53-1001357-01 28 July 2009 Data Center Fabric Manager Enterprise User Manual Supporting DCFM 10.3.
Copyright © 2007-2009 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Contents About This Document xxv In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxv How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxv Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . xxvi What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Accessibility features for the Management application . . . . . . . . . . 34 Keyboard shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Look and Feel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Chapter 2 Discovery In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Fabric discovery overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Call Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Showing a call home center . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Hiding a call home center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Editing a call home center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Enabling a call home center . . . . . . . . . . . .
Contents Flyovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105 Configuring flyovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Turning flyovers on or off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Viewing flyovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Removing an option from a device’s shortcut menu. . . . . . . Starting third-party tools from the application. . . . . . . . . . . . Launching a Telnet session. . . . . . . . . . . . . . . . . . . . . . . . . . . Launching an Element Manager. . . . . . . . . . . . . . . . . . . . . . . Launching Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Launching FCR configuration . . . . . . . . . . . . . . . . . . . . . . . . . Launching HCM Agent . . . . . . . . . . . . . . . . .
Contents Chapter 5 Device Configuration In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Configuration repository management . . . . . . . . . . . . . . . . . . . . . .173 Saving switch configurations. . . . . . . . . . . . . . . . . . . . . . . . . . 174 Restoring a switch configuration for a selected device. . . . . 175 Backing up a switch configuration . . . . . . . . . . . . . . . . . . . . . 176 Restoring a configuration from the repository . . .
Contents Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220 Viewing port connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Refreshing the port connectivity view. . . . . . . . . . . . . . . . . . . 223 Enabling a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Disabling a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Filtering port connectivity . . . . . . .
Contents Chapter 6 Fabric Binding In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Fabric binding overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Enabling fabric binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Disabling fabric binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Adding switches to the fabric binding membership list . . . .
Contents Duplicating an event policy . . . . . . . . . . . . . . . . . . . . . . . . . . . Duplicating an ISL offline policy . . . . . . . . . . . . . . . . . . . . . . . Duplicating a PM threshold crossed policy . . . . . . . . . . . . . . Duplicating a security violation policy . . . . . . . . . . . . . . . . . . Editing an event policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing an ISL offline policy . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Historical performance data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307 Enabling historical performance collection SAN wide. . . . . . 307 Enabling historical performance collection for selected fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Disabling historical performance collection . . . . . . . . . . . . . 308 Generating a historical performance graph . . . . . . . . . . . . . . 308 Saving a historical performance graph configuration . .
Contents Chapter 10 Role-Based Access Control In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339 Viewing the list of users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Adding a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Editing a user account. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 12 Fibre Channel over IP In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363 FCIP services licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364 FCIP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364 IP network considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364 FCIP platforms and supported features . . . . . . . . . . . . . . . . . .
Contents Deleting FCIP Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390 Displaying FCIP performance graphs for FC ports . . . . . . . . . . . . .391 Displaying FCIP performance graphs for Ethernet ports . . . . . . . .391 Displaying link details for FCIP tunnels . . . . . . . . . . . . . . . . . . . . . .391 Displaying tunnel properties from the FCIP tunnels dialog box . . .392 Displaying FCIP circuit properties from the FCIP tunnels dialog box . . . . . . . . . . . . . .
Contents QoS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413 Enhanced Transmission Selection . . . . . . . . . . . . . . . . . . . . . 413 Priority-based flow control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Creating a CEE map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Editing a CEE map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 Deleting a CEE map . . . . . . . . . . . . . . . . . . . .
Contents Deleting a PDCM configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .450 Changing the PDCM matrix display . . . . . . . . . . . . . . . . . . . . . . . . .450 Configuring a cascaded FICON fabric . . . . . . . . . . . . . . . . . . . . . . .451 Merging two cascaded FICON fabrics . . . . . . . . . . . . . . . . . . . . . . .452 Resolving merge conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455 Port Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Viewing and editing group properties . . . . . . . . . . . . . . . . . . . . . . .478 General tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Members tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Consequences of removing an encryption switch . . . . . . . . . 480 Security tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 HA Clusters tab. . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 17 Virtual Fabrics In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 Virtual Fabric requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532 Configuring Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Removing an object from a zone alias . . . . . . . . . . . . . . . . . . Exporting zone aliases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Renaming a zone alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . Viewing zone configuration properties . . . . . . . . . . . . . . . . . . Adding zones to zone configurations . . . . . . . . . . . . . . . . . . . Activating a zone configuration. .
Contents Listing zone members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Removing a member from a zone. . . . . . . . . . . . . . . . . . . . . . Removing a zone from a zone configuration . . . . . . . . . . . . . Removing an offline device . . . . . . . . . . . . . . . . . . . . . . . . . . . Renaming a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Renaming a zone configuration . . . . . . . . . . . . . . . . . . . . . . . Replacing zone members . . . . . .
Contents The HP Secure Key Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .622 Obtaining a signed certificate from the HP SKM appliance software 623 Importing a signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . 624 Exporting the KAC certificate request . . . . . . . . . . . . . . . . . . 625 Setting up a Brocade user. . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 Registering the Brocade user name and password on the switch . . . . . . . . . . . . . . . . .
Contents Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FC Port Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCIP Tunnel Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . GigE Port Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ISL . . . . . . . . . . . . . . . . . . . .
Contents xxiv DCFM Enterprise User Manual 53-1001357-01
About This Document In this chapter • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx • Additional information . . . . . . . . . . . . . .
About This Document • Chapter 16, “Encryption configuration,” provides information on configuring encryption. • Chapter 17, “Virtual Fabrics,” provides information on configuring and managing logical switches. • Chapter 18, “Zoning,” provides zoning configuration instructions. • Chapter 19, “Troubleshooting,” provides troubleshooting details. • Appendix A, “Supported Key Management Systems,” provides information about supported key management systems.
About This Document TABLE 1 Supported Hardware Device Name Terminology used in documentation Brocade 4024 switch5 Embedded 24-port, 4 Gbps FC Switch Brocade 4100 switch 32-port, 4 Gbps FC Switch 2 Brocade 4900 switch 64-port, 4 Gbps FC Switch Brocade 5000 switch3 32-port, 4 Gbps FC Interop Switch Brocade 5100 switch6 40-port, 8 Gbps FC Switch 6 80-port, 8 Gbps FC Switch Brocade 5300 switch Brocade 5410 embedded switch 6 8 Gbps 12-port Embedded Switch Brocade M5424 embedded switch 8 Gbp
About This Document TABLE 1 Supported Hardware Device Name Terminology used in documentation Brocade DCX-4S9 with FC8-16, FC8-32, and FC8-48 Blades 192-port Backbone Chassis with 8 Gbps 16-FC port, 8 Gbps 32-FC port, and 8 Gbps 48-FC port blades Brocade DCX-4S9 with FR4-18i Blades 192-port Backbone Chassis with 4 Gbps Router, Extension blade 9 192-port Backbone Chassis with FC 10 - 6 ISL Blade 9 192-port Backbone Chassis with Encryption Blade Brocade DCX-4S with FC10-6 Blades Brocade DCX-4S wit
About This Document • • • • • • • • • • • • • • • HBA configuration HBA discovery CEE/FCoE configuration Active sessions Icons legend Port Auto Disable Upload Failure Data Capture SNMP Informs Allow/Prohibit Matrix - save as, copy, and manual add FCiP - add and edit tunnels, select switch, add and edit FCiP circuit (IPv4 and IPv6) Port properties - GigE and FCiP tunnels tabs Properties - device properties, host, and virtual machines tab Zoning - set change limits TI Zone Properties Technical Support for h
About This Document Document conventions This section describes text formatting conventions and important notice formats used in this document.
About This Document Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only. Corporation Referenced Trademarks and Products Linus Torvalds Linux Microsoft Corporation Windows, Windows NT, Internet Explorer Netscape Communications Corporation Netscape Red Hat, Inc.
About This Document Other industry resources For additional resource information, visit the Technical Committee T11 Web site. This Web site provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web site: http://www.fibrechannel.
About This Document • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX—On the bottom right on the port side of the chassis 4. World Wide Name (WWN) Use the wwn command to display the switch WWN. If you cannot use the wwn command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX.
About This Document xxxiv DCFM Enterprise User Manual 53-1001357-01
Chapter User interface overview 1 In this chapter • User interface components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Icon legend. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 • Shortcut menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 • Feature-to-firmware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 User interface components FIGURE 1 Main Window 1. Menu Bar. Lists commands you can perform on the SAN. 2. Toolbar. Provides buttons that enable quick access to dialog boxes and functions. 3. View All tab. Displays the Master Log, Minimap, Connectivity Map (topology), and Product List. For more information, refer to the “View All tab”. 4. Port Display buttons. Provides buttons that enable quick access to configuring how ports display. For more information, refer to “Port Display buttons” on page 11. 5.
Menu bar 1 Menu bar The menu bar is located at the top of the main window. The following table outlines the many functions available on each menu. Menu Command Command Options SAN Menu Users. Select to configure users and user groups. Active Sessions. Select to display the active Management application sessions. Server Properties. Select to display the Server properties. Options. Select to configure the Management application options. Exit. Select to close the Management Client. Edit Menu Copy.
1 Menu Menu bar Command Command Options Fabrics Only. Select to display only fabrics. Groups Only. Select to display only groups. All Products. Select to display all products. All Ports. Select to display all ports. Enable Flyover Display/Device Tips. Select to enable flyover display. Show Ports. Select to show utilized ports on the selected device. Connected End Devices. Select to show or hide all connected end devices. Hide All. Select to hide all connected end devices. Show All.
Menu bar Menu Command 1 Command Options Slot/Port #. Select to display the slot/port number as the port label. Port Display. Select to configure how ports display. Occupied Product Ports. Select to display the ports of the devices in the fabrics (present in the Connectivity Map) that are connected to other devices. UnOccupied Product Ports. Select to display the ports of the devices (shown in the Connectivity Map) that are not connected to any other device. Attached Ports.
1 Menu Menu bar Command Command Options CEE. Select to manage a CEE switch, port, or link aggregation group (LAG). FCoE. Select to manage an FCoE port. Firmware Management. Select to download firmware to devices. Routing. Select to manage a selected router. Configuration. Select to view the R_Ports on a router. Domain IDs. Select to configure the router domain IDs. Logical Switches. Select to configure logical switches for your SAN. Encryption. Select to configure encryption for your SAN. Zoning.
Menu bar Menu Command 1 Command Options Allow/Prohibit Matrix. Select to allow FICON users to configure an Allow/Prohibit Matrix table. You can select any matrix tables and compare them either vertically or horizontally. Port Groups. Select to configure a group of ports from one or more switches within the same fabric. FC Troubleshooting. Select to troubleshoot your SAN. Trace Route. Select to view the route information between two device ports. Device Connectivity.
1 Menu Menu bar Command Command Options Historical Report. Select to monitor a performance through a table, which displays transmit and receive data. The table shows historical data. Technical Support. Select to configure technical support data for Fabric OS devices. SupportSave. (Fabric OS devices only) Select to configure technical support data collection. Upload Failure Data Capture. Select to configure capture failure data for Fabric OS devices. View Repository. Select to view repository data.
Menu bar Menu Command 1 Command Options Accept Change(s). Select to accept changes to the selected fabric. Port Connectivity. Select to view port connectivity on the selected device. Port Optics (SFP). Select to display the properties associated with a selected small form-factor pluggable (SFP) transceiver on the selected device. Events. Select to display all events triggered on the selected device. Tools Menu Setup. Select to set up the applications that display on the Tools menu. Product Menu.
1 Toolbar Toolbar The toolbar is located at the top of the main window and provides icons to perform various functions (Figure 2). FIGURE 2 The Toolbar The icons on your toolbar will vary based on the licensed features on your system. 1. Users. Displays the Server Users dialog box. Use to configure users, user groups, and permissions. 2. Properties. Displays the Properties dialog box of the selected device or fabric. Use to view or edit device or fabric properties. 3. Launch Element Manager.
View All tab 1 View All tab The View All tab displays the Master Log, Utilization Legend, Minimap, Connectivity Map (topology), and Product List. To open all areas of the View window, select View > Show Panels > All Panels or press F12. You can change the default size of the display by placing the cursor on the divider until a double arrow displays. Click and drag the adjoining divider to resize the window. You can also show or hide an area by clicking the left or right arrow on the divider.
1 Connectivity Map • BB Credit. Displays the BB Credit for the product. • Class. Displays the class to which the product belongs. • Contact. Displays the name of the person or group you should contact about the product. This field is editable at the fabric and device level. • Description. Displays the description of the product. This field is editable at the fabric and device level. • Device Type. Displays the type of device. • Domain ID.
Toolbox 1 Toolbox The toolbox (Figure 4) is located at the top right side of the View window and provides tools to zoom in and out of the Connectivity Map, collapse and expand groups, and fit the topology to the window. FIGURE 4 The Toolbox 1. Zoom In. Use to zoom in on the Connectivity Map 2. Zoom Out. Use to zoom out on the Connectivity Map. 3. Fit in View. Use to scale the map to fit within the Connectivity Map area. 4. Expand. Use to expand the map to show all ports in use on a device. 5. Collapse.
1 Utilization Legend • • • • • Module Name. The name of the module on which the event occurred. Message ID. The message ID of the event. Contributor. The name of the contributor on which the event occurred. Node WWN. The world wide name of the node on which the event occurred. Fabric Name. The name of the fabric on which the event occurred.
Minimap 1 Minimap The Minimap, which displays in the lower right corner of the main window, is useful for getting a bird’s-eye view of the SAN, or to quickly jump to a specific place on the Connectivity Map. To jump to a specific location on the Connectivity Map, click that area on the Minimap. A close-up view of the selected location displays on the Connectivity Map. Use the Minimap to view the entire SAN and to navigate more detailed map views. This feature is especially useful if you have a large SAN.
1 Status bar Status bar The status bar (Figure 7) displays at the bottom of the main window. The status bar provides a variety of information about the SAN and the application. The icons on the status bar change to reflect different information, such as the current status of products, fabrics, and backup. FIGURE 7 Status Bar The icons on your status bar will vary based on the licensed features on your system. 1. Connection Status. Displays the Server-Client connection status. 2. Product Status.
Icon legend 1 Icon legend Various icons are used to illustrate devices and connections in a SAN. The following tables list icons that display on the Connectivity Map and Product List. Product icons The following table lists the manageable SAN product icons that display on the topology. Fabric OS manageable devices display with blue icons and M-EOS manageable devices display with green icons. If a device is unmanageable it displays with gray icons.
1 Port icons Group icons The following table lists the manageable SAN product group icons that display on the topology. Icon Description Icon Description Switch Group Host Group Storage Group Unknown Fabric Group Unmanaged Fabric Group Chassis Group Port icons The following table lists the product status icons that display in the Product List.
Product status icons 1 Product status icons The following table lists the product status icons that display on the topology. Icon Status No icon Healthy/Operational Attention Degraded/Marginal Device Added Device Removed/Missing Down/Failed Routed In Routed Out Unknown/Link Down Event icons The following table lists the event icons that display on the topology and Master Log. For more information about events, refer to “Fault Management” on page 259.
1 Shortcut menus Shortcut menus You can use the Management application interface main menu to configure, monitor, and troubleshoot your SAN components. The instructions for using these features are documented in the subsequent chapters of this manual. For each SAN component, you can optionally right-click the component and a shortcut menu displays. The table below details the command options available for each component.
Shortcut menus Component Menu/Submenu Commands Comments Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List. Collapse or Expand Only available from Connectivity Map Table > Copy '' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Only available from Product List.
1 Shortcut menus Component Menu/Submenu Commands Comments Fabric OS Switch/Chassis/Access Gateway Element Manager > Hardware Ports Admin Router Admin Configuration > Save Restore Schedule Backup Replicate > Configuration Security Swap Blades Firmware Management Zoning Does not display when switch is in a Core Switch group, Chassis group or Isolated device group, or when it is in Access Gateway mode. Allow / Prohibit Matrix Only available for Fabric OS devices.
Shortcut menus Component 1 Menu/Submenu Commands Comments Product Only enabled when the fabric is tracked, and the product is removed and joins another fabric. Other Ports > Does not display when an Access Gateway mode device is attached to multiple fabrics. Accept Change Only enabled in tracked FC Fabrics. Only enabled when a plus or minus icon is present.
1 Shortcut menus Component Menu/Submenu Commands Comments Setup Tools Product Only enabled when the fabric is tracked, and the product is removed and joins another fabric. Accept Change Show Ports Show Connections Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List.
Shortcut menus Component Menu/Submenu Commands Comments Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List. Table > Copy ' Group' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Only available from Product List.
1 Shortcut menus Component Menu/Submenu Commands Comments Fabric > Fabric1 Fabric2 Only available for HBAs under the Host node. Origin Only available for HBAs under the Host node or devices routed in. Not available for enclosures. Destination Only available for devices routed out. Not available for enclosures. Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List. Expand All Only available from Product List.
Shortcut menus Component 1 Menu/Submenu Commands Comments Accept Change Only available for tracked FC Fabrics. Only enabled when a plus or minus icon is present. Show Connections Displays as disabled because this component does not display in the Connectivity Map. Router Phantom Domains Origin Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List.
1 Shortcut menus Component Menu/Submenu Commands Comments Table > Copy ' Group' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Only available from Product List. Collapse All Only available from Product List. Properties HBA and iSCSI Initiator Servers Does not display for routed devices and discovered Hosts. Performance > Real Time Graphs Disabled when all ports are offline.
Shortcut menus Component 1 Menu/Submenu Commands Comments Performance > Real Time Graphs Only available for occupied, managed ports. Disabled when all ports are offline. FC Security Protocol Only available for Managed JSON HBA Ports. Only available when you have the Security Privilege. Zoning List Zone Members Connected Port Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List.
1 Shortcut menus Component Menu/Submenu Commands Comments Performance > Real-Time Graph Modify Launches Element Manager. IP Troubleshooting > Ping Trace Route Performance Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Only available from Product List. Table > Copy ' Group' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Only available from Product List.
Shortcut menus Component Menu/Submenu Commands 1 Comments Properties White Area of the Connectivity Map Zoom Zoom In Zoom Out Map Display Expand Collapse White Area of the Product List Port Display > Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Table > Copy '' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Product List Table > Copy '' Copy Row Copy Table Export R
1 Feature-to-firmware requirements Feature-to-firmware requirements Use the following table to determine whether the Management application features are only available with a specific version of the Fabric OS firmware, M-EOS firmware, or both, as well as if there are specific licensing requirements. Feature Fabric OS M-EOS Access Gateway (AG) AG connected to Fabric OS devices requires firmware 6.1.1 or later. AG connected to M-EOS devices requires firmware 9.9.2 or later.
Feature-to-firmware requirements 1 Feature Fabric OS M-EOS Meta SAN Requires Fabric OS 5.2 or later for FC router and router domain ID configuration. Requires Fabric OS 6.0 or later in a mixed Fabric OS and M-EOS fabric. Requires Integrated Routing license. Not available. Performance Requires Fabric OS 5.0 or later for FC_ports, end-to-end monitors, and marching ants. Requires Fabric OS 5.3 or later for GE_ports and FCIP tunnels. Requires Fabric OS 6.2 or later for Top Talkers.
1 Accessibility features for the Management application Accessibility features for the Management application Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. The following list includes the major accessibility features in the Management application: • Keyboard shortcuts • Look and Feel Keyboard shortcuts You can use the keystrokes shown in the table below to perform common functions.
Look and Feel 1 Look and Feel You can configure the Management application to mimic your system settings as well as define the size of the font. ‘Look’ refers to the appearance of graphical user interface widgets and ‘feel’ refers to the way the widgets behave. The Management application currently uses the ‘ Default Look and Feel’ for some of the components (for example, Layout, Minimap, and so on) and the “Java Metal Look and Feel” for others.
1 Look and Feel 4. Click Apply or OK to save your work. 5. Click OK on the message. NOTE Changes do not take affect until after you restart the client. Changing the font size The Options dialog box enables you to change the font size for all components including the Connectivity map of the Management application interface. Font size changes proportionately in relation to the system resolution.
Chapter 2 Discovery In this chapter • Fabric discovery overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Host discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing the discovery state. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Fabric monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Seed switch . . . . . . . .
2 Fabric discovery overview During fabric discovery, if you have defined IPv6 IP addresses for the switch, the Management application remembers the IP address only. If the switch has a DNS name that you have defined, the Management application can remember the DNS name and use that. NOTE Professional Plus edition can discover up to 4 fabrics. NOTE Professional Plus edition can discover, but not manage the Backbone chassis.
Discovering fabrics 2 Discovering fabrics NOTE Fabric OS devices must be running Fabric OS 5.0 or later. M-EOS devices must be running M-EOS 9.6 or later. NOTE Only one copy of the application should be used to monitor and manage the same devices in a subnet. To discover specific IP addresses or subnets, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays.
2 Discovering fabrics 2. Click Add Fabric to specify the IP addresses of the devices you want to discover. The Address Properties dialog box displays. FIGURE 9 Address Properties Dialog Box (IP Address tab) 3. Enter a name for the fabric in the Fabric Name field. 4. Enter an IP address for a device in the IP Address field. For seed switch requirements, refer to “Seed switch requirements” on page 57. NOTE The Backbone Chassis cannot be used as a seed switch.
Discovering fabrics 2 6. Click the SNMP tab (Figure 10). FIGURE 10 7. Address Properties Dialog Box (SNMP - v1 tab) Enter the target port in the Target Port field. 8. Enter the duration (in seconds) after which the application times out in the Time-out (sec) field. 9. Enter the number of times to retry the process in the Retries field. 10. Select the SNMP version from the SNMP Version list. • If you selected v1, continue with step 11.
