.
Policy with no
entries
No devices can access the management server.
Policy with entries Specified devices can access the management
server.
primaryfcs:admin> secpolicycreate "MS_POLICY", "12:24:45:10:0a:67:00:40"
MS_POLICY has been created.