Manualshelf

HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)

ManualsBrandsHP ManualsStorageHP DC04 SAN Director Switch
121122123124125126127128129130
Fabric OS 6.x administrator guide 127
Non-matching fabric-wide consistency policies
You may encounter one of the following two scenarios:
Merging a fabric with a strict policy to a fabric with an absent, tolerant, or non-matching strict policy. The
merge fails and the ports are disabled.
Table 38 shows merges that are not supported.
Table 39 has a matrix of merging fabrics with tolerant and absent policies.
FIPS support
Federal information processing standards (FIPS) specifies the security standards to be satisfied by a
cryptographic module utilized in the Fabric OS to protect sensitive information in the switch. As part of FIPS
140-2 level 2 compliance passwords, shared secrets and the private keys used in SSL, TLS, and system
login need to be cleared out or zeroized. Power-up self tests are executed when the switch is powered on to
check for the consistency of the algorithms implemented in the switch. KATs are used to exercise various
features of the algorithm and their results are displayed on the console for your reference. Conditional tests
are performed whenever RSA key pair is generated. These tests verify the randomness of the deterministic
and non-deterministic random number generator (DRNG and non-DRNG). They also verify the consistency
of RSA keys with regard to signing and verification and encryption and decryption.
Table 38 Examples of strict fabric merges
Fabric-wide consistency policy setting Expected behavior
Fabric A Fabric B
Strict/Tolerant SCC:S;DCC:S SCC;DCC:S Ports connecting switches are
disabled.
SCC;DCC:S SCC:S;DCC
Strict/Absent SCC:S;DCC:S
SCC:S
DCC:S
Strict/Strict SCC:S DCC:S
Table 39 Fabric merges with tolerant/absent combinations
Fabric-wide consistency policy setting Expected behavior
Fabric A Fabric B
Tolerant/Absent SCC;DCC Error message logged.
Run fddCfg --fabwideset
“<policy_ID>” from any switch
with the desired configuration to fix
the conflict. The
secPolicyActivate command
is blocked until conflict is resolved.
DCC
SCC;DCC SCC
DCC SCC