2 Discovering fabrics FIGURE 11 Address Properties Dialog Box (SNMP Tab - v3) 16. Enter a user name in the User Name field. 17. Enter a context name In the Context Name field. 18. Select the authorization protocol in the Auth Protocol field. 19. Enter the authorization password in the Auth Password field. • If you selected Configure for <256-Port_Director_Name>, go to step 22. • If you did not select Configure for <256-Port_Director_Name>, continue with step 20. 20.
Configuring SNMP credentials 2 Configuring SNMP credentials 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Select an IP address from the Available Addresses table. 3. Click Edit. The Address Properties dialog box displays. 4. Click the SNMP tab. 5. Select the SNMP version from the SNMP Version list. • If you selected v1, continue with step 6. • If you select v3, the SNMP tab displays the v3 required parameters. Go to step 10.
2 Reverting to a default SNMP community string 14. Enter the authorization password in the Auth Password field. • If you selected Configure for <256-Port_Director_Name>, go to step 17. • If you did not select Configure for <256-Port_Director_Name>, continue with step 15. 15. Select the privacy protocol in the Priv Protocol field. 16. Enter the privacy password in the Priv Password field. 17. Click OK on the Address Properties dialog box. If the seed switch is not partitioned, continue with step 18.
Host discovery 2 Host discovery The Management application enables you to discover individual hosts, import a group of Host from a CSV file, or import all hosts from discovered fabrics. NOTE Host discovery requires HCM Agent 2.0 or later. NOTE SMI and WMI discovery are not supported. Discovering Hosts by IP address or hostname To discover a Host by IP address or hostname, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Click Add Host.
2 Importing Hosts from a CSV file 9. Click OK on the Add Host Discovery dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status. To update the status from pending you must close and reopen the Discover Setup dialog box. 10. Click Close on the Discover Setup dialog box. Importing Hosts from a CSV file To discover Hosts by importing a CSV file, complete the following steps. 1.
Importing Hosts from a Fabric 2 6. Verify the imported values in the Host List text box. 7. Configure Host credentials, if necessary. To configure host credentials, refer to “Configuring Brocade HBA credentials” on page 48 or “Configuring virtual machine credentials” on page 49. 8. Click OK on the Add Host Discovery dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status.
2 Configuring Brocade HBA credentials 7. Configure Host credentials, if necessary. To configure host credentials, refer to “Configuring Brocade HBA credentials” on page 48 or “Configuring virtual machine credentials” on page 49. 8. Click OK on the Add Host Discovery dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status.
Configuring virtual machine credentials 2 8. Click OK on the Add Host Discovery dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status. To update the status from pending you must close and reopen the Discover Setup dialog box. 9. Click Close on the Discover Setup dialog box.
2 Editing Host credentials 11. Click OK on the Add Host Discovery dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status. To update the status from pending you must close and reopen the Discover Setup dialog box. 12. Click Close on the Discover Setup dialog box. Editing Host credentials To edit Host credentials, complete the following steps. 1. Select Discover > Setup.
Removing a Host from Discovery 2 Removing a Host from Discovery To remove a Host from discovery, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Select the Host you want to remove from discovery. 3. Click Delete. 4. Click OK on the confirmation message. The deleted host displays in the Previously Discovered Addresses table. 5. Click Close on the Discover Setup dialog box.
2 Troubleshooting discovery • Created host structure differs from discovered host; Discovery ignored • Brocade HBA Discovery Failed: HCM Agent connection failed Troubleshooting discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly. 1. Verify IP connectivity by issuing a ping command to the switch. a. Open the command prompt. b. From the Server, type ping . 2.
M-EOSn discovery troubleshooting 2 M-EOSn discovery troubleshooting The following section states a possible issue and the recommended solution for M-EOSn discovery errors. TABLE 3 Problem Resolution M-EOS seed switch discovery is not supported using SNMPv3 on the following devices: • 32-Port, 2 Gbps Switch • 16-Port, 4 Gbps Fabric Switch • 24-Port Fabric Switch • 32-Port, 4 Gbps Switch • 140-Port Director Discover the device using SNMP v1.
2 Virtual Fabric discovery troubleshooting Virtual Fabric discovery troubleshooting The following section state possible issues and the recommended solutions for Virtual Fabric discovery errors. TABLE 4 Problem Resolution At the time of discovery, the seed switch is Virtual Fabric-enabled; however, the user does not have Chassis Admin role for the seed switch. At the time of discovery, the user does not have the Chassis Admin role for all other switches in the fabric.
Fabric monitoring 2 Fabric monitoring NOTE Monitoring is not supported on Hosts. Fabric monitoring enables discovery of and data collection for the specified fabric and all associated devices. The Management application enables you to view fabric monitoring status through the Discover Setup dialog box. The following table illustrates and describes the icons that indicate the current status of the discovered fabrics.
2 Stop monitoring of a discovered fabric Stop monitoring of a discovered fabric NOTE Monitoring is not supported on Hosts. When you stop monitoring of a fabric, you stop discovery of and data collection for the specified fabric and all associated devices. To stop monitoring a fabric and all associated devices, complete the following steps. 1. Select Discovery > Setup. The Discover Setup dialog box displays. 2. Select the fabric you want to stop monitoring from the Discovered Addresses table. 3.
Seed switch 2 This operation preserves historical and configuration data, such as performance monitoring and user-customized data for the selected fabric. ATTENTION If the seed switch firmware is downgraded from Fabric OS 5.2.X to an earlier version, then all RBAC-related data is discarded from the Management application.
2 Seed switch failover The following M-EOS devices are seed switch-capable; however, they do not obtain fabric member information: • • • • 16-Port, 1 Gbps and 2 Gbps Switch 32-Port, 1 Gbps and 2 Gbps Switch 24-Port, 2 Gbps Switch 64-Port Director Seed switch failover The Management application collects fabric-wide data (such as, fabric membership, connectivity, name server information, zoning, and so on) using the seed switch.
Changing the seed switch 2 3. Click Change Seed Switch. If the fabric contains other switches that are running the latest version and are also HTTP-reachable from the Management application, the Change Seed Switch dialog box appears. Otherwise, a message displays that you cannot change the seed switch. 4. Select a switch to be the new seed switch from the Change Seed Switch dialog box. You can select only one switch. Only switches that are running the latest Fabric OS version in the fabric are displayed.
2 60 Changing the seed switch DCFM Enterprise User Manual 53-1001357-01
Chapter Application Configuration 3 In this chapter • Management server and client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 • Call Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 • Data backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 • Data restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Management server and client Management server and client The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores SAN-related information; it does not have a user interface. To view SAN information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines.
Management server and client TABLE 6 3 Ports Port Number Ports Description Communication Path Open in Firewall 26388 Database port (Enforced during install) Port used by database Server–Database Remote ODBC– Database Yes 44301, 5, 7 MPI XML-RCP port for SSL Server–Switch Yes MPI XML-RCP port/HTTP port Server–Switch Yes 24600 jboss.naming.jnp.port - port 0 Bootstrap JNP service port Client–Server Yes 24601 jboss.connector.ejb3.
3 Management server and client TABLE 6 Ports Port Number Ports Description Communication Path Open in Firewall 55556 Launch in Context (LIC) client hand shaking port Client port used to check if a Management application client opened using LIC is running on the same host Client No NOTE: If this port is in use, the application uses the next available port. 1 Port is not configurable (either in the switch or the Management server).
Logging into a server 3 Logging into a server You must log into a Server to monitor a SAN. NOTE You must have an established user account on the Server to log in. To log into a server, complete the following steps. 1. Double-click the desktop icon or open the application from the Start menu. The Log In dialog box displays (Figure 19). FIGURE 19 Log In Dialog Box 2. Enter your user name and password. The defaults are Administrator and password, respectively.
3 Logging into a remote client Logging into a remote client To log into a remote client, complete the following steps. 1. Open a web browser and enter the IP address of the Management application server in the Address bar. If the web server port number does not use the default (443 if is SSL Enabled; otherwise, the default is 80), you must enter the web server port number in addition to the IP address. For example, :.
Changing your password 3 Changing your password To change your password, complete the following steps. 1. Double-click the desktop icon or open from the Start menu. The Log In dialog box displays. FIGURE 21 Log In Dialog Box 2. Enter your user name and password. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. 3. Click Change. The Change Password dialog box displays. 4.
3 Changing the database user password Changing the database user password To change the database password, complete the following steps in the /bin directory. 1. Open a command window. 2. Type dbpassword and press Enter. Where is your user name, is your current password, and and are your new password. The user name and password defaults are dcfm and passw0rd (zero), respectively.
Disconnecting users 3 • Network Address—Displays the network address of the user. • Client Type—Displays the type of Management application client. • Connected—Displays the date and time the user connected to the server. 3. Click Close. Disconnecting users To disconnect a user, complete the following steps. 1. Select SAN > Active Sessions. The Active Sessions dialog box displays. 2. Select the user you want to disconnect and click Disconnect. 3. Click Yes on the confirmation message. 4.
3 Customizing the main window Customizing the main window You can customize the main window to display only the data you need by displaying different levels of detail on the Connectivity Map (topology) or Product List. Zooming in and out of the connectivity map You can zoom in or out of the Connectivity Map to see products and ports. Zooming In To zoom in on the Connectivity Map, use one of the following methods: • Click the zoom-in icon ( ) on the toolbox. • Press CTRL + NumPad+ on the keyboard.
Customizing the application 3 Showing levels of detail on the connectivity map You can configure different levels of detail on the Connectivity Map, making Management easier. View Fabrics To view only fabrics, without seeing groups, products or ports: Select View > Show> Fabrics Only. View Groups To view only groups and fabrics, without seeing products or ports: Select View > Show> Groups Only. View Products To view products, groups, and fabrics: Select View > Show> All Products.
3 Customizing the application Displaying columns To only display specific columns, complete the following steps. 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays. FIGURE 25 Customize Columns dialog box 2. Choose from the following options: • Select the check box to display a column. OR Select the column name and click Show. • Clear the check box to hide a column. OR Select the column name and click Hide.
Customizing the application 3 Changing the order of columns To change the order in which columns display, choose from one of the following options. Rearrange columns in a table by dragging and dropping the column to a new location. OR 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays. 2. Highlight the name of the column you want to move and use Move Up and Move Down to move it to a new location. 3. Click OK.
3 Searching for a device in the connectivity map Exporting table information You can export the entire table or a specific row to a text file. 1. Choose from one of the following options: • Right-click anywhere in the table and select Table > Export Table. • Select the table row that you want to export and select Table > Export Row. The Save table to a tab delimited file dialog box displays. 2. Browse to the location where you want to save the file. 3. Enter file name in the File Name field. 4.
Call Home 3 Call Home NOTE Call Home is supported on Windows systems for all modem and E-mail call home centers and is supported on Linux and Solaris for the E-mail call home centers. Call Home notification allows you to configure the Management application Server to automatically send an e-mail or dial-in to a support center to report system problems on specified devices (switches, routers, and directors). If you are upgrading from a previous release, all of your Call Home settings are preserved.
3 Call Home • Adds an entry to the Master Log file and screen display. • Generates a XML report (only available with EMC and EMC E-Mail call centers) with the switch details which is sent with the E-mail. • Generates an HTML report for E-mail-based Call Home centers. For more information about Call Home events, refer to “Call Home Event Tables” on page 637. For more information about Event Management, refer to “Fault Management” on page 259.
Showing a call home center 3 Showing a call home center To show a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays (Figure 27). FIGURE 27 Call Home Dialog Box 2. Click Show/Hide Centers (beneath the Call Home Centers table). The Centers dialog box displays with a predefined list of call home centers (Figure 28). FIGURE 28 Centers Dialog Box 3.
3 Hiding a call home center Hiding a call home center NOTE Before you can hide a call home center, you must remove all assigned products. To hide a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Click Show/Hide Centers (beneath the Call Home Centers table). The Centers dialog box displays with a predefined list of call home centers. 3. Clear the check boxes of the call home centers you want to hide and click OK.
Editing a call home center FIGURE 29 3 Configure Call Home Center Dialog Box (Brocade International or IBM option) 4. Make sure the call home center type you selected displays in the Call Home Centers list. 5. Select Enable to enable this call home center. 6. Set the time interval at which to check the call home center by selecting the Set the heartbeat interval at ___ days (1-28) check box and entering the interval in the field. 7.
3 Editing a call home center Editing the Brocade North America or HP Modem call home center Modem call home centers are available for Brocade and HP. To edit one of these call home centers, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the call home center you want to edit (Brocade North America or HP Modem) in the Call Home Centers table. 3. Click Edit Centers (beneath the Call Home Centers table).
Editing a call home center 3 Editing an E-mail call home center E-mail call home centers are available for Brocade, EMC, IBM, and SUN. To edit one of these call home centers, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the call home center you want to edit (Brocade E-mail, EMC E-mail, IBM E-mail, or SUN E-mail) in the Call Home Centers table. 3. Click Edit Centers (beneath the Call Home Centers table).
3 Editing a call home center 16. Click Send Test to test the mail server. The selected call home center must be enabled to test the mail server. A faked event is generated and sent to the selected call home center. You must contact the call home center to verify that the event was received and in the correct format. 17. Click OK. The Call Home Configuration dialog box displays with the call home center you edited highlighted in the Call Home Centers table. 18.
Editing a call home center 3 10. Click Send Test to test the Connect EMC application. The selected call home center must be enabled to test the Connect EMC application. A faked event is generated and sent to the selected call home center. You must contact the call home center to verify that the event was received and in the correct format. 11. Click OK. The Call Home dialog box displays with the call home center you edited highlighted in the Call Home Centers table. 12.
3 Enabling a call home center 7. Click Send Test to test the address. The selected call home center must be enabled to test the IP address. A faked event is generated and sent to the selected call home center. You must contact the call home center to verify that the event was received and in the correct format. NOTE The HP LAN Call Home alert displays the directory separation characters with a double backslash (\\) instead of a single backslash (\). 8. Click OK.
Testing the call home center connection 3 Testing the call home center connection Once you add and enable a call home center, you should verify that call home is functional. To verify call home center functionality, complete the following steps. 1. Select Monitor > Event Notification > Call Home. 2. Click Edit Centers (beneath the Call Home Centers table). The Configure Call Home Center dialog box displays. 3. Select the center you want to check in the Call Home Centers list. 4.
3 Viewing Call Home status Viewing Call Home status You can view call home status from the main Management application window or from the Call Home Notification dialog box. The Management application enables you to view the call home status at a glance by providing a call home status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the call home function.
Assigning a device to the call home center 3 Assigning a device to the call home center Discovered devices (switches, routers, and directors) are not assigned to a corresponding call home center automatically. You must manually assign each device to a call home center before you use call home. To assign a device or multiple devices to a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.
3 Removing all devices and filters from a call home center Removing all devices and filters from a call home center To remove all devices and filters from a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the call home center from which you want to remove devices and filters in the Call Home Center table. 3. Click the left arrow button. A confirmation message displays. 4. Click OK.
Assigning an event filter to a call home center 3 Assigning an event filter to a call home center Event filters allow call home center users to log in to a Management server and assign specific event filters to the devices. This limits the number of unnecessary or ‘acknowledge’ events and improves the performance and effectiveness of the call home center. You can only select one event filter at a time; however, you can assign the same event filter to multiple devices or call home centers.
3 Overwriting an assigned event filter Overwriting an assigned event filter A device can only have one event filter at a time; therefore, when a new filter is applied to a device that already has a filter, you must confirm the new filter assignment. To overwrite an event filter, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the event filter you want to apply in the Call Home Event Filters table.
Removing an event filter from a device 3 Removing an event filter from a device To remove an event filter from a device, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Choose one of the following options in the Call Home Centers table: • Right-click an event filter assigned to a device and select Remove Filter. • Right-click a device to which the event filter is assigned and select Remove Filter.
3 Data backup Data backup The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary. NOTE Backing up data takes some time. It is possible that, in a disaster recovery situation, configuration changes made after the last backup interval will be missing from the backup.
Configuring backup to a writable CD 3 Configuring backup to a writable CD NOTE This is not recommended on a permanent basis. CDs have a limited life, and may only last a month. An error message occurs if your Management application can no longer back up to the disc. To configure the backup function to a writable CD, complete the following steps. 1. Select SAN > Options. The Options dialog box displays (Figure 34). FIGURE 34 Options Dialog Box (Backup option) 2. Select Backup in the Category list.
3 Configuring backup to a hard drive 6. Select an interval from the Backup Interval drop-down list to set how often backup occurs. 7. Verify that the CD backup directory is correct (default directory is D:\Backup). It is assumed that drive D is a CD-RW drive. You can change the directory or use the Browse button to select another directory. 8. Install the formatted disc into the CD drive. To back up to a writable CD, you must have CD-writing software installed.
Configuring backup to a network drive 7. 3 Browse to the hard drive and directory to which you want to back up your data. 8. Click Apply or OK. The application verifies that the backup device exists and that the server can write to it. If the device does not exist or is not writable, an error message displays that states you have entered an invalid device. Click OK to go back to the Options dialog box and fix the error. Backup occurs, if needed, at the interval you specified.
3 Enabling backup 7. Click Browse to choose the network share and directory to which you want to back up your data, or enter the network share and directory path. NOTE You must specify the directory in a network share format (for example, \\network-name\share-name\directory). Do not use the drive letter format (C:\directory). 8. If you want to configure backup to a network drive on a Windows system, complete the following steps. a.
Viewing the backup status 3 Viewing the backup status The Management application enables you to view the backup status at a glance by providing a backup status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the backup function. Icon Description Backup in Progress—displays the following tooltip: “Backup started at hh:mm:ss, in progress... XX directories are backed up.
3 Starting immediate backup Starting immediate backup NOTE You must have backup privileges to use the Backup Now function. To start the backup process immediately, complete one of the following procedures: Using the Backup Icon, right-click the Backup icon and select Backup Now. OR 1. Using the SAN menu, select SAN > Options. The Options dialog box displays. 2. Select Backup in the Category list. 3. Click Backup Now. The backup process begins immediately. There is no confirmation message. 4.
Data restore 3 Data restore NOTE You cannot restore data from a previous version of the Management application. NOTE You cannot restore data from a different edition of the Management application. The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary. The data in the following directories is automatically backed up to disk. The data includes the following items: • Backup\databases — contains database and log files.
3 Restoring data to a new server Restoring data to a new server If your Management application server fails and you must recover information to a new server, complete the following steps. 1. Restore the data (Refer to “Restoring data” on page 99 for complete instructions). 2. Configure an explicit server IP address (Refer to “Configuring an explicit server IP address” on page 125 for complete instructions). Display You can configure the display for FICON and reset the display to the default settings.
Resetting your display 3 3. Click Set Up FICON Display. All tables that contain end device descriptions display the following columns as the first eight columns: FC Address, Serial #, Tag, Device Type, Model, Vendor, Port Type, and WWN. 4. Click Apply or OK to save your work. Resetting your display You can reset your system to display the default display settings. Note that returning to current settings after a reset may require configuring each global fabric or group setting individually.
3 End node display End node display The connectivity map can be configured to display or not display end nodes. This option enables you to set the end node display for all newly discovered fabrics. Note that disabling end node display limits the connectivity map to emphasize switch members only. Displaying end nodes To display end nodes when discovering a new fabric, complete the following steps. 1. Select SAN > Options. The Options dialog box displays (Figure 36).
Ethernet events 3 Ethernet events An Ethernet event occurs when the Ethernet link between the Management Server and the managed device is lost. You can configure the application to enable events when the Ethernet connection is lost. Enabling Ethernet events The Options dialog box enables you to configure the Management application to generate an Ethernet event after a device is offline for a specific period of time. To enable Ethernet events, complete the following steps. 1. Select SAN > Options.
3 Disabling Ethernet events Disabling Ethernet events To disable Ethernet events, complete the following steps. 1. Select SAN > Options. The Options dialog box displays. 2. Select Ethernet Event in the Category list. 3. Clear the Enable Ethernet Event check box. 4. Click Apply or OK to save your work. Event storage You can configure the number of historical events in the repository as well as how long the events will be retained.
Flyovers 3 3. Select the Purge Events check box. 4. Enter the number of events (1 through 20000) in the repository in the Maximum Historical Event field. Older events are purged as soon as the maximum events is reached regardless of the retention days. 5. Enter then number of days (1 through 30) you want to store events in the Store Historical Event for days field. The events are purged at the end of the retention period regardless of the number of maximum events. 6. Click OK.
3 Flyovers 5. Select the Product tab (Figure 40) and complete the following steps to select the product properties you want to display on flyover. FIGURE 39 a. Options Dialog Box (Flyovers option, Product tab) Select each property you want to display in the product flyover from the Available Properties table.
Flyovers 3 6. Select the Connection tab (Figure 40) and complete the following steps to select the information you want to display on flyover. FIGURE 40 a. Options Dialog Box (Flyovers option, Connection tab) Select the protocol from the Protocol list. The default protocol is Fibre Channel. Depending on which protocol you select, some properties may not be available for all protocols. b. Select each property you want to display in the connection flyover from the Available Properties table.
3 Turning flyovers on or off FCoE • • • Name Node WWN MAC • • • Port# Port Type FCoE Index # c. Click the right arrow to move the selected properties to the Selected Properties table. d. Use the Move Up and Move Down buttons to reorder the properties in the Selected Properties table. The properties displayed in the Selected Properties table appear in the flyover display. 7. Click Apply or OK to save your work. Turning flyovers on or off Flyovers display when you place the cursor on a product.
Names 3 Names You can use Names as a method of providing familiar simple names to products and ports in your SAN. Using your Management application you can: • • • • • Set names to be unique or non-unique. Fix duplicate names. Associate a name with a product or port WWN currently being discovered. Add a WWN and an associated name for a product or port that is not yet being discovered. Remove or disassociate a name from a WWN.
3 Setting names to be non-unique Setting names to be non-unique You can choose to allow duplicate names in your fabric. To set names to be non-unique, complete the following steps. 1. Select SAN > Options. The Options dialog box displays. 2. Select Names in the Category list. 3. Select Set names to be non-unique to allow duplicate names on your system. 4. Click OK on the Options dialog box. Fixing duplicate names To fix duplicated names, complete the following steps. 1. Select Configure > Names.
Viewing names 3 5. Click OK to close the Configure Names dialog box. 6. Click OK on the confirmation message. Viewing names To view names associated with devices by name, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Select All Names from the Display list. Only devices with a name display. The table displays the Name, WWN, Operational Status, Type, and a Description of the device. 3. Click OK to close the Configure Names dialog box.
3 Adding a name to a new device Adding a name to a new device To add a new device and name it, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Enter the WWN of the device in the Detached WWN field. 3. Enter a name for the device in the Name field. 4. Click Add. The new device displays in the table. If you set names to be unique on the Options dialog box and the name you entered already exists, a message indicating the name already in use displays.
Exporting names 3 Exporting names To export the names associated with devices, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Click Export. The Export Files dialog displays. 3. Browse to the location where you want to save the export file. 4. Enter a name for the file and click Save. 5. Click OK to close the Configure Names dialog box.
3 Searching by name Searching by name You can search for objects (switch, fabric, product, ports, or N Ports) by name. To search by name, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Select All Names from the Display list. 3. Select Name from the Scope list. 4. Enter the name you want to search for in the Search field. You can search on partial names. 5. Click Search.
Security 3 Security You can configure the Server Name, CHAP secret value, and login banner, and modify whether or not to allow clients to save passwords. When the login banner is enabled, each time a client connects to the server, the login banner displays with a legal notice provided by you. The client's users must acknowledge the login banner to proceed, otherwise they are logged out. Configuring the server name To set the CHAP secret, complete the following steps. 1. Select SAN > Options.
3 Setting the CHAP secret 5. Re-enter the password in the Retype Secret field. If the secret does not meet the application requirements or the CHAP Secret and Retype Secret entries do not match, an error message displays. Click OK to re-enter the CHAP Secret and Retype Secret values. You are about to modify the ID/Secret of this server. Check all products that this server is managing and make sure the corresponding Software ID/Secret is updated appropriately.
Configuring the login banner display 3 Configuring the login banner display To configure the login banner display, complete the following steps. 1. Select SAN > Options. The Options dialog box displays. 2. Select Security Misc in the Category list. 3. Select the Display login banner upon client login check box. 4. Enter the message you want to display every time a user logs into this server in the Banner Message field. This field contains a maximum of 1024 characters. 5.
3 Software Configuration Software Configuration The Management application allows you to configure the following software settings: • • • • • • • Client export port—A port for communication between the client and server. Discovery—HTTP or HTTP over SSL when connecting to the switch. FTP/SCP overview—Internal or external FTP server settings. IP Configuration—Configure the Ethernet ports with the IP address. Memory allocation—Memory allocation for the client and server. Server port—Server port settings.
Discovery 3 3. Enter the client export port number to set a fixed port number for the client in the Client Export Port field. 4. Click Apply or OK to save your work. NOTE Changes to this option take effect after a client restart. 5. Click OK on the “changes take effect after client restart” message. Discovery You can configure connections between the switch and the Management application server. Configuring Discovery To configure discovery, complete the following steps. 1. Select SAN > Options.
3 FTP/SCP overview 3. Choose one of the following options: • If you want to connect using HTTP, complete the following steps. a. Select the Connect using HTTP option. a. Enter the connection port number in the Port # field. Continue with step 4. • If you want to connect using HTTPS (HTTP over SSL), complete the following steps. a. Select the Connect using HTTPS (HTTP over SSL) only option. b. Enter the connection port number in the Port # field. Continue with step 4. 4.
FTP/SCP overview 3 Configuring an internal FTP server To configure the internal FTP server settings, complete the following steps. 1. Select SAN > Options. The Options dialog box displays (Figure 46). FIGURE 46 Options Dialog Box (FTP/SCP option) 2. Select FTP/SCP in the Category list. 3. Select the Use built-in FTP Server option to use the default built-in FTP server. All active fields are mandatory. 4. Change your password by entering a new password in the Password and Confirm Password fields. 5.
3 FTP/SCP overview Configuring an external FTP server To configure the external FTP server settings, complete the following steps. 1. Select SAN > Options. The Options dialog box displays. 2. Select FTP/SCP in the Category list. 3. Select the Use External FTP Server and/or SCP Server option. 4. Select the External FTP Server check box to configure the external FTP server. All fields are mandatory. 5. Enter the IP address for the remote host in the Remote Host IP field. 6.
FTP/SCP overview 3 9. Click Test to test the FTP server. A “Server running successfully” or an error message displays. If you receive an error message, make sure your credentials are correct, the server is running, the remote directory path exists, and you have the correct access permission; then try again. 10. Click OK on the message. 11. Click Apply or OK to save your work. Testing the FTP and SCP server To test the FTP and SCP server, complete the following steps. 1. Select SAN > Options.
3 IP Configuration IP Configuration You can configure IP Configuration settings. Configuring IP Configuration settings NOTE The server binds using IPv6 address by default if your Operating System is IPv6-enabled (dual mode or IPv6 only). The server binds using IPv4 address by default if your Operating System is IPv4-enabled. Servers running in dual mode allow the client to communicate from both IPv6 and IPv4 addresses.
IP Configuration 3 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step 4. • Select a specific IP address. Continue with step 5. • Select localhost. Continue with step 5. When Server IP Configuration is set to All, you can select any available IP address as the Return Address. If you select a specific IP address, the Return Address list shows the same IP address and you cannot change it. 4.
3 IP Configuration 10. Login to the application using the following steps. a. To open the application, double-click the desktop icon or open from the Start menu. The Log In dialog box displays b. Enter your user name and password. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. c.
IP Configuration 3 10. Open the .properties file (located in the \conf\ folder) in a text editor (such as Notepad). 11. Edit the following variable: java.rmi.server.hostname= 12. Save and close the file. 13. Open the Server Management Console from the Start menu. 14. Click the Services tab, if necessary, and click Start. 15. Login to the application using the following steps. a.
3 IP Configuration Configuring the application to use dual network cards Issues with Client-to-Server connectivity can be due to different reasons. Some examples are: • The computer running the Server has more than one network interface card (NIC) installed. • The computer running the Server is behind a firewall that performs network address translation.
Memory allocation 3 Memory allocation You can configure memory allocation for the client and server to improve performance. You can trigger switch polling when a state changes or you can poll at intervals when no state change occurs. NOTE SAN size is a consideration in selection of polling periods. Configuring memory allocation settings To configure memory allocation settings, complete the following steps. 1. Select SAN > Options. The Options dialog box displays (Figure 48). 2.
3 Memory allocation FIGURE 48 Options Dialog Box (Memory Allocation option) 3. Select the size of the SAN (small, medium, or large) you want to configure in the Current SAN Size is list. Memory and asset polling values change to the new default values when you change the SAN size. You may increase these values. 4. Click OK on the confirmation message. 5. Enter the memory allocation (MB) for the client in the Client Memory Allocation field.
Memory allocation 3 6. Enter the memory allocation (MB) for the server in the Server Memory Allocation field. If your server has a minimum of 2 Gb RAM, change the default server memory value to 1024 MB. If your server is running less than 2 Gb RAM, do not change the default (512 MB). Do not exceed the following server memory values: • For Windows systems, the maximum server memory allocation is 1.4 GB. • For UNIX systems, the maximum server memory allocation is 2 GB.
3 Server port 5. Click Apply or OK to save your work. NOTE Changes to this option take effect after an application restart. 6. Click OK on the “changes take effect after application restart” message. Server port You can configure the server port settings so that you can assign a web server port number and set the server port to be SSL-enabled. Configuring the server port To configure server settings, complete the following steps. 1. Select SAN > Options. The Options dialog box displays (Figure 49).
Support mode 3 5. Enter a port number in the Starting Port # field. The server requires 13 consecutive free ports beginning with the starting port number. 6. Click Apply or OK to save your work. NOTE Changes to this option take effect after application restart. 7. Click OK on the “changes take effect after application restart” message. Support mode You can configure support settings to allow enhanced diagnostics.
3 Fabric tracking 3. Select the Log client support data - Log Level list, and select the type of log data you want to configure. Log level options include: All, Fatal, Error, Warn, Info, Debug, Trace, and Off. Default is Info. The log level options return to the default value (Info) when the client or server is restarted. 4. Select the Log server support data - Log Level list, and select the type of log data you want to configure.
Fabric tracking 3 Disabling fabric tracking To disable fabric tracking, choose from one of the following options: • Select the fabric on which you want to disable fabric tracking on the Product List or Connectivity Map and select Monitor > Track Fabric Changes. • Right-click the fabric on which you want to disable fabric tracking on the Product List or Connectivity Map and select Track Fabric Changes.
3 License License NOTE If your installation does not require a serial number and license key, the License dialog box does not display. License keys are unique strings of alphanumeric characters that verify ownership of the Management application software as well as determine the maximum port count allowed or any additional features (such as Event Management) that you receive as part of the license. NOTE Enterprise edition can manage up to 9000 ports.
Entering the license key 3 Entering the license key A license key is required to run the application. The key specifies the expiration date of a trial license, as well as the number of ports allowed. NOTE You are not required to enter a license key for a trial license. If you do not enter the license key during installation of the Enterprise edition, you can use the application, including all of its features, for a trial period of 75 days.
3 Setup tools 7. Select or clear the Save password check box to choose whether you want the application to remember your password the next time you log in. 8. Click Login. 9. Click OK on the Login Banner. Setup tools You can add third-party tools to the Tools menu or shortcut menus to open other software products you frequently use. Adding a tool You can specify third-party tools so they appear on the Setup Tools dialog box.
Entering the server IP address of a tool 3 8. Click OK to save your work and close the Define Tools dialog box. 9. Click OK to save your work and close the Setup Tools dialog box. Entering the server IP address of a tool If the third-party tool is a web-based application, you must enter the IP address of the applications server as a parameter to be able to open the application. To enter the server IP address, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2.
3 Adding an option to the Tools menu FIGURE 52 Setup Tools Dialog Box (Tools menu tab) 3. Type a label for the option as you want it to appear on the Tools menu in the Menu Text field. 4. Select the application from the Tool list, or click Define if you want to specify a new tool. To specify a new tool, refer to “Adding a tool” on page 138. 5. (Optional) Enter parameters, such as a URL, in the Parameters field. 6. (Optional) Select a keyboard shortcut in the Keystroke list.
Changing an option on the Tools menu 3 Changing an option on the Tools menu You can edit parameters for third-party tools that display on the Tools menu. To edit a option to the tools menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Tools Menu tab. The Tool Menu Items table displays all configured tools, including the tool name as it displays on the Tools menu, parameters, and keystroke shortcuts. 3.
3 Adding an option to a device’s shortcut menu Adding an option to a device’s shortcut menu You can add an option to a device’s shortcut menu. To add an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. Click the Product Menu tab (Figure 53). FIGURE 53 Setup Tools Dialog Box (Product Menu tab) The Product Popup Menu Items table displays all configured shortcut menu options. 2.
Changing an option on a device’s shortcut menu 7. 3 Select the tool that you want to launch from the Tool list, or click Define to add a tool. To specify a new tool, refer to “Adding a tool” on page 138. 8. Select the Append device ID check box to specify the parameter used when opening the tool. - To specify that the device’s IP address should be used when opening the tool, select the IP Address option.
3 Removing an option from a device’s shortcut menu 9. Select the tool from the Tool list that you want to launch, or click Define to add a tool. To specify a new tool, refer to “Adding a tool” on page 138. 10. Select the Append device ID check box to specify the parameter used when opening the tool. - To specify that the device’s IP address should be used when opening the tool, select the IP Address option.
Launching a Telnet session 3 Launching a Telnet session You can use Telnet to log in and issue command line-based commands to a switch. NOTE The switch must have a valid IP address. If the device does not have a valid IP address, the Telnet selection will not be available on the Tools menu or the shortcut menu. You must right-click the device icon, select Properties, and enter the device’s IP address before you can open a Telnet session. To launch a telnet session, complete the following steps.
3 Launching Web Tools Launching Web Tools Use Brocade Web Tools to enable and manage Brocade Access Gateway, Switches, and Directors. You can open Web Tools directly from the application. For more information about Web Tools, refer to the Brocade Web Tools Administrator’s Guide. For more information about Brocade Access Gateway, Switches, and Directors, refer to the documentation for the specific device. To launch a device’s Element Manager, complete the following steps.
Launching HCM Agent 3 Launching HCM Agent Use Brocade HCM Agent to enable and manage Brocade HBAs. You can open HCM Agent directly from the application. For more information about HCM Agent, refer to the Brocade HCM Agent Administrator’s Guide. For more information about Brocade HBAs, refer to the documentation for the specific device. To launch a device’s Element Manager, complete the following steps. NOTE You must have Device Administration privileges for the selected device to launch HCM Agent.
3 Topology layout Topology layout This section provides an overview of topology layout options and instructions for changing the layout. You can customize various parts of the topology, including the layout of devices and connections as well as groups’ background colors, to easily and quickly view and monitor devices in your SAN. The following menu options are available on the View menu. Use these options to customize the topology layout. Map Display.
Customizing the layout of devices on the topology 3 Customizing the layout of devices on the topology You can customize the layout of devices by group type or for the entire Connectivity Map. Customizing the layout makes it easier to view the SAN and manage its devices. Group types include Fabric, Host, Storage, and Switch groups. The Map Display Layout list varies depending on what you selected (group type or Connectivity Map). 1.
3 Changing a group’s background color Changing a group’s background color You can customize the topology by changing a group’s background color. 1. Right-click a group or the Connectivity Map and select Map Display. The Map Display Properties dialog box displays (Figure 54). FIGURE 54 Map Display Dialog Box 2. Select the Custom option and click Change. The Choose a background color dialog box displays (Figure 55). FIGURE 55 Map Display Dialog Box 3.
Reverting to the default background color 3 4. Click OK to change the background color, or click Reset to return all settings to the color currently being displayed on the topology. 5. Click OK on the Map Display Properties dialog box. Reverting to the default background color You can revert back to the default background color. 1. Right-click a group and select Map Display. The Map Display Properties dialog box displays. 2. Select the Default option. 3. Click OK on the Map Display Properties dialog box.
3 Changing the port display Changing the port display You have the option of viewing connected (or occupied) product ports, unoccupied product ports, or attached ports. NOTE Occupied/connected ports are those that originate from a device, such as a switch. Attached ports are ports of the target devices that are connected to the originating device. Select View > Port Display, then select one or more of the following options: • Occupied Product Ports.
Creating a customized view FIGURE 56 3 Create View dialog box - Fabrics Tab 2. Enter a name (128 character maximum) and a description (126 character maximum) for the view. NOTE You cannot use the name View or View All. 3. In the Available Fabrics table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table.
3 Editing a customized view Editing a customized view You may only edit customized views that you have created. Customized view settings reside on the Server. Only users with the same login to the same Server can see and edit the view settings. No individual user can have access to the views created by another user. 1. Use one of the following methods to open the Edit View dialog box: • Select View > Manage View > Edit View > .
Deleting a customized view 3 5. Click OK to save your changes and close the Edit View dialog box. 6. Verify your changes on the main window. Deleting a customized view Customized view settings reside on the Server. No individual user has access to the views created by another user and therefore cannot delete another user’s view. To delete a customized view, use the following procedure. 1. Select View > Manage View > Delete View > . 2. Click Yes on the message. Copying a view 1.
3 Grouping on the topology Expanding groups To expand a group on the topology, do one of the following: • Double-click on the group icon. • Right-click the group icon and select Expand from the shortcut menu. To expand all groups on the topology by one level, click the Expand button on the toolbox ( ). Viewing connections You can view the connections in a fabric using one of the following methods: • Select a fabric and then select View > Connected End Devices and select Hide All, Show All, or Custom.
Grouping on the topology 3 3. Click the right arrow to move the selected zones to the Selected Zones list. 4. Click Save. The Save Application dialog box displays. 5. Enter a new name in the Application Name field. 6. Click OK on the Save Application dialog box. 7. Click OK on the Connected End Devices - Custom display for dialog box. The saved custom connection configuration displays in the Connected End Devices menu.
3 158 Grouping on the topology DCFM Enterprise User Manual 53-1001357-01
Chapter 4 Server Management Console In this chapter • Server management console overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Changing server port numbers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Restoring the database. . . . .
4 Services Launching the SMC on Linux and Solaris Perform the following steps to launch the server management console on Linux and Solaris systems. 1. On the Management application server, go to the following directory: /bin 2. Type the following at the command line: ./smc Services You must be logged in at the administrator (Windows systems) or root (UNIX systems) level to stop, start, and restart the Management application services.
Refreshing the server status 4 • Status—The status of the service; for example, started or stopped. • Start Time—The date and time the service started. 4. Click Close to close the Server Console. Refreshing the server status To refresh the server status for each of the Management application services, complete the following steps. 1. Launch the Server Console. 2. Click the Services tab. 3.
4 Restarting all services Restarting all services To stop and restart all services, complete the following steps. 1. Launch the Server Console. 2. Click the Services tab. 3. Click Start or Stop to start or stop all services. Note that clicking Restart stops and then restarts all services. NOTE If the server is configured to use an external FTP server, the Server Management Console does not attempt to start the built-in FTP service. 4. Click Close to close the Server Console.
Authentication 4 Authentication The Authentication function enables you to configure an authentication server and establish authentication policies. Authentication is configured to the local database by default. If you configure primary authentication to a Radius server, an LDAP server, or switch authentication, you can also configure secondary authentication to the local server.
4 Configuring a Radius server 1. Select the Authentication tab (Figure 62). FIGURE 62 Authentication tab 2. For Primary Authentication, select Radius Server. 3. Click Add. The Add or Edit Radius Server dialog box is displayed (Figure 63). FIGURE 63 Add or Edit Radius Server 4. Enter the radius server’s IP address in the IP Address field. 5. Enter the TCP port used by the Radius server in the TCP Port field. 6. Select the authentication policy (PAP or CHAP) from the Authentication Type field. 7.
Configuring an LDAP server 4 10. Click OK to return to the Authentication tab. 11. If you have established an active connection with the Radius server, click Test. Test attempts to contact the Radius server by issuing a ping command. 12. Click Apply to save the configuration. Configuring an LDAP server If you are using an LDAP server for authentication, make the following preparations first: • Have the IP address of the server available. • Know the TCP port you are using.
4 Configuring switch authentication Configuring switch authentication Switch authentication enables you to authenticate a user account against the switch database and the Management application server. You can configure up to three switches and specify the fall back order if one or more of the switches is not available. NOTE Switch authentication is only supported on Fabric OS devices. To configure switch authentication, complete the following steps. 1. Select the Authentication tab. 2.
Configuring Windows authentication 4 Configuring Windows authentication Windows authentication enables you to authenticate a user account against the switch database and the Management application server when running on Windows hosts.
4 Configuring UNIX password file authentication Configuring UNIX password file authentication UNIX password file (etc/password) authentication enables you to authenticate a user account against the UNIX user account and the Management application server when running on UNIX platforms. To configure UNIX password file authentication, complete the following steps. 1. Select the Authentication tab. 2. For Primary Authentication, select Password File. 3. Click Test. The Test Authentication dialog box displays.
Restoring the database 4 3. Enter your username and password in the appropriate fields and click OK. The defaults are Administrator and password, respectively. The Authentication Audit Trail log displays. The audit trail shows user names that have attempted to log in to the Management application, and changes to user authentication. 4. Click the Client to Server Authentication tab to view the client to server authentication status. 5.
4 Capturing technical support information 7. Click Start to start the server. 8. Click Close to close the dialog box. Capturing technical support information The Technical Support Information tab of the SMC allows you to capture technical support information for the Management application as well as the configuration files for all switches in discovered fabrics. This information is saved in a zip file in a location that you specify.
Upgrading HCM on the Management server 4 Upgrading HCM on the Management server The HCM Upgrade tab enables you to upgrade the Management application to include a new version of HCM. To upgrade HCM, complete the following steps. 1. Select the HCM Upgrade tab (Figure 67). FIGURE 67 HCM Upgrade tab 2. Click Browse to select the HCM installation folder location (for example, C:\Program Files\BROCADE\FCHBA on Windows systems and /opt/BROCADE/FCHBA on Solaris and Linux systems). 3. Click Upgrade. 4.
4 172 Upgrading HCM on the Management server DCFM Enterprise User Manual 53-1001357-01
Chapter 5 Device Configuration In this chapter • Configuration repository management . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Device properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enhanced group management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Firmware management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • HBA server mapping . . . . . . . . . . . . . . . . .
5 Configuration repository management Saving switch configurations NOTE Save switch configuration is only supported on Fabric OS switches. NOTE To save switch configuration on more than one switch at a time, you must have the Enhanced Group Management license. Configuration files are uploaded from the selected switches and stored in individual files. Files are named with the convention cfg_fabricName_switchName_domainID. 1. Select Configure > FC Switch > Save.
Restoring a switch configuration for a selected device 5 Restoring a switch configuration for a selected device The Restore Switch Configuration dialog box enables you to download a previously saved switch configuration to a selected device. To restore a switch configuration, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Restore. The Restore Switch Configuration dialog box is displayed (Figure 68).
5 Backing up a switch configuration Backing up a switch configuration NOTE The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all fabrics discovered. Any new fabrics being discovered are automatically added to the list of fabrics to be backed up.
Restoring a configuration from the repository 5 3. Set the Schedule parameters. These include the following: - The desired Frequency for backup operations (daily, weekly, monthly). The Start Date (day, month, and year), and Start Time (hour, minute). The maximum age allowed before you Purge Backups. 4. Select the scope of the backup.
5 Viewing configuration file content 2. Select the configuration you want to restore, and click Restore. The configuration is downloaded to the device. If necessary, the restoration process prompts you to disable and reboot the device before the configuration begins. This lets you determine whether the configuration backup should be performed immediately or at a later time.
Searching the configuration file content 5 Searching the configuration file content To search the configuration file content, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box is displayed. 2. Click View. The configuration details display. 3. Enter the information you want to search for in the field and click Search.
5 Exporting a configuration Exporting a configuration 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box is displayed. 2. Select the configuration you want to export, and click Export. The file chooser appropriate to your operating system is displayed. 3. Use the file chooser to select the location into which you want to export the configuration. 4. Click Export.
Replicating security configurations 5 Replicating security configurations You can replicate an AD/LDAP Server, DCC, IP, RADIUS Server, or SCC security policy. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Replicate > Security. A wizard is launched to guide you through the process. Device properties You can customize the device Properties dialog boxes to display only the data you need by adding, editing, and deleting property labels.
5 Device properties TABLE 10 Device properties Field Description Device Type Whether the device is an initiator or target. Description A description of the customer site. Destination IP Address The IP address of the of the FCIP tunnel destination device. Discovery Status The name of the device that is discovered. Domain ID The device’s domain ID, which is the top-level addressing hierarchy of the domain. Fabric Name The name specified through the device Element Manager.
Device properties TABLE 10 5 Device properties Field Description Reason The device status. Remote Switch Name The remote switch name of the trunk. Remote Switch IP The remote switch IP address of the trunk. Remote Switch WWN The remote switch world wide name of the trunk. Remote Slot # The remote slot number of the trunk. Remote Master Port The remote master port of the trunk. Remote Member Ports The remote member port of the trunk. Serial # The hardware serial number.
5 Adding a property label Adding a property label You can add a new field to any of the tabs on the Properties dialog box. To add a new field, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays. 2. Select the tab to which you want to add a property. 3. Right-click on any label. The new property label displays above the one you select. 4. Select Add. The Add Property dialog box displays. 5. Type a label and description for the property.
Deleting a property label 5 Deleting a property label You can delete any label that you created on any of the tabs from the Properties dialog box. To delete a label, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays. 2. Select the tab on which you want to delete a property. 3. Right-click the label for the property you want to delete. 4. Select Delete. 5. Click Yes on the confirmation message. The property you selected is deleted.
5 Firmware management Firmware management A firmware file repository (Windows systems only) is maintained on the server in the following location: C:\Program Files\\data\ftproot\6.1.1\n.n.n\n.n.n\ The firmware repository is used by the internal FTP server that is delivered with the Management application software, and may be used by an external FTP server if it is installed on the same platform as the Management application software.
Importing a firmware file and release notes FIGURE 74 5 Firmware repository 3. View information about a specific firmware file by selecting the firmware file in the Firmware Repository. The Firmware Name, Release Date, and Import Date are displayed. You may also view the Release Notes, if the release notes were imported. Importing a firmware file and release notes Firmware files and release notes can be imported into the Firmware Repository. 1. Select Configure > Firmware Management.
5 Deleting a firmware file 4. Type in the location of the firmware file and release notes, or use Browse to select the location. The Management application supports .zip and .gz compression file types for firmware files. 5. Click OK. You return to the Repository tab. The file is listed in the Firmware Repository when the import is complete and successful. Deleting a firmware file Firmware files can be deleted from the Firmware Repository. 1. Select Configure > Firmware Management.
Downloading firmware 5 Downloading firmware NOTE Non-disruptive firmware download (HCL) is not supported when downgrading from Fabric OS version 6.2 to 6.1. You must remove all non-default logical switches and disable Virtual Fabrics before downgrading. NOTE You cannot use Fabric OS firmware download with command line options in the Management application. You can download firmware using the Firmware Management dialog box. 1. Select Configure > Firmware Management.
5 HBA server mapping 7. If you configured an external server (in the Options dialog box), choose from one of the following options: • Select External FTP Server to download from the external FTP server. • Select SCP Server to download from the external SCP server. 8. Enter the path to the firmware directory (only displays if external server is configured in Options dialog box). 9. Click Download. While the firmware is downloaded to the device, the Status column displays the current download status.
HBA server mapping 5 Creating a new HBA server To create a new server, complete the following steps. 1. Right-click an HBA icon and select Server Port Mapping. The HBA Server Mapping dialog box displays. FIGURE 77 HBA Server Mapping Dialog Box 2. Click New Server. A new server displays in the Servers table in edit mode. 3. Double-click the new server name to make it editable, type a name for the new Server, and press Enter. The name of the new server appears in the Servers table in alphabetical order.
5 HBA server mapping Renaming an HBA server To rename a server, complete the following steps. 1. Right-click an HBA icon and select Server Port Mapping. The HBA Server Mapping dialog box displays. 2. Click the server you want to rename in the Servers table, wait a moment, and then click it again. The server displays in edit mode. 3. Type a new name for the server. The name of the server appears in the Servers table in alphabetical order with the new name.
HBA server mapping 5 Associating an HBA with an HBA server ATTENTION Discovered information overwrites your user settings. To associate an HBA with a server, complete the following steps. 1. Right-click an HBA icon and select Server Port Mapping. The HBA Server Mapping dialog box displays. 2. Select the server to which you want to assign HBAs in the Servers table. 3. Select the HBA from the HBAs table on the left and click the right arrow. The HBA displays in the Servers table.
5 HBA server mapping To import HBA server mapping, complete the following steps. 1. Right-click an HBA icon and select Server Port Mapping. The HBA Server Mapping dialog box displays. 2. Click Import. The Import dialog box displays. 3. Browse to the file (CSV format only) you want to import. 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure and well-formed WWNs, and counts number of errors.
Port fencing 5 Port fencing Port Fencing allows you to protect your SAN from repeated operational or security problems experienced by ports. Use Port Fencing to set threshold limits for the number of specific port events permitted during a given time period on the selected object. Port Fencing objects include the SAN, Fabrics, Directors, Switches (physical), Virtual Switches, Ports, as well as Port Types (E_port, F_port, and FX_port). Use Port Fencing to directly assign a threshold to these objects.
5 Thresholds NOTE Fabric OS devices are allowed only 2 defined thresholds (one default and one custom) foe each threshold type and only one of these thresholds can be active on the device. During the dynamic operation of a Fabric, any port could be any type. For example, a technician could disconnect a port from a switch and reconnect that port to a storage port, or the port could change from an E_port to an F_port.
Thresholds 5 Invalid CRCs threshold NOTE This threshold is only available for Fabric OS devices. Use this type of threshold to block a port when an Invalid CRCs violation meets the Fabric OS switch threshold. Invalid words threshold NOTE This threshold is only available for Fabric OS devices. Use this type of threshold to block a port when an Invalid Words violation meets the Fabric OS switch threshold.
5 Adding thresholds State Change threshold NOTE This threshold is only available for Fabric OS devices running 6.3 or later. Use this type of threshold to block a port when a state change violation type meets the Fabric OS switch threshold. For 4 Gbps Router, Extension Switches and Blades only, when you apply this threshold on an E Port, the threshold is also applied to the VE Ports (internally by Fabric OS).
Adding thresholds FIGURE 78 5 Port Fencing Dialog Box 2. Select C3 Discard Frames (FOS only) from the Violation Type list. 3. Click Add. The Add C3 Discard Frames Threshold dialog box displays. FIGURE 79 Add C3 Discard Frames Threshold Dialog Box 4. Enter a name for the threshold in the Name field. 5. Select one of the following options: • Default—Uses device defaults. Go to step 8. • Custom—Uses your selections. Continue with step 6. 6.
5 Adding thresholds 7. Select the time period for the threshold from the errors per list. The following choices are available: • None—the port is blocked as soon as the specified number of C3 discarded frames allowed is met. • Second—the port is blocked as soon as the specified number of C3 discarded frames allowed is reached within a second. • Minute—the port is blocked as soon as the specified number of C3 discarded frames allowed is reached within a minute.
Adding thresholds 7. 5 Select the time period for the threshold from the errors per list. The following choices are available: • None—the port is blocked as soon as the specified number of invalid CRCs allowed is met. • Second—the port is blocked as soon as the specified number of invalid CRCs allowed is reached within a second. • Minute—the port is blocked as soon as the specified number of invalid CRCs allowed is reached within a minute.
5 Adding thresholds 7. Select the time period for the threshold from the errors per list. The following choices are available: • None—the port is blocked as soon as the specified number of invalid words allowed is met. • Second—the port is blocked as soon as the specified number of invalid words allowed is reached within a second. • Minute—the port is blocked as soon as the specified number of invalid words allowed is reached within a minute.
Adding thresholds 5 Adding a Link Reset threshold NOTE This threshold is only available for Fabric OS devices. Use this threshold to block a port when a Link Reset violation meets the FOS switch threshold. To add a Link Reset threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Link Reset (FOS only) from the Violation Type list. 3. Click Add. The Add Link Reset Threshold dialog box displays.
5 Adding thresholds Adding a Protocol Error threshold To add a Protocol Error threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Protocol Error from the Violation Type list. 3. Click Add. The Add Protocol Error Threshold dialog box displays. FIGURE 84 Add Protocol Error Threshold Dialog Box 4. Enter a name for the threshold in the Name field. 5. (M-EOS devices only) Select the M-EOS check box. a.
Adding thresholds 5 • Hour—the port is blocked as soon as the specified number of protocol errors allowed is reached within a hour. • Day—the port is blocked as soon as the specified number of protocol errors allowed is reached within a day. 7. Click OK to add the protocol errors threshold to the table and close the Add Protocol Error Threshold dialog box. To assign this threshold to fabrics, switches, or switch ports, refer to “Assigning thresholds” on page 207. 8.
5 Adding thresholds • Default—Uses device defaults. Go to step 8. • Custom—Uses your selections. Continue with step 6. 6. Enter the number of state changes allowed for the threshold in the Threshold errors field. 7. Select the time period for the threshold from the errors per list. The following choices are available: • None—the port is blocked as soon as the specified number of state changes allowed is met.
Assigning thresholds 7. 5 Click OK to add the security threshold to the table and close the Add Security Threshold dialog box. To assign this threshold to fabrics, switches, or switch ports, refer to “Assigning thresholds” on page 207. 8. Click OK on the Port Fencing dialog box. Assigning thresholds You can assign thresholds to any active object in the Ports table. You can only assign one threshold to an object at a time.
5 Avoiding port fencing inheritance 4. Click Unblock. 5. Click OK on the message. If you did not solve the root problem, the threshold will trigger again. 6. Click OK on the Port Fencing dialog box. Avoiding port fencing inheritance When you directly assign a threshold to an object, the threshold is inherited by all subordinate objects in the tree (unless they already have directly assigned thresholds). You cannot remove an inherited threshold from a subordinate object.
Editing thresholds 5 3. Select the threshold you want to change and click Edit. The Edit C3 Discard Frames dialog box displays. FIGURE 87 Edit C3 Discard Frames Threshold Dialog Box 4. Change the name for the threshold in the Name field, if necessary. 5. Select one of the following options: • Default—Uses device defaults. Go to step 8. • Custom—Uses your selections. Continue with step 6. 6. Change the number of discarded frames allowed for the threshold in the Threshold field, if necessary. 7.
5 Editing thresholds Editing an Invalid CRCs threshold NOTE This threshold is only available for Fabric OS devices. To edit an Invalid CRCs threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Invalid CRCs (FOS only) from the Violation Type list. 3. Select the threshold you want to change and click Edit. The Edit Invalid CRCs Threshold dialog box displays. FIGURE 88 Edit Invalid CRCs Threshold Dialog Box 4.
Editing thresholds 5 Editing an Invalid Words threshold NOTE This threshold is only available for Fabric OS devices. To edit an Invalid Words threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Invalid Words (FOS only) from the Violation Type list. 3. Select the threshold you want to change and click Edit. The Edit Invalid Words Threshold dialog box displays. FIGURE 89 Edit Invalid Words Threshold Dialog Box 4.
5 Editing thresholds Editing a Link threshold To edit a Link threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Link from the Violation Type list. 3. Click Edit. The Edit Link Threshold dialog box displays. FIGURE 90 Edit Link Threshold Dialog Box 4. Change the name for the threshold in the Name field, if necessary. 5. Change the number of link events allowed for the threshold from the Threshold errors list. 6.
Editing thresholds 5 Editing a Link Reset threshold NOTE This threshold is only available for Fabric OS devices. To edit a Link Reset threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Link Reset (FOS only) from the Violation Type list. 3. Select the threshold you want to change and click Edit. The Edit Link Reset Threshold dialog box displays. FIGURE 91 Edit Link Reset Threshold Dialog Box 4.
5 Editing thresholds Editing a Protocol Error threshold To edit a Protocol Error threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select Protocol Error from the Violation Type list. 3. Select the threshold you want to change and click Edit. The Edit Protocol Error Threshold dialog box displays. FIGURE 92 Edit Protocol Error Threshold Dialog Box 4. Change the name for the threshold in the Name field, if necessary. 5.
Editing thresholds 5 Editing a State Change threshold NOTE This threshold is only available for Fabric OS devices running 6.3 or later. To edit an State Change threshold, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays (Figure 78). FIGURE 93 Port Fencing Dialog Box 2. Select State Change (FOS only) from the Violation Type list. 3. Select the threshold you want to change and click Edit. The Edit State Change Threshold dialog box displays.
5 Editing thresholds 5. Select one of the following options: • Default—Uses device defaults. Go to step 8. • Custom—Uses your selections. Continue with step 6. 6. Edit the number of state changes allowed for the threshold in the Threshold errors field, if necessary. 7. Change the time period for the threshold from the errors per list, if necessary. The following choices are available: • None—the port is blocked as soon as the specified number of invalid CRCs allowed is met.
Finding assigned thresholds 5 5. Change the number of port events allowed for the threshold from the Threshold errors list, if necessary. 6. Change the time period for the threshold from the violations per list, if necessary. 7. Click OK on the Edit Security Threshold dialog box. If the threshold has already been assigned to ports, an “Are you sure you want to make the requested changes to this threshold on “X” ports?” message displays. Click OK to close.
5 Viewing all thresholds on a specific device Viewing all thresholds on a specific device To view all thresholds assigned to a specific switch, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Right-click anywhere in the Ports table and select Expand. 3. Right-click the device for which you want to view threshold information and select Switch Thresholds.
Removing thresholds 5 Removing thresholds from the thresholds table To remove thresholds from all Fabrics, Switches, and Switch Ports as well as the Threshold table, complete the following steps. 1. Select Configure > Port Fencing. The Port Fencing dialog box displays. 2. Select a threshold type from the Violation Type list. 3. Select the threshold you want to remove in the Thresholds table. 4. Click Delete. A removed icon ( click Delete.
5 Ports Ports You can enable and disable ports, as well as view port details, properties, type, status, and connectivity. Viewing port connectivity The connected switch and switch port information is displayed for all ports. To view port connectivity, choose one of the following steps: • Right-click a product icon and select Port Connectivity. • Select a product icon and select Monitor > Port Connectivity. The Port Connectivity View dialog box displays (Figure 96).
Ports TABLE 12 5 Port connectivity properties Field Description Buffer Limited Whether buffers are limited. Buffers Needed/Allocated The ratio of buffers needed relative to the number of buffers allocated. Calculated Status The operational status. There are four possible operation status values: • Up - Operation is normal. • Down - The port is down or the route to the remote destination is disabled. • Disabled - The connection has been manually disabled.
5 Ports TABLE 12 222 Port connectivity properties Field Description Device Type The device type; for example, target or initiator. FC4 Type The active FC4 type; for example, SCSI. FC Address The Fibre Channel address. Each FC port has both an address identifier and a world wide name (WWN). Flag Whether a flag is on or off. Hard Address The hard address of the device. Host Name The name of the host. Long Distance Whether the connection is considered to be normal or longer distance.
Refreshing the port connectivity view TABLE 12 5 Port connectivity properties Field Description Switch Routing Policy Whether a routing policy, for example, port-based routing policy, is enabled. Switch Secure Mode Whether switch secure mode is enabled. Switch Status The operational status. There are four possible operation status values: • Up - Operation is normal. • Down - The port is down or the route to the remote destination is disabled.
5 Filtering port connectivity Filtering port connectivity To filter results from the port connectivity view, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box The Filter dialog box displays (Figure 97). FIGURE 97 Filter Dialog Box 2. Click a blank cell in the Field column to select the property from which to filter the results. 3. Click a blank cell in the Relation column to select an action operation.
Viewing port details 5 Resetting the filter Reset immediately clears all existing definitions. You cannot cancel the reset. To reset the Filter dialog box, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box. The Filter dialog box displays. 2. Click Reset. All existing definitions are cleared automatically. You cannot cancel the reset. Enabling the filter To enable the filter, select the Filter check box.
5 Viewing ports and port properties Viewing ports and port properties To view ports on the Connectivity Map, right-click a product icon and select Show Ports. NOTE Show Ports is unavailable when the map display layout is set to Free Form (default). NOTE This feature is only available for connected products. On bridges and CNT products, only utilized Fibre Channel ports display; IP ports do not display.
Viewing ports and port properties 5 Depending on the port type, some of the following properties (Table 13) may not be available for all products. TABLE 13 Port properties Field Description # Virtual Session Ports The number of virtual session ports associated with the GE port. Additional Port Info Additional error information relating to the selected port. Address The address of the port. Active FC4 Types The active FC4 types. Active Tunnels The number of active tunnels.
5 Viewing ports and port properties TABLE 13 228 Port properties Field Description MAC Address The Media Access Control address assigned to a network adapters or network interface cards (NICs). Manufacturer Plant The name of the manufacturer plant. Modify button Click to launch the Element Manager. Model The model number of the device. Name The name of the switch.
Port types TABLE 13 5 Port properties Field Description Vendor The product vendor. Virtual FCoE Port Count The number of FC ports on the device. Port types On the Connectivity Map, right-click a switch icon and select Show Ports. The port types display showing which ports are connected to which products. NOTE Show Ports is unavailable when the map display layout is set to Free Form. NOTE This feature is only available for connected products.
5 Viewing port connection properties Viewing port connection properties You can view the information about products and ports on both sides of the connection. 1. Right-click the connection between two end devices on the Connectivity Map and select Properties. OR Double-click the connection between two devices on the Connectivity Map. The Connection Properties dialog box displays.
Viewing port connection properties TABLE 15 5 Port connection properties Field Description 2-IP Address The IP address of the second switch. 2-Trunk Whether there is a trunk on the second switch. 2-Speed (Gbps) The speed of the second switch. Selected Connection Properties table The connected device port information. Name The name of the switch. Slot # The slot number of the switch. User Port # The user port number of the switch.
5 Determining inactive iSCSI devices Determining inactive iSCSI devices For router-discovered iSCSI devices, you can view all of the inactive iSCSI devices in one list. To do this, use the Ports Only view and then sort the devices by FC Address. The devices that have an FC address of all zeros are inactive. 1. Select View All, Levels, and then Ports Only from the main window. 2. Use the scroll bar to view the columns to the right and locate the FC Address column in the Ports Only list. 3.
Viewing port optics 5 2. Review the port optics information. • Slot/Port #—The slot and port number of the selected fabric. • FC Address—The Fibre Channel address of the port. • TX Power—The power transmitted to the SFP in dBm and uWatts. NOTE The uWatts display requires devices with Fabric OS 6.1.0 and later. Devices running Fabric OS 6.0.0 and earlier only display dBm. • RX Power—The power received from the port in dBm and uWatts. NOTE The uWatts display requires devices with Fabric OS 6.1.
5 Port Auto Disable Port Auto Disable The Port Auto Disable dialog box allows you to enable and disable the port auto disable flag on individual FC_ports or on all ports on a selected device, as well as unblock currently blocked ports. NOTE The device must be running Fabric OS 6.3 or later. Viewing the port auto disable status NOTE The device must be running Fabric OS 6.3 or later. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays.
Enabling port auto disable on individual ports • • • • • • • • • 5 Port Type—Displays the port type. Port Number—Displays the port number. Port WWN—Displays the port world wide name. Port Name—Displays the port name. User Port #—Displays the user port number. PID—Displays the port identifier. Connected Port #—Displays the connected port number. Connected Port WWN—Displays the connected port world wide name. Connected Port Name—Displays the connected port name. 3.
5 Disabling port auto disable on individual ports Disabling port auto disable on individual ports NOTE The device must be running Fabric OS 6.3 or later. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to disable port auto disable (PAD) from the Fabric list. 3. Choose one of the following options from the Show list to filter the port list: • All Ports (default)—Displays all ports in the fabric.
Storage port mapping configuration 5 Storage port mapping configuration The Management application enables you to see multiple ports on your storage devices in a SAN. It also displays the relationship between multiple ports and represents them as attached to a storage array (device) in the Device Tree, Topology, and Fabric views. Occasionally, there are cases where the Management application cannot see the relationship between ports attached to the same storage device.
5 Adding storage ports to a storage array 4. Add storage ports to the new storage array. NOTE You must add at least one storage ports to the new storage array to save the new array in the system. For step-by-step instructions about adding ports to an array, refer to “Adding storage ports to a storage array” on page 238. 5. Click OK to save your work and close the Storage Port Mapping dialog box.
Reassigning mapped storage ports 5 3. Click the left arrow button. The selected storage port is removed from the Storage Array list and added to the Storage Ports table. 4. Click OK to save your work and close the Storage Port Mapping dialog box. Reassigning mapped storage ports To reassign a storage port, complete the following steps. 1. To open the Storage Port Mapping dialog box, choose from one of the following approaches.
5 Deleting a storage array 4. Click OK on the Properties dialog box to save the storage array properties. 5. Click OK to save your work and close the Storage Port Mapping dialog box. Deleting a storage array To delete a storage array, complete the following steps. 1. Open the Storage Port Mapping dialog box by performing one of the following actions: - Select a storage port icon in the topology view, then select Discover > Storage Port Mapping.
Viewing storage array properties 5 Viewing storage array properties To view storage array properties, complete the following steps. 1. Open the Storage Port Mapping dialog box by performing one of the following actions: - Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. - Right-click any storage port icon in the topology view and select Storage Port Mapping. Right-click any storage port in the Device Tree and select Storage Port Mapping.
5 Importing storage port mapping 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure (first entry must be the storage node name (WWN) and second entry must be the storage array name), well formed WWNs, and counts number of errors If more than 5 errors occur, import automatically cancels. Edit the storage port mapping file and try again.
Device Technical Support 5 Device Technical Support You can use Technical Support to collect supportSave data (such as, RASLOG, TRACE and so on) and switch events from Fabric OS devices. You can gather technical data for M-EOS devices using the device’s Element Manager. To gather technical support information for the Management application server, refer to “Capturing technical support information” on page 170.
5 Starting immediate technical support information collection Starting immediate technical support information collection NOTE The switch must be running Fabric OS 5.2.X or later to collect technical support data. NOTE The HBA must be a managed Brocade HBA. NOTE You must have the SupportSave privilege to perform this task. To capture technical support and event information for specified devices, complete the following steps. 1. Select Monitor > Technical Support > SupportSave.
E-mailing technical support information 5 4. Click the appropriate link to view details. 5. Click OK on the Repository dialog box. E-mailing technical support information To e-mail technical support information, complete the following steps. 1. Select Monitor > Technical Support > View Repository. The Repository dialog box displays. 2. Choose from one of the following options: • Select the Switches tab to e-mail technical support information on switches.
5 Failure data capture Failure data capture You can use Upload Failure Data Capture to enable, disable, and purge failure data capture files as well as configure the FTP Host for the switch. NOTE Upload Failure Data Capture is only supported on Fabric OS devices. Enabling failure data capture 1. Select Monitor > Technical Support > Upload Failure Data Capture. The Upload Failure Data Capture dialog box displays. FIGURE 102 Upload Failure Data Capture dialog box 2.
Disabling failure data capture 5 Disabling failure data capture NOTE Upload Failure Data Capture is only supported on Fabric OS devices. 1. Select Monitor > Technical Support > Upload Failure Data Capture. The Upload Failure Data Capture dialog box displays. 2. Select one or more devices on which you want to disable automatic trace dump from the Available Switches with Upload Failure Data Capture Enabled table. 3. Click the left arrow button.
5 Configuring the failure data capture FTP server Configuring the failure data capture FTP server NOTE Upload Failure Data Capture is only supported on Fabric OS devices. 1. Select Monitor > Technical Support > Upload Failure Data Capture. The Upload Failure Data Capture dialog box displays. 2. Select a device from the Available Switches with Upload Failure Data Capture Enabled table. 3. Click Change FTP Host. The Change FTP Server dialog box displays. FIGURE 103 Change FTP Server dialog box 4.
Viewing the upload failure data capture repository 5 Viewing the upload failure data capture repository NOTE Upload Failure Data Capture is only supported on Fabric OS devices. 1. Select Monitor > Technical Support > View Repository. The Repository dialog box displays. 2. Select the trace dump file you want to view from the Available Support and Upload Failure Data Capture Files table. 3. Click View. The Upload Failure Data Capture repository displays.
5 250 Viewing the upload failure data capture repository DCFM Enterprise User Manual 53-1001357-01
Chapter 6 Fabric Binding In this chapter • Fabric binding overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling fabric binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Disabling fabric binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Adding switches to the fabric binding membership list . . . . . . . . . . . . . . .
6 Enabling fabric binding Enabling fabric binding Fabric Binding is enabled through the Fabric Binding dialog box. After you have enabled Fabric Binding, use the Fabric Membership List to add switches that you want to allow into the fabric. NOTE In a pure Fabric OS environment, Fabric Binding is only supported on Fabric OS 5.2 or later. In a mixed Fabric OS and M-EOS environment, Fabric Binding is only supported on Fabric OS 6.0 or later and M-EOS manageable switches and fabrics. 1.
Disabling fabric binding 6 Disabling fabric binding Fabric Binding can be disabled while High Integrity Fabric is active if the switch is offline. This disables fabric binding and High Integrity Fabric on the switch, but not the rest of the fabric. Disabled switches segment from the fabric. Fabric Binding is disabled through the Fabric Binding dialog box. NOTE In a pure Fabric OS environment, Fabric Binding is only supported on Fabric OS 5.2 or later.
6 Adding detached devices to the fabric binding membership list Adding detached devices to the fabric binding membership list To add a switch that does not have a physical connection and is not discovered to the fabric, complete the following steps. 1. Select Configure > Fabric Binding. The Fabric Binding dialog box displays. 2. Click Add Detached Switch. The Add Detached Switch dialog box displays. 3. Enter the domain ID of the switch in the Domain ID field. 4.
High integrity fabrics 6 High integrity fabrics The High Integrity Fabric (HIF) mode option automatically enables features and operating parameters that are necessary in multiswitch Enterprise Fabric environments. When HIF is enabled, each switch in the fabric automatically enforces a number of security-related features including Fabric Binding, Switch Binding, Insistent Domain IDs, and Domain Register for State Change Notifications (RSCNs).
6 Activating high integrity fabrics High integrity fabric requirements The term high integrity fabric (HIF) refers to a set of strict, consistent, fabric-wide policies. There are several specific configuration requirements for high integrity fabrics: • Insistent domain ID (IDID) must be enabled in the participating switches. • Port-based routing must be used on the participating switches. • A policy must be set that limits connectivity to only the switches within the same fabric.
Deactivating high integrity fabrics 6 2. Select the fabric on which you want to activate HIF from the Fabric Name list. The HIF status displays in the High Integrity Fabric field. 3. Click Activate. For Pure Fabric OS fabrics, HIF activates the Switch Connection Control (SCC) policy, sets Insistent Domain ID, and sets the Fabric Wide Consistency Policy (FWCP) for SCC in strict mode.
6 258 Deactivating high integrity fabrics DCFM Enterprise User Manual 53-1001357-01
Chapter 7 Fault Management In this chapter • Fault management overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Event logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Event policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Event notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7 Event logs Event logs The Management application provides a variety of logs through which you can monitor the SAN. You can view all events that take place in the SAN through the Master Log at the bottom of the main window. You can also view a specific log by selecting an option from the Monitor menu’s Logs submenu. The logs are described in the following list: • Audit Log.
Copying part of a log entry 7 Copying part of a log entry You can copy data from logs to other applications. Use this to analyze or store the data using another tool. To copy part of a log, complete the following steps. 1. Select Monitor > Logs > . The Logs dialog box displays the kind of log you selected. 2. Select the rows you want to copy. • To select contiguous rows, select the first row you want to copy, press Shift, and click the contiguous row or rows you want to copy.
7 Exporting the entire log Exporting the entire log You can export the log data to a tab delimited text file. To export a log, complete the following steps. 1. Select Monitor > Logs > . The Log dialog box displays the kind of log you selected. 2. Right-click a row and select Export Table. The Save table to a tab delimited file dialog box displays. 3. Browse to the location where you want to export the data. 4. Enter a name for the file in the File Name field. 5. Click Save.
Displaying event details from the Master Log 7 5. Enter your e-mail address in the From field. 6. Click OK. E-mailing a range of event details from the Master Log NOTE You must configure e-mail notification before you can e-mail event details from the Master Log. To configure e-mail notification, refer to “Configuring e-mail notification” on page 284. To e-mail event details from the Master Log, complete the following steps. 1. Right-click an entry in the Master Log. 2. Select E-mail > Date.
7 Copying part of the Master Log TABLE 17 Event Field Description Virtual Fabric ID The virtual fabric identifier. Message ID The message text. Recommended Action The recommended action. Contributors The contributor to this event. Time (Host) The time this event occurred and the host on which it occurred. 4. Click Close to close the Event Details dialog box. Copying part of the Master Log You can copy data from logs to other applications.
Exporting the Master Log 7 Exporting the Master Log You can export the Master Log to a tab delimited text file. Use this to analyze or store the data using another tool. To export the Master Log, complete the following steps. 1. Right-click an entry in the Master Log. 2. Select Table > Export Table. The Save table to a tab delimited file dialog box displays. 3. Browse to the location where you want to export the data. 4. Enter a name for the file in the File Name field. 5. Click Save.
7 Filtering events in the Master Log 2. Select from the following to include or exclude event types. • To include an event type in the filter, select the event from the Available Events table and click the right arrow. • To exclude an event type from the filter, select the event from the Selected Events table and click the left arrow. 3. Click OK. 4. Select one of the following to determine what view to filter events.
Event policies 7 Event policies You can create policies for events you want to monitor. A policy is the mechanism defined by you that identifies the response to specific event types. You can customize the event management policy using triggers and actions, which are explained in this section. You can create a maximum of 10 policies at a time.
7 Adding an event policy Policy triggers A trigger is a logical filter that determines which conditions will initiate a set of predefined actions. You can set multiple triggers. The Management application enables you to set the following triggers: • IP Address — Initiates the defined action when the IP address of a device is encountered. • Node WWN — Initiates the defined action when the Node WWN of a device is encountered.
Adding an ISL offline policy 7 9. Enter all or part of the message ID associated with SNMP traps and Syslog messages in the Message ID field. If the entry matches or is part of the message ID, the policy is triggered. 10. Define the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 255 characters. Multiple values must be separated by a semi-colon.
7 Adding a PM threshold crossed policy 6. Define the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 255 characters. Multiple values must be separated by a semi-colon. When multiple values are entered, as long as at least one value matches the IP address, Node WWN, or Name in the event and all other conditions are met, an action is triggered. IP addresses can either be in IPv4 or IPv6 format and must be complete. A Node WWN is accepted with or without the colon. 7.
Adding a security violation policy 7 9. Select the duration type (Seconds or Minutes) from the Duration list. The maximum duration is 30 minutes. 10. Select the check box in the Actions list for each action you want to occur when this policy is triggered. For a list of the available actions, refer to “Policy actions” on page 268.
7 Defining the broadcast message action 11. Click OK on the Add Event Policy dialog box. 12. Select the Active check box for the policy you want to activate. 13. Click OK on the Event Policies dialog box. Defining the broadcast message action You can define the content of the broadcast message that occurs when a policy is triggered. You can only edit actions from the Add Event Policy, Duplicate Event Policy, or Edit Event Policy dialog boxes.
Defining the launch script action 7 Defining the launch script action NOTE Launch scripts with a user interface are not supported. You can define the path to the script that is launched when a policy is triggered. When the script launches, the Management application does not verify the existence of the script. The script must have the following characteristics: • It must reside on the Management application server.
7 Defining the send e-mail action Defining the send e-mail action You can define the content of the e-mail message that occurs when a policy is triggered. You can only edit actions from the Add Event Policy, Duplicate Event Policy, or Edit Event Policy dialog boxes.
Configuring support data capture action 7 Configuring support data capture action You can configure the Management application to start supportSave capture on Fabric OS devices when a policy is triggered. You can only edit actions from the Add Event Policy, Duplicate Event Policy, or Edit Event Policy dialog boxes.
7 Deleting a policy Deleting a policy 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to delete. Press Ctrl and then click to select more than one policy. 3. Click Delete. 4. Click OK on the Event Policies dialog box. Duplicating an event policy To duplicate an event policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to duplicate in the Policies table. 3.
Duplicating an ISL offline policy 7 10. Edit the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 255 characters. Multiple values must be separated by a semi-colon. When multiple values are entered, as long as at least one value matches the IP address, Node WWN, or Name in the event and all other conditions are met, an action is triggered. IP addresses can either be in IPv4 or IPv6 format and must be complete. A Node WWN is accepted with or without the colon. 11.
7 Duplicating a PM threshold crossed policy 8. Select the duration type (Seconds or Minutes) from the Duration list. The maximum duration is 30 minutes. 9. Select the check box in the Actions list for each action you want to occur when this policy is triggered. For a list of the available actions, refer to “Policy actions” on page 268.
Duplicating a security violation policy 7 11. Select the Active check box to activate the duplicated policy. 12. Click OK on the Event Policies dialog box. Duplicating a security violation policy To duplicate a security violation policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to duplicate in the Policies table. 3. Click Duplicate. The Duplicate Event Policy dialog box displays. 4.
7 Editing an event policy Editing an event policy To edit an event policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays. NOTE You cannot edit the event policy name. 4. Edit the description (255 characters maximum) for the policy in the Description field. 5.
Editing an ISL offline policy 7 Editing an ISL offline policy To edit an ISL offline policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays. 4. Edit the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 255 characters. Multiple values must be separated by a semi-colon.
7 Editing a PM threshold crossed policy Editing a PM threshold crossed policy To edit a PM threshold crossed policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays. 4. Edit the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 255 characters. Multiple values must be separated by a semi-colon.
Editing a security violation policy 7 Editing a security violation policy To edit a security violation policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays. 4. Define the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 255 characters. Multiple values must be separated by a semi-colon.
7 Event notification Event notification The Management application records the SAN events in the Master Log. You can configure the application to send event notifications to e-mail addresses at certain time intervals. This is a convenient way to keep track of events that occur on the SAN. You can also configure products to “call home” for certain events, notifying the service center of product problems. For instructions about configuring call home for events, refer to “Call Home” on page 75.
Setting up advanced event filtering 7 8. Select one of the following options: • Select Send to and enter an e-mail address for a user to send a test e-mail to a specific user. • Select Send to all users enabled for notification to send a test e-mail to all users already set to receive notification. 9. Click Send Test E-mail to test the e-mail server. A message displays whether the server was found.
7 Setting up advanced event filtering b. Select the event column for the event from the Event Column list. All event columns are listed in alphabetical order. c. Enter all or part of the event type value in the Value Contains text box. d. Click the right arrow button to move the event type to the Additional Filters - Filter out these Events table. 6. Click the Exclude Events tab. FIGURE 109 Advanced Event Filtering Dialog Box - Include Events tab a.
SNMP trap and informs registration and forwarding 7 SNMP trap and informs registration and forwarding You can configure the application to send SNMP traps and informs to other computers. To correctly configure trap forwarding, you must configure the target computer’s IP address and SNMP ports. To correctly configure informs, you must enable informs on the switch.
7 Removing a host server 5. Select a fabric from the Targeted Fabric list. 6. Select a severity (None, Critical, Error, Warning, Info, or Debug) from the Severity list. 7. Click OK on the SNMP Setup dialog box. Removing a host server You can remove any host server as the trap recipient on managed Fabric OS devices. To remove a host server, complete the following steps. 1. Select Monitor > SNMP Setup. The SNMP Setup dialog box displays. 2. Click the Other Recipients tab. 3.
Adding an SNMPv3 destination 7 4. Click Add. The Add/Edit Trap Recipient dialog box displays. a. (Optional) In the Description field, enter a description of the trap recipient. b. In the IP Address field, enter the trap recipient’s IP address. The Management application accepts IP addresses in IPv4 or IPv6 formats. c. Enter the trap recipient’s UDP port number, in the port field. d. Click OK on the Add/Edit Trap Recipient dialog box. 5. Click OK on the SNMP Setup dialog box.
7 Editing a destination Editing a destination To edit a destination, complete the following steps. 1. Select Monitor > SNMP Setup. The SNMP Setup dialog box displays. 2. Click the Trap Forwarding tab. 3. Select the destination you want to edit in the Destinations table and click Edit. The Add/Edit Trap Recipient dialog box displays. a. (Optional) In the Description field, edit the description of the trap recipient. b. In the IP Address field, edit the trap recipient’s IP address.
Enabling SNMP informs 7 Enabling SNMP informs NOTE SNMP Informs is only supported on Fabric OS 6.3 or later switches discovered through SNMP v3. For information about discovery through SNMP v3, refer to “Discovering fabrics” on page 39. You can enable SNMP informs on all Informs-capable Fabric OS switches. To enable Informs, complete the following steps. 1. Select Monitor > SNMP Setup. The SNMP Setup dialog box displays. 2. Click the Informs tab. 3. Select the Enable informs option. 4.
7 Syslog forwarding Syslog forwarding NOTE Syslog messages are only available on Fabric OS devices and Brocade HBAs (managed using HCM Agent). Syslog forwarding is the process by which you can configure the Management application to send Syslog messages to other computers. Switches only send the Syslog information through port 514; therefore, if port 514 is being used by another application, you must configure the Management application to listen on a different port.
Registering a host server 7 Registering a host server You can register any host server as the Syslog destination on managed Fabric OS devices. You can register different destinations for different fabrics. To register a host server, complete the following steps. 1. Select Monitor > Syslog Configuration. The Syslog Registration and Forwarding dialog box displays. 2. Click the Other Destination tab. 3. Select Add from the Action list. 4.
7 Editing a destination Editing a destination To edit a destination, complete the following steps. 1. Select Monitor > Syslog Configuration. The Syslog Registration and Forwarding dialog box displays. 2. Click the Syslog Forwarding tab. 3. Select the destination you want to edit in the Destinations table and click Edit. The Add/Edit Syslog Recipient dialog box displays. a. (Optional) In the Description field, edit the description of the Syslog recipient. b.
Disabling Syslog forwarding 7 Disabling Syslog forwarding You can disable Syslog forwarding on all defined destinations. To disable Syslog forwarding, complete the following steps. 1. Select Monitor > Syslog Configuration. The Syslog Registration and Forwarding dialog box displays. 2. Click the Syslog Forwarding tab. 3. Clear the Enable Syslog forwarding check box. 4. Click OK on the Syslog Registration and Forwarding dialog box.
7 296 Disabling Syslog forwarding DCFM Enterprise User Manual 53-1001357-01
Chapter 8 Performance Data In this chapter • Performance overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Real-time performance data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Historical performance data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • End-to-end monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Top Talker monitoring . . . . . . . . . . . .
8 Performance overview Performance measures Performance measures enable you to select one or more measures to define the graph or report. The measures available to you depend on the object type from which you want to gather performance data. • Tx % Utilization — available for FC, GE, Managed HBA ports, 10GE ports, and FCIP tunnels. • Rx % Utilization — available for FC, GE, Managed HBA ports, 10GE ports, and FCIP tunnels.
Performance management requirements • • • • 8 Dropped Frames — available for Managed HBA ports only. Bad EOF Frames — available for Managed HBA ports only. Invalid Ordered Sets — available for Managed HBA ports only. Non Frame Coding Error — available for Managed HBA ports only.
8 Performance management requirements Trap port: 162 Trap recipient Severity level: 4 Community 4: public (ro) Trap recipient: 192.168.102.41 Trap port: 162 Trap recipient Severity level: 4 Community 5: common (ro) Trap recipient: 10.32.150.116 Trap port: 162 Trap recipient Severity level: 4 Community 6: FibreChannel (ro) Trap recipient: 1001:0:0:0:0:0:0:172 Trap port: 162 Trap recipient Severity level: 4 - To set the SNMP v1 credentials on the device, use the snmpconfig --set snmpv1 command.
Performance management requirements Auth Priv User Auth Priv User Auth Priv - 8 Protocol: noAuth Protocol: noPriv 5 (ro): snmpuser2 Protocol: noAuth Protocol: noPriv 6 (ro): admin Protocol: noAuth Protocol: noPriv To set the SNMP v3 credentials on the device, use the snmpconfig --set snmpv3 command.
8 Performance management requirements - To check SNMP credentials in the Management application, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Select an IP address from the Available Addresses table. 3. Click Edit. The Address Properties dialog box displays. 4. Click the SNMP tab. 5. Select the v1 or v3 from the SNMP Version list. 6. Make sure SNMP credentials match those on the device. 7. Click OK on the Address Properties dialog box. 8.
Real-time performance data 8 • To collect performance on a Virtual Fabric enabled device, use the admin> userconfig --show command to make sure the Fabric OS user has access to all the Virtual Fabrics. Make sure that the SNMPv3 user name is same as the Fabric OS user name. Otherwise, the data is not collected for virtual switches with a non-default VF ID. By default the admin user has access to all Virtual Fabrics.
8 Generating a real-time performance graph Generating a real-time performance graph You can monitor a device’s performance through a performance graph that displays transmit and receive data. The graphs can be sorted by the column headers. You can create multiple real-time performance graph instances. NOTE To make sure that statistic collection for a switch does not fail, you must configure SNMP credentials for the switch. For step-by-step instructions, refer to “Configuring SNMP credentials” on page 43.
Filtering real-time performance data 8 Filtering real-time performance data To filter real-time performance data from the Real Time Performance Graphs dialog box, complete the following steps. 1. Open the Real Time Performance Graphs dialog box. For step-by-step instructions, refer to “Generating a real-time performance graph” on page 304. The Real Time Performance Graphs dialog box displays. FIGURE 111 Real Time Performance Graphs dialog box 2. Click Select to change the object type. 3.
8 Exporting real-time performance data 10. Select the granularity at which you want to gather performance data from the Granularity list. 11. Select the Interpolate check box to use interpolation to fill existing gaps, if necessary. 12. (Optional) Click Other Options and select the Use Same Y-axis check box to make the Y-axis range the same for object. The Use Same Y-axis check box is only available when you select Rx MB/sec and Tx MB/sec from the Measures list.
Historical performance data 8 Historical performance data Performance should be enabled constantly to receive the necessary historical data required for a meaningful report. The following options and features are available for obtaining historical performance data: • Collect historical performance data from the entire SAN or from a selected device. NOTE Virtual Fabric logical ISL ports are not included in performance collection. • Persist data on every polling cycle (5 minutes).
8 Disabling historical performance collection 2. Select the fabrics for which you want to collect historical performance data in the Available table. 3. Click the right arrow to move the selected fabrics to the Selected table. 4. Select the Include newly discovered fabrics check box to automatically add all newly discovered fabrics to the Selected table. 5. Click OK. Historical performance data collection is enabled for all selected fabrics.
Generating a historical performance graph 8 3. Select a default from the Favorites list or filter the historical data by completing the following steps. a. Select the number of results to display from the Display list. b. Select the ports from which you want to gather performance data from the From list. If you select Custom, refer to “Filtering data by ports” on page 309. c. Select the historical period for which you want to gather performance data from the For list.
8 Saving a historical performance graph configuration 2. Right-click a device in the Available table and select Expand All. 3. Select the ports (press Ctrl or Shift and then click to select multiple ports) from which you want to gather performance data from the Available table and click the right arrow button. The selected ports move to the Select Ports table. 4. Click OK. Filtering data by time To filter data for a historical performance graph by time, complete the following steps. 1.
Exporting historical performance data 8 9. Enter a reference line value percentage for Tx% or Rx % Utilization. This field is only enabled when Tx% or Rx % Utilization is selected from the Measures list. 10. Move the Row Height slider to the left to make the row height smaller or to the right to make it bigger. 11. Select the Display tabular data only check box to only show text with no graphs or icons. The Source and Destination icons and the Graph column do not display 12.
8 End-to-end monitoring 4. Click Delete. 5. Click Yes on the confirmation message. 6. Click the close button (X) to close the Historical Performance Graph dialog box. End-to-end monitoring NOTE End-to-end monitoring requires a Fabric OS device. Performance enables you to provision end-to-end monitors of selected target and initiator pairs. These monitors are persisted in the database and are enabled on one of the F_ports on the connected device (the Management application server determines the port).
Configuring an end-to-end monitor pair 8 FIGURE 116 Set End-to-End Monitors dialog box 2. Select the fabric for which you want to configure end-to-end monitoring from the Fabric list. 3. Select an initiator port from the Select an initiator port table. 4. Select a target port from the Select a target port table. 5. Click the right arrow to move the selected initiator and target ports to the Monitored Pairs table.
8 Displaying end-to-end monitor pairs in a real-time graph 6. Click Apply. Once the end-to-end monitored pair is applied to the device, the Status column in the Monitored Pairs table displays ‘Enabled’. NOTE If the initiator or target port is part of a logical switch and you move it to another logical switch, the end-to-end monitor fails. Once you have created the end-to-end monitored pair, you can view both real-time and historical performance data.
Refreshing end-to-end monitor pairs 8 Refreshing end-to-end monitor pairs The Management application enables you to rewrite the end-to-end monitors (deleted through CLI or an Element Manager) back to a device. To refresh all end-to-end monitor pairs, complete the following steps. 1. Select Monitor > Performance > End-to-End Monitors. The Set End-to-End Monitor dialog box displays. 2. Click Refresh.
8 Top Talker monitoring Top Talker monitoring NOTE Top Talkers requires the Advance Performance Monitoring (APM) license on the device. NOTE Top Talkers requires Fabric OS version 6.2 or later. NOTE On the 16 - 8 Gig FC Port, 8 - 10 Gig Ethernet Port Switch, Top Talkers is only supported on the 16 - 8 Gig FC Ports. Performance enables you to create Top Talker monitors on selected devices. Use Top Talkers to display the connections which are using the most bandwidth on the selected device or port.
Configuring a fabric mode Top Talker monitor 8 FIGURE 117 Top Talkers dialog box 3. Click Select. The Top talker Selector dialog box displays. FIGURE 118 Top talker Selector dialog box 4. Select Fabric to select a switch to monitor in the Top Talker Mode list. You can only select one device on which to enable Top Talker.
8 Configuring an F_port mode Top Talker monitor 5. Click OK on the Top talker Selector dialog box. Top Talker is enabled on the selected device. The Top Talkers - Fabric Mode for dialog box displays. 6. Select the number of Top Talkers (1 through 20) to display from the Display list. 7. Select how often you want the Top Talker to refresh (10, 20, 30, 40, or 50 seconds, or 1 minute) from the Refresh Interval list. 8. Click Apply.
Configuring an F_port mode Top Talker monitor 8 FIGURE 119 Top Talkers dialog box 3. Click Select. The Top talker Selector dialog box displays. 4. Select F Port to select the F_port to monitor in the Top Talker Mode list. You can only select one F_port on which to enable the Top Talker monitor. 5. Click OK on the Top talker Selector dialog box. Top Talker is enabled on the selected port. 6. Select the number of Top Talkers (1 through 20) to display from the Display list. 7.
8 Deleting a Top Talker monitor Deleting a Top Talker monitor To delete a Top Talker monitor, complete the following steps. 1. Select the dialog box of the Top Talker monitor you want to delete. 2. Click Close. 3. Click Yes on the ‘do you want to delete this monitor’ message. Pausing a Top Talker monitor To pause a Top Talker monitor, complete the following steps. 1. Select the dialog box of the Top Talker monitor you want to pause. 2. Click Pause.
Thresholds and event notification 8 Thresholds and event notification Performance allows you to apply thresholds and event notification to real-time performance data. A performance monitor process (thread) monitors the performance data against the threshold setting for each port and issues an appropriate alert to notify you when the threshold is exceeded. For information about configuring event notification, refer to Event Notification.
8 Creating a threshold policy FIGURE 121 New Threshold Policy dialog box 3. Enter a name for the policy (100 characters maximum) in the Name field. 4. Select a policy type from the Policy Type list. You can only define policies for E and F/FL ports. 5. Select a measure from the Measure list. You can only define policies for the Tx and Rx % Utilization measures. You cannot add the same measure more than once.
Editing a threshold policy 8 11. Click OK on the New Threshold Policy dialog box. The threshold policy displays in the Available Threshold Policies table with an added icon ( To assign a threshold policy to a fabric or device, refer to “Assigning a threshold policy” on page 325. ). 12. Click OK on the Set Threshold Policies dialog box. The Confirm Threshold Changes dialog box displays. 13.
8 Duplicating a threshold policy 8. (Fabric OS only) Enter a percentage for the buffer in the Buffer Size field. 9. Click the right arrow button to move the threshold to the Selected Thresholds table. If an error is detected, a message displays informing you to enter a valid value. Click OK to close this message. Fix any errors and repeat step 9. 10. Repeat steps 5 through 9 for each measure that you want to add to the policy. 11. Click OK on the Edit Threshold Policy dialog box.
Assigning a threshold policy 8 5. Make the threshold changes by selecting one of the following options: • To only add new thresholds, select the Keep currently set thresholds and only add new thresholds check box. • To overwrite all existing thresholds on all fabrics and devices, select the Overwrite all thresholds currently set on all switches check box. 6. Click OK on the Confirm Threshold Changes dialog box.
8 Deleting a threshold policy Deleting a threshold policy To delete a threshold policy, complete the following steps. 1. Select Monitor > Performance > Configure Thresholds. The Set Threshold Policies dialog box displays. 2. Select the threshold policy you want to delete in the Available Threshold Policies table. When you delete a policy from the M-EOS physical chassis, the policy is deleted from all logical switches in the physical chassis. 3. Click Delete.
Connection utilization 8 Connection utilization NOTE Connection utilization is only supported on the following managed objects: E_ports, F_ports, N_ports, 10 GE_ports and FCIP tunnels. Performance connection utilization for device ports provides the following features: • Turns the utilization display on and off from the menu and tool bar. • Displays moving dotted colored lines that originate from a port.
8 Enabling connection utilization Enabling connection utilization NOTE Fabrics where performance data collection is not enabled display connections as thin black lines. To display the connection utilization, complete the following steps. 1. Choose from one of the following options: • Select Monitor > Performance > View Utilization • Press CTRL + U. • Click the Utilization icon ( ). If you have already enabled historical data collection, the Utilization Legend displays in the main interface window.
Changing connection utilization 8 Changing connection utilization You can change the utilization percentages. To change the utilization percentages, complete the following steps. 1. Click the change link in the utilization legend. FIGURE 126 Utilization Legend in edit mode 2. Enter or select the end percentage you want for the blue line.
8 330 Changing connection utilization DCFM Enterprise User Manual 53-1001357-01
Chapter 9 Reports In this chapter • Report types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Generating reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Exporting reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Printing reports . . . . .
9 Generating reports Generating reports To generate reports, complete the following steps. 1. Select Monitor > Reports > Generate. The Generate Reports dialog box displays. 2. Select the types of reports you want to generate. • Fabric Ports • Fabric Summary 3. Select the fabrics for which you want to generate reports. 4. Click OK. The generated reports display in the View Reports dialog box. NOTE Hyperlinks in reports are active only as long as the source data is available. 5.
Viewing reports 9 TABLE 19 Icon Description Actual Size—Click to display the report at its actual size. Fit to Page—Click to resize the report to display entirely in the view. Fit to Width—Click to resize the report to fit in the view by width. Zoom In—Click to zoom in on the report. Zoom Out—Click to zoom out on the report. 4. Click Show in Browser to view the selected report in your default browser window. 5. Click Close to close the View Reports dialog box. 6.
9 Exporting reports Exporting reports To export reports, complete the following steps. 1. Select Monitor > Reports > View or click the View Report icon. The View Reports dialog box displays. 2. Select the report you want to export in the All Reports list. If you do not see the report you want to export, generate it first by following the instructions in “Generating reports” on page 332. You can select reports by Time, Report Type, or User. 3.
Deleting reports 9 Deleting reports To delete reports, complete the following steps. 1. Select Monitor > Reports > View or click the View Report icon. The View Reports dialog box displays. 2. Select the report you want to delete in the All Reports list. If you do not see the report you want to view, generate it first by following the instructions in “Generating reports” on page 332. You can select reports by Time, Report Type, or User. 3. Click Delete Report.
9 Generating performance reports c. Select the historical period from which you want to gather performance data from the For list. If you select Custom, complete the following steps. 1. Select the Last option and enter the number of minutes, hours, or days. OR Select the From option and enter the date and time. 12. Click OK. d. Select the granularity at which you want to gather performance data from the Granularity list. e.
Generating zoning reports 9 Generating zoning reports The Management application enables you to generate a report for the current zone DB in the fabric. To generate a report for the edited zone DB, you must save it to the fabric first. Make sure no one else is making changes to the same area prior to submitting or your changes may be lost. To generate zoning reports, complete the following steps. 1. Select Configure > Zoning or right -click the device and select Zoning. The Zoning dialog box displays. 2.
9 338 Generating zoning reports DCFM Enterprise User Manual 53-1001357-01
Chapter Role-Based Access Control 10 In this chapter • Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 • Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 • Resource groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Users The Management application enables you to create users, roles, and resource groups.
10 Adding a user account Adding a user account NOTE You must have the User Management privilege to perform this task. To add a user, complete the following steps. 1. Select SAN > Users. The Server Users dialog box displays. 2. Click Add. The New User dialog box displays (Figure 128). FIGURE 128 New User Dialog Box 3. Type the description of the user in the Description field. 4. Type a unique user name (127-character limit) for the user in the User ID field. 5.
Editing a user account 10 Editing a user account NOTE You must have the User Management privilege to perform this task. To edit a user, complete the following steps. 1. Select SAN > Users. The Server Users dialog box displays. 2. Select the user whose information you want to edit in the Users table. 3. Click Edit. The Edit User dialog box displays. 4. Edit the information as necessary. 5. Click OK to save your changes and close the Edit User dialog box. 6. Click OK on the message.
10 Removing a user account FIGURE 129 Define Filter Dialog Box 4. Move events between the tables by selecting the event and clicking the appropriate arrow. 5. Set up advanced event filtering by clicking Advanced Filtering. For more information about advanced event filtering, refer to “Setting up advanced event filtering” on page 285. 6. Click OK. The Server Users dialog box displays. 7.
Roles 10 4. Click OK on the confirmation message. The selected user is removed from the Server Users dialog box. 5. Click OK to close the Server Users dialog box. Roles The Management application enables you to set privileges for individual users, which enhances the security of your SAN. Creating a user role NOTE You must have the User Management privilege to perform this task.
10 Editing a user role 3. Enter a name for the role in the Name field. 4. (Optional) Enter a description for the role in the Description field. 5. Add Read and Write access by completing the following steps. a. In the Available Privileges list, select features to which you want to allow read and write access. Press CTRL and click to select multiple features. b. Click the right arrow next to the Read & Write Privileges list. The features are moved to the Read & Write Privileges list. 6.
Removing a user role 10 5. Remove Read and Write access by completing the following steps. a. In the Read & Write Privileges list, on the left, select features to which you want to remove read and write access. Press CTRL and click to select multiple features. b. Click the left arrow next to the Available Privileges list. The features are moved to the Available Privileges list. 6. Add Read Only access by completing the following steps. a.
10 Resource groups 5. Click OK on the “role removed” message. 6. Click OK to close the Server Users dialog box. Resource groups The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to configure user access by both role and fabric when you assign users to a role within the resource group. Creating a resource group NOTE You must have the User Management privilege to perform this task.
Editing a resource group 10 5. Click the Hosts tab and complete the following steps to add hosts to the resource group. FIGURE 132 Add/Edit Resource Group dialog box - Hosts tab a. Select the hosts you want to include in this group in the Available Hosts table. b. Click the right arrow button. The selected fabrics are moved to the Selected Fabrics and Hosts table. 6. Click OK to save the new resource group and close the Add/Edit Resource Group dialog box.
10 Removing a resource group 5. Remove fabrics from the resource group by completing the following steps. a. Click the Fabrics tab. a. In the Selected Fabrics and Hosts table, select the fabrics you want to remove from this group. b. Click the left arrow button. The selected fabrics are moved to the Available Fabrics table. 6. Add hosts to the resource group by completing the following steps. a. Click the Hosts tab. a.
Assigning a user to a resource group 10 4. Click Yes on the message. A message box displays indicating the group was removed successfully. 5. Click OK on the message. The Server Users dialog box displays and the resource group no longer displays in the Resource Groups list. 6. Click OK to close the Server Users dialog box. Assigning a user to a resource group NOTE You must have the User Management privilege to perform this task.
10 Finding a user’s resource group 3. Click the left arrow button. The user is removed from the selected resource group. 4. Click OK to close the dialog box. Finding a user’s resource group NOTE Any user with User Management read-only or read-write privilege can find a user’s group. You can determine the group to which a user belongs through the Server Users dialog box. 1. Select SAN > Users. The Server Users dialog box displays. 2. Select a user from the Users list. 3. Click Find.
Chapter 11 Host management In this chapter • About host management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Host discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Connectivity map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • View management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • HBA server mapping . . . . . .
11 Host discovery Host discovery The Management application enables you to discover individual hosts, import a group of hosts from a CSV file, or import host names from discovered fabrics. The maximum number of host discovery requests that can be accepted is 1000. NOTE Host discovery requires HCM Agent 2.0 or later. SMI and WMI discovery are not supported.
View management 11 View management You can customize the topology by creating views at the managed host level in addition to the fabric level views. If you discover or import a Fabric with more than approximately 2000 devices, the devices display on the Product List, but not on the Connectivity Map. Instead, the topology area shows a message stating that the topology cannot be displayed. To resolve this issue, create a new view to filter the number of devices being discovered.
11 Role-based access control Role-based access control The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to assign users to a role within the resource group. The Management application provides one pre-configured resource group (All Fabrics). When you create a resource group, all available roles are automatically assigned to the resource group.
Host performance management 11 Host performance management Real-time performance enables you to collect data from managed HBA ports. You can use real-time performance to configure the following options: • Select the polling rate from 10 seconds up to 1 minute. • Select up to 32 ports total from a maximum of 10 devices for graphing performance. • Choose to display the same Y-axis range for both the Tx MB/Sec and Rx MB/Sec measure types for easier comparison of graphs.
11 Host fault management Host fault management Fault management enables you to monitor your SAN using the following methods: • Monitor logs for specified conditions and notify you or run a script when the specified condition is met. • Create event-based policies, which contain an event trigger and action. • Configure E-mail event notification. • Receive and forward Syslog messages from Fabric OS switches and Brocade HBAs, managed using the Host Connectivity Manager (HCM).
Syslog forwarding 11 Syslog forwarding NOTE Syslog messages are only available on Fabric OS devices and Brocade HBAs (managed using the HCM Agent). Syslog forwarding is the process by which you can configure the Management application to send Syslog messages to other computers. Switches only send the Syslog information through port 514; therefore, if port 514 is being used by another application, you must configure the Management application to listen on a different port.
11 Launching HCM • CEE ports • FCoE ports (CNA only) • Ethernet ports (CNA only) • Diagnostics, which enables you to test the adapters and the devices to which they are connected: • Link status of each adapter and its attached devices • Loopback test, which is external to the adapter, to evaluate the ports (transmit and receive transceivers) and the error rate on the adapter • Read/write buffer test, which tests the link between the adapter and its devices • FC protocol tests, including echo, ping, and
Host security authentication 11 Host security authentication Fibre Channel Security Protocol (FC-SP) is a mechanism used to secure communication between two switches or between a switch and a device such as an HBA port. You can use either the the Management application or the HCM GUI to display the authentication settings and status.
11 Host security authentication 3. Configure the following parameters on the FCSP Authentication dialog box: a. Select the Enable Authentication check box to enable or disable the authentication policy. If authentication is enabled, the port attempts to negotiate with the switch. If the switch does not participate in the authentication process, the port skips the authentication process. The Hash type list shows the following options, but only one option, DHNULL, is supported.
supportSave 11 supportSave Host management features support capturing support information for managed Brocade adapters, which are discovered in the Management application. You can trigger SupportSave for multiple adapters at the same time. You can use Technical Support to collect supportSave data (such as, RASLOG, TRACE and so on) and switch events from Fabric OS devices. You can gather technical data for M-EOS devices using the device’s Element Manager. NOTE The switch must be running Fabric OS 5.2.
11 362 supportSave DCFM Enterprise User Manual 53-1001357-01
Chapter 12 Fibre Channel over IP In this chapter • FCIP services licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • FCIP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IP network considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • FCIP trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12 FCIP services licensing FCIP services licensing Most of the FCIP extension services described in this chapter require the High Performance Extension over FCIP/FC license. FICON emulation features require additional licenses. Use the licenseShow command to verify the needed licenses are present on the hardware used on both ends the FCIP tunnel. FCIP Concepts Fibre Channel over IP (FCIP) is a tunneling protocol that enables you to connect Fibre Channel SANs over IP-based networks.
FCIP platforms and supported features 12 FCIP platforms and supported features There are five Brocade platforms that support FCIP: • The 8 Gbps 16-FC ports, 6-Gbps ports extension switch. • The 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports blade (384-port Backbone Chassis, 192-port Backbone Chassis). • The 4 Gbps Extension Switch. • The 4 Gbps Router, Extension switch. • The 4 Gbps Router, Extension blade (384-port Backbone Chassis, 192-port Backbone Chassis, Director Chassis).
12 FCIP platforms and supported features The way FCIP tunnels and virtual ports map to the physical GbE ports depends on the switch or blade model. The 8 Gbps 16-FC ports, 6-Gbps ports extension switch and 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports blade tunnels are not tied to a specific GbE port, and may be assigned to any virtual port within the allowed range.
FCIP trunking overview 12 FCIP trunking overview FCIP trunking is a method for managing the use of WAN bandwidth. Trunking is enabled by creating logical circuits within an FCIP tunnel. A tunnel may have multiple circuits. Each circuit represents a portion of the available Ethernet bandwidth provided by the GbE ports that are connected to the WAN. NOTE FCIP trunking is available only on the 8 Gbps 16-FC ports, 6-Gbps ports extension switch and 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports blade.
12 Adaptive Rate Limiting and QoS priorities Adaptive Rate Limiting and QoS priorities Each FCIP circuit is assigned four TCP connections for managing FC Quality of Service (QoS) priorities over an FCIP tunnel. The priorities are as follows: • F class - F class is the highest priority, and is assigned bandwidth as needed, at the expense of lower priorities, if necessary. • QoS high - The QoS high priority gets at least 50% of the bandwidth.
IPSec implementation over FCIP 12 IPSec implementation over FCIP Internet Protocol security (IPsec) uses cryptographic security to ensure private, secure communications over Internet Protocol networks. IPsec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection.
12 Open systems tape pipelining Term Definition HMAC A stronger MAC because it is a keyed hash inside a keyed hash. SA Security Association is the collection of security parameters and authenticated keys that are negotiated between IPsec peers. The following limitations apply to using IPsec: • • • • • • • IPSec is not supported on 10GbE ports. IPsec-specific statistics are not supported. To change the configuration of a secure tunnel, you must delete the tunnel and recreate it.
Virtual Port Types 12 Consider the constraints described in Table 23 when configuring tunnels to use OSTP. TABLE 23 FCIP Fastwrite Tape Acceleration Each GbE port supports up to 2048 simultaneous accelerated exchanges, which means a total of 2048 simultaneous exchanges combined for Fastwrite and Tape Acceleration. Each GbE port supports up to 2048 simultaneous accelerated exchanges, which means a total of 2048 simultaneous exchanges combined for Fastwrite and Tape Acceleration.
12 FCIP configuration guidelines FCIP configuration guidelines FCIP configuration always involves two or more extension switches. The following must take place first before you can successfully configure a working FCIP connection from the Management application: • The Management application must have management port access to the extension switches. • The Management application must be able to discover the fabrics the contain the extension switches.
Additional guidelines for tunnel advanced settings 12 Additional guidelines for tunnel advanced settings The following features are implemented as advanced settings on the Add FCIP Tunnel dialog box: • • • • • Data compression. Open Systems Tape Pipelining (FCIP Fast Write and Tape Acceleration). IPSec and IKE settings for cryptographic security over IP networks. FICON emulation/acceleration features that improve performance in FICON environments. tperf test mode.
12 FICON emulation features FICON emulation features FICON emulation supports FICON traffic over IP WANs using FCIP as the underlying protocol. FICON emulation features support performance enhancements for specific applications. If you are using FCIP for distance extension in a FICON environment, evaluate the need for these features before you run the FCIP configuration wizard. FICON emulation may be configured by selecting Advanced Settings on the Configure Tunnel dialog.
Configuring an FCIP tunnel 12 Configuring an FCIP tunnel When you configure an FCIP extension connection, you create FCIP tunnels and FCIP circuits, between two extension switches. 1. Select Configure > FCIP Tunnels. The FCIP Tunnels dialog box is displayed (Figure 135). All discovered fabrics with extension switches are listed under devices. FIGURE 135 FCIP Tunnels dialog box 2. Select the switch you want to configure under Devices.
12 Configuring an FCIP tunnel 3. Click the Add Tunnel button, or right-click on the switch and select Add Tunnel. The Add FCIP Tunnel dialog is displayed (Figure 136). The name of the switch you selected is displayed in the Switch field under Switch One Settings. This dialog allows you to configure settings for both switches on either end of the tunnel. FIGURE 136 Add FCIP Tunnel dialog box 4.
Adding an FCIP circuit 12 Adding an FCIP circuit FCIP circuits are added by selecting the Add Circuit button on the Add FCIP Tunnel dialog box. The Add FCIP Circuit dialog box is displayed (Figure 137). FIGURE 137 Add FCIP Circuit dialog box 1. Select the GiGE Port used for the Ethernet connection on each switch. The choices available depend on the extension switch or blade model. 2. Select the IP Address Type. IPv4 and IPv6 address formats cannot be mixed. Addresses must be entered in the same format.
12 Configuring FCIP Circuit Advanced Settings 6. If a VLAN ID is used to route frames between the switches over the physical connection, enter the VLAN ID under Switch One Settings. The same VLAN ID is automatically assigned to switch two. 7. Select values for bandwidth settings. An uncommitted bandwidth is not allowed on an FCIP circuit. You must select Committed bandwdith, and set Minimum and Maximum bandwidth values.
Configuring FCIP tunnel advanced settings 12 Configuring FCIP tunnel advanced settings Compression, FCIP fast write and tape pipelining, IPSec and IKE policies, and FICON emulation features are configured as advanced settings. 1. Click Advanced Settings on the Configure Tunnel dialog box. The Advanced Settings dialog box is displayed. This dialog box has a Transmission tab, Security tab, and FICON Emulation tab. 2.
12 Enabling and disabling compression Enabling and disabling compression The procedure for enabling compression for the 4 Gbps Router, Extension Switch and Blade is different than the procedure for enabling compression for the 8 Gbps 16-FC ports, 6-Gbit ports Extension Switch and 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade. For 4 Gbps Router, Extension Switch and Blade: 1. Select the Enable Compression check box to enable compression. 2. Click OK to commit your selection.
Configuring IPSec and IKE policies 12 Configuring IPSec and IKE policies IPSec and IKE policies are configured from the Security tab (Figure 139). IPSec and IKE policy creation is an independent procedure. These policies must be known to you before you can configure them. NOTE Fabric OS version 6.3.0 does not support IPSec on the 8 Gbps 16-FC ports, 6-Gbit ports Extension Switch and 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade.
12 Configuring FICON emulation Configuring FICON emulation FICON emulation and acceleration features and operating parameters are configured from the FICON Emulation tab (Figure 140). Before you configure these features you must decide which features you want to implement, and you must look closely at the operational parameters to determine if values other than the default values are better for your installation. FIGURE 140 FICON Emulation configuration tab 1.
Viewing FCIP connection properties 12 - FICON Tape Read Max Ops defines a maximum number of concurrent emulated tape read operations. The range is 1-32. - FICON Tape Write Timer defines a time limit for pipelined write chains. This value is be specified in milliseconds (ms). If a pipelined write chain takes longer than this value to complete, the ending status for the next write chain will be withheld from the channel. This limits processing to what the network and device can support.
12 Viewing General FCIP properties Viewing General FCIP properties Take the following steps to view general FCIP properties. 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the Properties tab (Figure 142).
Viewing FCIP FC port properties 12 Viewing FCIP FC port properties Take the following steps to view FCIP FC port properties. 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the FC Ports tab (Figure 143).
12 Viewing FCIP Ethernet port properties Viewing FCIP Ethernet port properties Take the following steps to view Ethernet port properties. 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the GigE Ports tab (Figure 144).
Editing FCIP tunnels 12 Editing FCIP tunnels NOTE You cannot edit an active tunnel; disable the tunnel before making changes. 1. From the FCIP Tunnels dialog box, select the tunnel you want to edit. 2. Select Edit Tunnel. The Edit FCIP Tunnel dialog box displays (Figure 145). FIGURE 145 Edit FCIP Tunnel dialog box 3. Fields and parameters are as described in “Configuring an FCIP tunnel”. You can edit all editable fields and parameters.
12 Editing FCIP circuits Editing FCIP circuits FCIP circuit settings may be edited from the Edit FCIP Circuit dialog box. The procedure for launching this dialog box for the 4 Gbps Router, Extension Switch and Blade is different than the procedure for the 8 Gbps 16-FC ports, 6-Gbit ports Extension Switch and the 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade. The 4 Gbps Router, Extension Switch and Blade have only one circuit per tunnel, and the circuit is edited as part of the tunnel.
Disabling FCIP tunnels 12 FIGURE 146 Edit FCIP Circuits dialog box 5. Fields and parameters are as described in “Adding an FCIP circuit”. You can edit all editable fields and parameters. Disabling FCIP tunnels 1. From the FCIP Tunnels dialog box, select the tunnel you want to disable. 2. Select Disable Tunnel. A confirmation dialog box displays, warning you that when you delete a tunnel, you delete all associated FCIP circuits. 3. Click OK to disable the tunnel. Enabling FCIP tunnels 1.
12 Deleting FCIP tunnels Deleting FCIP tunnels 1. From the FCIP Tunnels dialog box, right-click the tunnel you want to delete. 2. Select Delete Tunnel. A confirmation dialog box displays, warning you of the consequences of deleting a tunnel. 3. Click OK to delete the tunnel. Disabling FCIP circuits 1. From the FCIP Tunnels dialog box, right-click the tunnel that contains the circuit. 2. Select the Circuit tab. 3. Select the circuit from the circuit properties table. 4. Select Disable Circuit.
Displaying FCIP performance graphs for FC ports 12 Displaying FCIP performance graphs for FC ports 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the FC Ports tab. 3. Click Performance > Real Time Graph. Displaying FCIP performance graphs for Ethernet ports 1.
12 Displaying tunnel properties from the FCIP tunnels dialog box Displaying tunnel properties from the FCIP tunnels dialog box Tunnel properties can be displayed from the FCIP Tunnels dialog box. 1. Select a tunnel from the FCIP tunnels dialog box. 2. Select the Tunnel tab. Tunnel properties are displayed (Figure 147).
Displaying FCIP circuit properties from the FCIP tunnels dialog box 12 Displaying FCIP circuit properties from the FCIP tunnels dialog box Tunnel properties can be displayed from the FCIP Tunnels dialog box using the following procedure. 1. Select a tunnel from the FCIP tunnels dialog box. 2. Select the Circuit tab. Circuit properties are displayed (Figure 148).
12 Displaying switch properties from the FCIP Tunnels dialog box Displaying switch properties from the FCIP Tunnels dialog box Switch properties are displayed on the FCIP Tunnels dialog box when you select a switch (Figure 149).
Displaying fabric properties from the FCIP Tunnels dialog box 12 Displaying fabric properties from the FCIP Tunnels dialog box Fabric properties are displayed on the FCIP Tunnels dialog box when you select a switch. (Figure 150).
12 Troubleshooting FCIP Ethernet connections Troubleshooting FCIP Ethernet connections 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the GigE Ports tab. 3. Select the Ethernet port. 4. Click Troubleshooting. The following options are presented: 396 - ipPerf—Measures end-to-end IP path performance between a pair of FCIP ports (4 Gbps Router, Extension Switch and Blade only).
Chapter 13 Fibre Channel over Ethernet In this chapter • FCoE overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • QoS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • LLDP-DCBX configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Control List configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13 Enhanced Ethernet features Enhanced Ethernet features Converged Enhanced Ethernet (CEE) is a set of IEEE 802 standard Ethernet enhancements that enable Fibre Channel convergence with Ethernet. The two basic requirements in a lossless Ethernet environment are Enhanced Transmission Selection (ETS) and priority-based flow control. These capabilities allow the Fibre Channel frames to run directly over 10 Gbps Ethernet segments without adversely affecting performance.
FCoE protocols supported 13 FCoE protocols supported The Brocade FCoE converged network adapter supports two layers of protocols: Ethernet link layer and FCoE layer. They are listed in the following sections. Ethernet link layer protocols supported The following protocols support the Ethernet link layer. • • • • • • • • • • • • • 802.1q (VLAN) 802.1Qaz (enhanced transmission selection) 802.1Qbb (priority flow control) 802.3ad (link aggregation) 802.3ae (10 Gb Ethernet) 802.
13 CEE configuration CEE configuration This switch has eight 8 Gbps FC ports and 24 10 Gbps Ethernet CEE ports. You must configure CEE interfaces and ports differently than you configure FC ports, in order to effectively use the converged network features. For example, Priority-based flow control (PFC) and Enhanced transmission selection (ETS) are the two QoS policy enhancements you must configure to create a lossless Ethernet.
CEE configuration tasks 13 CEE configuration tasks The CEE Configuration dialog box enables you to perform the following tasks: • Edit CEE ports for a selected switch. You can also add a link aggregation group (LAG) if a single switch is selected. • Edit a switch or port and configure the following CEE policies: NOTE Access Control List and Spanning Tree Protocol can also be set at the LAG level. • • • • • QoS LLDP-DCBX Access Control List Spanning Tree Protocol 802.
13 Switch policies Switch policies You can configure and enable a number of CEE policies on a switch, port, or link aggregation group (LAG). The following switch policy configurations apply to all ports in a LAG: • CEE map and Traffic Class map • Link Layer Discovery Protocol (LLDP) The following switch policy configurations apply to the LAG itself: • Access Control Lists (ACL) • Spanning Tree Protocol (STP) The switch policies are described in the following sections.
Spanning Tree Protocol policy 13 Spanning Tree Protocol policy The Spanning Tree Protocol (STP) is a Layer 2 protocol that ensures a loop-free topology for any bridged LAN (Layer-2 bridges are typically Ethernet switches). Spanning tree allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops or the need to manually enable or disable these backup links.
13 Link aggregation groups 3. Click Add LAG. The Add LAG dialog box displays. FIGURE 152 Add LAG dialog box 4. Configure the following LAG parameters: NOTE A LAG restriction exists whereby you can add 802.1x-enabled ports to a LAG, but the port will fail when the LAG is saved to the switch. 802.1x-enabled ports are not supported. • Status - Enabled or Disabled. You must enable the LAG to use the CEE functionality. • Name - The system-generated, read-only LAG name.
Link aggregation groups 13 6. Continue to configure the following LAG parameters. These parameters are disabled until you add a CEE port to the LAG members table. • Mode - Sets all ports added to the LAG members table in either Static or Dynamic mode. The default is Dynamic, Active, but LAG members can be Active or Passive if the LAG member is Dynamic. • Type - Sets the limit on the size of the LAG.
13 Editing a CEE switch Editing a CEE switch 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select the CEE switch from the Products/Ports table. 3. Click Edit. The Edit Switch dialog box displays (Figure 153). FIGURE 153 Edit Switch dialog box 4.
Editing a CEE port 13 Editing a CEE port 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a CEE port from the Products/Ports table. 3. Click Edit. The Edit Port dialog box displays. FIGURE 154 Edit Port dialog box 4. Modify the following CEE Port parameters as required: • Status - Enable or Disable. You must enable the LAG to use the CEE functionality.
13 Editing a LAG Editing a LAG Use the following procedure to change members and policies in a link aggregation group (LAG). 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select the link aggregation group (LAG) from the Products/Ports table. 3. Click Edit. The Edit LAG dialog box displays. FIGURE 155 Edit LAG dialog box 4. Modify the following LAG parameters as required: 5.
Enabling a CEE port or LAG 13 6. Select at least one available CEE port from the Available Members table and click the right arrow button to move them to the LAG Members table. The CEE ports are now part of the link aggregation group. 7. Continue to configure the following LAG parameters. These parameters are disabled until you add a CEE port to the LAG members table. • Mode - The ports that are LAG members are in either Static or Dynamic mode.
13 Disabling a CEE port or LAG Disabling a CEE port or LAG If you select multiple switches or multiple ports and LAGs from two or more switches, both the Enable button and the Disable button are disabled. 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select one or more CEE ports or link aggregation groups (LAGs) that you want to disable.
CEE Performance 13 CEE Performance Performance monitoring provides details about the quantity of traffic and errors a specific port or device generates on the fabric over a specific time frame. You can also use performance to indicate the devices that create the most traffic and to identify the ports that are most congested. Real Time Performance Graph You can monitor a device’s performance through a performance graph that displays transmit and receive data.
13 Historical Performance Graph Historical Performance Graph The Historical Performance Graph dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance graph 1. Select a CEE port from the CEE Configuration dialog box, and select Historical Graph from the Performance list. A message displays, prompting you to close the CEE Configuration dialog. 2.
Historical Performance Report 13 Historical Performance Report The Historical Performance Report dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance report. 1. Select a CEE port from the CEE Configuration dialog box, and select Historical Report from the Performance list. A message displays, prompting you to close the CEE Configuration dialog box. 2.
13 Priority-based flow control Priority-based flow control Priority based flow control (PFC) is an enhancement to the existing pause mechanism in Ethernet. PFC creates eight separate virtual links on the physical link and allows any of these links to be paused and restarted independently, enabling the network to create a no-drop class of service for an individual virtual link. Table 24 shows examples of how priority grouping might be allocated in a 15-priority group scenario.
Creating a CEE map 13 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays. FIGURE 159 QoS, Create CEE Map dialog box 4. Select CEE from the Map Type list. 5. Configure the following CEE Map parameters in the CEE Map table: • Name - Enter a name to identify the CEE map. • Precedence - Enter a value between 1 - 100. This number determines the map’s priority. • Priority Flow Control check box - Check to enable priority flow control on individual priority groups.
13 Editing a CEE map 6. Click the right arrow button to add the map to the CEE Maps table. 7. Click OK. The CEE Confirmation and Status dialog box displays. 8. Review the changes carefully before you accept them. 9. Click Start to apply the changes, or click Close to abort the operation. Editing a CEE map 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit.
Deleting a CEE map 13 Deleting a CEE map 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays. 4. Select a CEE Map that you want to delete from the CEE Maps table. 5. Click Delete. The Delete confirmation dialog displays. 6. Click Yes to confirm.
13 Assigning a CEE map to a port or link aggregation group Assigning a CEE map to a port or link aggregation group A port can have either a CEE map or a Traffic Class map assigned to it, but it cannot have both. 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a port or LAG, and click Edit. 3. Click the QoS tab on the Edit Port dialog box. The QoS dialog box displays.
Creating a traffic class map 13 Creating a traffic class map 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays. 4. Select Traffic Class from the Map Type list. 5. Name the Traffic Class map. 6. Click the Traffic Class cell in a CoS row and directly enter a value from 0-7.
13 Deleting a traffic class map Deleting a traffic class map 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays. 4. Select a Traffic Class Map that you want to delete from the Traffic Class Maps table. 5. Click Delete. The Delete confirmation dialog displays. 6.
Assigning a traffic class map to a port or link aggregation group 13 Assigning a traffic class map to a port or link aggregation group You can assign a Traffic Class map to a port or ports under the LAG; however, a port does not require a Traffic Class map be assigned to it. A port can have either a CEE map or a Traffic Class map assigned to it, but it cannot have both. NOTE You cannot configure QoS or LLDP-DCBX on a LAG. 1. Select Configure > CEE Switch > CEE from the menu bar.
13 LLDP-DCBX configuration LLDP-DCBX configuration Link Layer Discovery Protocol (LLDP) provides a solution for the configuration issues caused by increasing numbers and types of network devices in a LAN environment, because, with LLDP, you can statically monitor and configure each device on a network.
Adding an LLDP profile 13 Adding an LLDP profile When LLDP is disabled on the switch, a yellow banner displays on the LLDP-DCBX dialog box, indicating that LLDP-DCBX is not only disabled on the switch, it is also disabled for all ports and LAGs on the switch. 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3.
13 Editing an LLDP profile Editing an LLDP profile 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the LLDP-DCBX tab on the Edit Switch dialog box. The LLDP Profile dialog box displays. 4. Select an LLDP Profile in the LLDP Profile table. NOTE You can edit the profile.
Duplicating an LLDP profile 7. 13 Click OK. The CEE Confirmation and Status dialog box displays. 8. Review the changes carefully before you accept them. 9. Click Start to apply the changes, or click Close to abort the operation. Duplicating an LLDP profile When you duplicate an LLDP profile, you also duplicate the parameters that belong to that LLDP Profile. 1. Select Configure > CEE Switch > CEE from the menu bar.
13 Assigning an LLDP profile to a port or ports in a LAG Assigning an LLDP profile to a port or ports in a LAG You create LLDP profiles using the Edit Switch dialog box, which you access from the CEE Configuration dialog box. Global configuration parameters, which is the default selection, are displayed in the Assigned Profile table shown in Figure 163.
Access Control List configuration 13 6. Click OK. The CEE Confirmation and Status dialog box displays. 7. Review the changes carefully before you accept them. The port you selected on the CEE Configuration dialog box should now be assigned to the profile you selected from the Available Profiles list. 8. Click Start to apply the changes, or click Close to abort the operation. Access Control List configuration Access control lists (ACL) are sequential lists consisting of permit and deny rules.
13 Adding an ACL to a switch FIGURE 164 Access Control List dialog box 4. Click Add and select Standard or Extended from the Add list. The Add Extended Access Control List includes all the Standard ACL features plus two additional features: Destination and Ether Type. The ACL parameters are described below. FIGURE 165 Add Extended Access Control List dialog box 5. Configure the following Access Control List parameters. NOTE You cannot duplicate Action and Source parameters in an existing Standard ACL.
Adding an ACL to a switch 13 • Action - Select Permit or Deny from the list. NOTE If Action = Deny is selected for any ACL entity, an informational dialog displays with the following message: “This ACL entity will stop all traffic to the port or LAG on which this ACL is assigned.” • Source - Enter the media access control (MAC) address where the packets originate. Mask is the subnet mask of the source MAC address.
13 Editing the parameters of an ACL Editing the parameters of an ACL You cannot change the name of the ACL (Standard or Extended) after you have created the ACL on the switch. 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the Access Control List tab on the Edit Switch dialog box. The Access Control List dialog box displays. 4.
Duplicating an ACL profile 13 Duplicating an ACL profile 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the Access Control List tab on the Edit Switch dialog box. The Access Control List dialog box displays. 4. Select the ACL that you want to duplicate from the ACLs table. 5. Click Duplicate.
13 Assigning an ACL to a port or link aggregation group Assigning an ACL to a port or link aggregation group An access control list (ACL) cannot be assigned to a port when the port is a member of a link aggregation group (LAG). An ACL can be assigned to a LAG, however. NOTE The ports and the ports in a link aggregation group (LAG) for the selected switch must be in Layer 2 (L2) mode. If the ports or ports in a LAG are not in L2 mode, the ACL parameters are disabled. 1.
Spanning Tree Protocol configuration 13 Spanning Tree Protocol configuration You can configure Spanning Tree Protocol (STP) when editing a LAG, but not when you are adding a LAG. The 8 Gbps 16-FC-ports, 10 GbE 8-Ethernet Port supports the following types of STP: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) - Provides for faster spanning tree convergence after a topology change.
13 Setting Spanning Tree parameters for a switch Setting Spanning Tree parameters for a switch You cannot configure Spanning Tree Protocol (STP) when adding a new LAG. STP can be configured only after the LAG has been added to the switch. NOTE The ports and the ports in a link aggregation group (LAG) for the selected switch must be in Layer 2 (L2) mode. If the ports or ports in a LAG are not in L2 mode, Spanning Tree Protocol is disabled and the STP parameters are disabled as well. 1.
Setting Spanning Tree parameters for a switch 13 5. Configure the following Spanning Tree Protocol parameters: • Priority - The bridge priority. The value range is 0-61440 and the default value is 32768. The value must be in increments of 4096. • Mode - The spanning tree protocol mode. Options include Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). • Forward Delay (sec) - The forward delay for the bridge.
13 Setting Spanning Tree parameters for a switch FIGURE 168 Spanning Tree Protocol dialog box, MSTP 6. Click OK. The CEE Confirmation and Status dialog box displays. 7. Review the changes carefully before you accept them. 8. Click Start to apply the changes, or click Close to abort the operation.
STP configurable parameters at the port or LAG level 13 STP configurable parameters at the port or LAG level You cannot configure Spanning Tree Protocol (STP) when adding a new LAG. STP can be configured only after the LAG has been added to the switch. NOTE When STP is disabled on the switch, a yellow banner displays on the dialog box, indicating that STP is not only disabled on the switch, it is also disabled for all ports and LAGs on the switch.
13 802.1x authentication 802.1x authentication 802.1x is a standard authentication protocol that defines a client-server-based access control and authentication protocol. 802.1x restricts unknown or unauthorized clients from connecting to a LAN through publicly accessible ports. You must configure parameters for a port or a link aggregation group (LAG) once a port has been enabled for 802.1x authentication. See “Setting 802.1x parameters for a port” for more information. NOTE When 802.
Disabling 802.1x 13 Disabling 802.1x 1. Select Configure > CEE Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a port or LAG, and click Edit. 3. Click the 802.1x tab on the Edit Port dialog box. The 802.1x dialog box displays. 4. Clear the Enable 802.1x check box to disable 802.1x authentication. 5. Click OK. The CEE Confirmation and Status dialog box displays. 6.
13 Setting 802.1x parameters for a port 4. Click the Enable 802.1x check box to enable 802.1x authentication, and click OK. The 802.1x dialog box displays. 5. FIGURE 170 802.1x dialog box 6. Configure the following 802.1x parameters: • Wait Period - The number of seconds the switch waits before sending an EAP request. The value range is 15 to 65535 seconds. The default value is 30.
Virtual FCoE port configuration 13 Virtual FCoE port configuration The 8 Gbps 16-FC-ports, 10 GbE 8-Ethernet Port has the following configuration features: • • • • 24 10 Gbps Ethernet ports, which can be enabled for FCoE traffic. One-to-one mapping of FCoE ports with 10 Gbps Ethernet ports. Eight 8 Gbps FC ports. 24 internal FCoE ports, which provide the Ethernet-to-FC bridging capability. You can enable or disable each FCoE trunk individually.
13 Clearing a stale entry Clearing a stale entry A stale entry is a device that logged in and logged off but, because a port went down after an FLOGI was received, the device failed to receive the message. The entry in the FCoE Connected Devices table becomes stale and you must clear it manually. 1. Select a virtual FCoE port from the FCoE Configuration dialog box and click Connected Devices. The Connected Devices dialog box displays. 2.
Chapter 14 FICON Environments In this chapter • FICON Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring a PDCM Allow/Prohibit Matrix . . . . . . . . . . . . . . . . . . . . . . . . . • Copying a PDCM configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Activating a PDCM configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Deleting a PDCM configuration . . . . . . . . . . . . . . .
14 Configuring a PDCM Allow/Prohibit Matrix FIGURE 173 Cascaded configuration, three domains, but only two in a path Configuring a PDCM Allow/Prohibit Matrix The Prohibit Dynamic Connectivity Mask (PDCM) is a FICON port attribute that can be used to prohibit communication between specific ports. Prohibits are not recommended on E_Ports (inter switch links).
Configuring a PDCM Allow/Prohibit Matrix 14 2. Select a switch from Available Switches. Two default configurations (Active and IPL) are displayed in a tree structure below the switch. Existing configurations are also displayed. 3. Choose one of the following options: • Double-click a configuration file. • Select a configuration file and click the right arrow. A matrix is displayed. The switch ports are displayed on both the vertical axis and horizontal axis.
14 Configuring an Allow/Prohibit manually Configuring an Allow/Prohibit manually To configure to allow or prohibit communication between specific ports manually, complete the following steps. 1. Select Configure > Allow/Prohibit Matrix. The Configure Allow/Prohibit Matrix dialog box displays. 2. Select a switch from Available Switches. Two default configurations (Active and IPL) are displayed in a tree structure below the switch. Existing configurations are also displayed. 3.
Saving or Copying a PDCM configuration to another device 14 10. Click OK on the Manual Allow/Prohibit dialog box. 11. When you have completed the matrix, click Save if you started with a new matrix, or Save As if you edited a copy of an existing matrix. 12. Click Analyze Zone Conflicts. This operation can be done before or after a configuration is saved. This operation checks the current zoning settings for conflicts with settings in the PDCM matrix.
14 Copying a PDCM configuration FIGURE 177 Save As/Copy dialog box 4. Enter a name for the configuration. 5. Enter a description for the configuration. 6. Select the check box for the switch to which you want to save the configuration in the Select Switch table. 7. Click OK. A message displays stating that the outstanding port configuration is discarded when copying a configuration from the switch with more ports to a switch with fewer ports and vice versa. Click OK to close the message.
Saving a PDCM configuration to another device 14 Saving a PDCM configuration to another device To save an existing PDCM configuration to another device, complete the following steps. 1. Select Configure > Allow/Prohibit Matrix. The Configure Allow/Prohibit Matrix dialog box displays. 2. Select the PDCM configuration you want to copy. You can do this by expanding the view for the switch under Available Switches and selecting a configuration, or you may select the matrix under PDCM Matrix. 3. Click Save As.
14 Activating a PDCM configuration Activating a PDCM configuration You must have an active zone configuration before you can activate a PDCM configuration. 1. Select Configure > Allow/Prohibit Matrix. The Configure Allow/Prohibit Matrix dialog box displays. 2. Select the PDCM configuration you want to activate. You can do this by expanding the view for the switch under Available Switches and selecting a configuration, or you may select the matrix under PDCM Matrix. 3. Click Activate.
Configuring a cascaded FICON fabric 14 Configuring a cascaded FICON fabric The FICON wizard automatically creates high integrity fabric configuration settings that support a cascaded FICON fabric. 1. Select Configure > FICON > Configure Fabric. The Configure Cascaded FICON Fabric screen of the FICON Configuration dialog is displayed (Figure 179). FIGURE 179 Configure Cascaded FICON Fabric dialog box 2. Use the Fabric drop-down selector to select the fabric you want to configure.
14 Merging two cascaded FICON fabrics 5. Choose one of the following options from the 256 Area Assignment list: • Disabled—select to disable the 256 Area Assignment addressing mode. Disabling the 256 Area Assignment mode assigns an area to every port with no imposed limit. This is the default. • Zero Based Area Assignment—select to use zero based area assignment. Zero Based Area Assignment mode assigns areas as ports are added to the partition, beginning at area zero.
Merging two cascaded FICON fabrics 14 4. Click Next. The Set up merge options screen is displayed. 5. Select FMS Mode to manage the fabric by a host-based management program using FICON CUP protocol. 6. Select the DLS check box to enable dynamic load sharing (DLS) or Lossless DLS on all switches in the fabric. NOTE DLS requires DLS support on the switch. Lossless DLS requires Lossless DLS support on the switch.
14 Merging two cascaded FICON fabrics 11. Perform the appropriate following action based on whether the connection is a long distance connection or not: • If it is not a long distance connection, click Next to view the Configure merge screen. Proceed to step 12. • If it is a long distance connection, expand the fabrics under Selected Fabrics to the switch port level. a. Select the E_ports used for the connection on the local switch and on the remote switch, and click the right arrow.
Resolving merge conflicts 14 Resolving merge conflicts You can resolve the following types of switch configuration conflicts: • • • • • • • • • • Domain ID TOV Buffer To Buffer Credit Disable Device Probe Route Priority Per Frame Sequence Level Switching Suppress Class F Long Distance Setting Data Field Size VC Priority Note that not all tests support resolution. If a test supports resolution, the Description column contains the text 'Resolvable'.
14 Port Groups Port Groups A port group is a group of FC ports from one or more switches within the same fabric. Port groups are user-specific, you can only view and manage port groups that you create. Once you create a port group, you can view and edit the Prohibit Dynamic Connectivity Mask (PDCM) Allow/Prohibit Matrix for the port group. PDCM is a FICON port attribute that can be used to prohibit communication between specific ports.
Viewing port groups 14 5. Select one or more ports to add to the group in the Group Type - FC Ports table. A port group must have at least one port in the Membership List. All ports must be from switches in the same fabric. 6. Click the right arrow button. The selected ports display in the Membership List. 7. Click Update. The new port group displays in the Port Groups table. 8. Click OK to close the Port Groups dialog box.
14 Editing a port group Editing a port group To edit a port group, complete the following steps. 1. Select Configure > Port Groups. The Port Groups dialog box displays. 2. Select the port group you want to edit in the Port Groups table. The information for the selected port group displays in the update information area. 3. Change the name for the port group in the Name field, if necessary. NOTE If you change the port group name, it is the same as copying the existing port group with a new name. 4.
Swapping blades 14 Swapping blades You can swap all of the ports from one blade to another blade. During this operation all ports in the selected blades are swapped. This operation disrupts the traffic on all ports for the selected blades. If GigE ports are present on the blade, only the non-GigE ports are swapped. To swap blades, you must meet the following requirements: • The chassis must be running Fabric OS 6.3 or later. • The chassis must have at least two blades of same type present.
14 460 Swapping blades DCFM Enterprise User Manual 53-1001357-01
Chapter 15 FC-FC Routing Service Management In this chapter • Devices that support Fibre Channel routing . . . . . . . . . . . . . . . . . . . . . . . . • Fibre Channel routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Guidelines for setting up FC-FC routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Connecting edge fabrics to a backbone fabric . . . . . . . . . . . . . . . . . . . . . . • Configuring routing domain IDs . . . . . . . . . . . . . . . . .
15 Fibre Channel routing overview Fibre Channel routing overview Fibre Channel routing provides connectivity to devices in different fabrics without merging the fabrics. For example, using Fibre Channel routing you can share tape drives across multiple fabrics without the administrative problems, such as change management, network management, scalability, reliability, availability, and serviceability, that might result from merging the fabrics.
Guidelines for setting up FC-FC routing 15 VE_Port Edge fabric 2 IP cloud Edge fabric 1 Edge fabric 3 E_Port E_Port IFL IFL IFL VEX_Port FC router EX_Port (2) = LSAN Backbone fabric FIGURE 181 A metaSAN with edge-to-edge and backbone fabrics Guidelines for setting up FC-FC routing The following are some general guidelines for setting up FC-FC routing. • Ensure that the backbone fabric ID of the FC Router is the same as that of other FC Routers in the backbone fabric.
15 Connecting edge fabrics to a backbone fabric Connecting edge fabrics to a backbone fabric The following procedure explains how to set up FC-FC routing on two edge fabrics connected through an FC router using E_Ports and EX_Ports. If you are connecting Fibre Channel SANs through an IP-based network, see “Configuring an FCIP tunnel” on page 375 for instructions on setting up an FCIP tunnel between a VE_Port and a VEX_Port.
Connecting edge fabrics to a backbone fabric 15 3. Select the FC router from the Available Routers table. 4. Click the right arrow to move the FC router you selected to the Selected Router table. 5. Select a valid fabric ID (1-128) from the Fabric ID list. If the fabric is already configured to the FC router, the fabric ID is automatically selected. You can choose any unique fabric ID as long as it is consistent for all EX_Ports that connect to the same edge fabric. 6.
15 Configuring routing domain IDs Configuring routing domain IDs Logical (phantom) domains are created to enable routed fabrics. A logical domain called a front domain is created in edge fabrics for every IFL. A logical domain called a translate (Xlate) domain is created in routed fabrics that shared devices. Use the following procedure to change the domain IDs of these logical domains. 1. Right-click the fabric for which you want to configure phantom domains, and select Routing Domain IDs.
Chapter 16 Encryption configuration In this chapter • Gathering information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Encryption user privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Encryption Center features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16 Gathering information Gathering information Before you use the encryption setup wizard for the first time, you should also have a detailed configuration plan in place and available for reference. The encryption setup wizard assumes the following: • You have a plan in place to organize encryption devices into encryption groups.
Encryption user privileges 16 Encryption user privileges In the Management application, resource groups are assigned privileges, roles, and fabrics. Privileges are not directly assigned to users; users get privileges because they belong to a role in a resource group. A user can only belong to one resource group at a time. The Management application provides three pre-configured roles: • Storage encryption configuration. • Storage encryption key operations. • Storage encryption security.
16 Encryption Center features Encryption Center features The Encryption Center dialog box (Figure 184) is the single launching point for all encryption-related configuration in the Management application. It also provides a table that shows the general status of all encryption-related hardware and functions at a glance. FIGURE 184 Encryption Center dialog box The Encryption Center dialog box differs from the previous Configure Encryption dialog box.
Registering authentication cards from a card reader 16 Registering authentication cards from a card reader When authentication cards are used, one or more authentication cards must be read by a card reader attached to a Management application PC to enable certain security sensitive operations. These include the following: • • • • • Master key generation, backup, and restore operations. Replacement of authentication card certificates. Enabling and disabling the use of system cards.
16 Registering authentication cards from the database Registering authentication cards from the database Smart cards that are already in the Management program’s database can be registered as authentication cards. 1. From the Register Authentication Cards dialog box, select Register from Archive. The Authentication Cards dialog box displays, showing a list of smart cards in the database. 2. Select the card from the table, and click OK. 3.
Registering system cards from a card reader 16 Registering system cards from a card reader System cards are smart cards that can be used to control activation of encryption engines. Encryption switches and blades have a card reader that enables the use of a system card. System cards discourage theft of encryption switches or blades by requiring the use of a system card at the switch or blade to enable the encryption engine.
16 Enabling or disabling the system card requirement Enabling or disabling the system card requirement If you want to use a system card to control activation of an encryption engine on a switch, you must enable the system card requirement. You can use the following procedure to enable or disable the system card requirement. 1. From the Encryption Center select an encryption group, and select the Security menu. The Select Security Settings dialog is displayed. 2.
Viewing and editing switch encryption properties 16 FIGURE 185 Encryption Properties dialog box • • • • Switch Properties table - the properties associated with the selected switch. Name - the name of the selected switch. Node WWN - the world wide name of the node. Switch Status - the health status of the switch. Possible values are Healthy, Marginal, Down, Unknown, Unmonitored, and Unreachable.
16 Viewing and editing switch encryption properties • Firmware Version - the current encryption firmware on the switch. • Primary Key Vault Link Key Status - the possible statuses are as follows: - Not Used – the key vault type is not LKM. - No Link Key – no access request was sent to an LKM yet, or a previous request was not accepted. - Waiting for LKM approval – a request was sent to LKM and is waiting for the LKM administrator’s approval.
Saving the public key certificate 16 • HA Cluster Name - the name of the HA cluster (for example, Cluster1), if in an HA configuration. The name can have a maximum of 31 characters. Only letters, digits, and underscores are allowed. • Media Type - the media type of the encryption engine. Possible values are Disk and Tape. • System Card - the current status of system card information for the encryption engine. (registered or not registered).
16 Viewing and editing group properties Viewing and editing group properties To view encryption group properties, complete the following steps. 1. Select Configure > Encryption. The Encryption Center dialog box displays. 2. If groups are not visible in the Encryption Devices table, select View > Groups from the menu bar. The encryption groups display in the Encryption Devices table. 3.
General tab 16 General tab The properties displayed in the General tab are described below. • Encryption group name - the name of the encryption group. • Group status - the status of the encryption group, which can be OK-Converged or Degraded. Degraded means the group leader cannot contact all of the configured group members. • Deployment mode - the group’s deployment mode, which is transparent. • Failback mode - The group’s failback mode, which can be automatic or manual.
16 Consequences of removing an encryption switch Members tab Remove button You can click the Remove button to remove a selected switch or an encryption group from the encryption group table. • You cannot remove the group leader unless it is the only switch in the group. If you remove the group leader, the Management application also removes the HA cluster, the target container, and the tape pool (if configured) that are associated with the switch.
Consequences of removing an encryption switch 16 FIGURE 187 Removal of switch warning Figure 188 shows the warning message that displays if you click Remove to remove an encryption group.
16 Security tab Security tab The Security tab (Figure 189) displays the status of the master key for the encryption group. NOTE You must enable encryption engines before you back up or restore master keys. Master key actions are as follows: • Back up a master key, which is enabled any time a master key exists. • Restore a master key, which is enabled when either no master key exists or the previous master key has been backed up.
HA Clusters tab 16 HA Clusters tab HA clusters are groups of encryption engines that provide high availability features. If one of the engines in the group fails or becomes unreachable, the other cluster member takes over the encryption and decryption tasks of the failed encryption engine. An HA cluster consists of exactly two encryption engines. See “Creating high availability (HA) clusters” on page 501.
16 Link Keys tab Replacing an encryption engine To replace an encryption engine in an encryption group with another encryption engine within a DEK Cluster, complete the following steps. 1. Select Configure > Encryption. The Encryption Center dialog box displays. 2. If groups are not visible in the Encryption Devices table, select View > Groups from the menu bar. The encryption groups display in the Encryption Devices table. 3.
Tape Pools tab 16 Tape Pools tab Tape pools are managed from the Tape Pools tab. Figure 192 displays the tape pools tab. FIGURE 192 Encryption Group Properties - Tape Pools tab • If you want to remove a tape pool, select one or more tape pools in the list and click Remove. • To modify the tape pool, remove the entry and add a new tape pool. See “Adding tape pools” on page 486 for more information.
16 Tape Pools tab Adding tape pools A tape pool can be identified by either a name or a number, but not both. Tape pool names and numbers must be unique within the encryption group. When a new encryption group is created, any existing tape pools in the switch are removed and must be added. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. If groups are not visible in the Encryption Devices table, select View > Groups from the menu bar.
Encryption Targets dialog box 16 6. Select the Encryption Mode. Choices include Clear Text, DF-Compatible Encryption, and Native Encryption. DF-Compatible Encryption is valid only when LKM is the key vault. The Key Lifespan (days) field is editable only if the tape pool is encrypted. If Clear Text is selected as the encryption mode, the key lifespan is disabled. NOTE You cannot change the encryption mode after the tape pool I/O begins. 7.
16 Encryption Targets dialog box FIGURE 195 Encryption Targets dialog box TABLE 27 Feature Description Add button Launches the Storage Encryption Setup Wizard, which enables you to configure a new target for encryption. It is the first step in configuring encryption for a storage device. It is recommended that you zone the host and target together before you add container information. • Note: If the group is in OK-Converged mode, the group leader can communicate with all members.
Redirection zones 16 TABLE 27 Feature Description Hosts button Launches the Encryption Target Hosts dialog box, where you can configure hosts to access the selected encryption target. LUNs button Launches the Encryption Target LUNs dialog box, where you can display existing LUNs and add new LUNs. The button is enabled only if there are hosts associated with the targets. Commit button Commits LUN changes, including adding, removing, or modifying disk or tape LUNs.
16 Creating a new encryption group Creating a new encryption group The following steps describe how to start and run the encryption setup wizard, and then create a new encryption group. NOTE When a new encryption group is created, any existing tape pools in the switch are removed. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. FIGURE 196 Encryption Center - No Group Defined dialog box 2. Select a switch from the encryption group.
Creating a new encryption group 16 4. Click Next. Create a new encryption Group is pre-selected. This is the correct selection for creating a new group. FIGURE 197 Designate Switch Membership dialog box 5. Click Next. The Create a New Encryption Group dialog box displays.
16 Creating a new encryption group 6. Enter an Encryption Group Name for the encryption group (the maximum length of the group name is 15 characters; letters, digits, and underscores are allowed) and select the Automatic failback mode. NOTE If the name you enter for the encryption group already exists, a pop-up warning message displays. Although unique group names avoid confusion while managing multiple groups, you are not prevented from using duplicate group names.
Creating a new encryption group 16 Key vault address changes Before you add or change a key vault address, you must install the public key certificates for all switches in the encryption group on the key vault. Use the Encryption Group Properties dialog box to check a switch’s connection status to the new key vault and to obtain the switch’s public key certificate.
16 Creating a new encryption group FIGURE 201 Specify Master Key File Name dialog box 14. Enter a file name, or browse to the desired location. 15. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 16. Re-type the passphrase for verification.
Creating a new encryption group 16 17. Click Next. The Confirm Configuration panel displays the encryption group name and switch public key certificate file name you specified, shown in Figure 202. FIGURE 202 Confirm Configuration dialog box 18. Click Next to confirm the displayed information. The Configuration Status displays, as shown in Figure 203. The configuration status steps vary slightly depending on the key vault type. • A progress indicator shows that a configuration step is in progress.
16 Creating a new encryption group FIGURE 203 Configuration Status dialog box The Management application sends API commands to verify the switch configuration. The CLI commands are detailed in the Fabric OS Encryption Administrator’s Guide, “Key vault configuration.” • Initialize the switch If the switch is not already in the initiated state, the Management application performs the cryptocfg --initnode command.
Creating a new encryption group 16 • Create a new master key The Management application checks for a new master key. New master keys are generated from the Encryption Group Properties dialog box, Security tab. See “Creating a new master key” on page 526 for more information. • Save the switch’s public key certificate to a file The Management application saves the KAC certificate into the specified file.
16 Adding a switch to an encryption group Adding a switch to an encryption group The setup wizard allows you to either create a new encryption group, or add an encryption switch to an existing encryption group. Use the following procedure to add a switch to an encryption group. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select the switch to be to be added to the group. The switch must not already be in an encryption group. 3.
Adding a switch to an encryption group 16 FIGURE 206 Add Switch to Existing Encryption Group dialog box 5. Select the group to which you want to add the switch, and click Next. The Specify Public Key Certificate Filename panel displays. FIGURE 207 Add switch to an encryption group - Specify Public Key Certificate filename dialog box 6. Specify the name of the file where you want to store the public key certificate that is used to authenticate connections to the key vault, and click Next.
16 Adding a switch to an encryption group FIGURE 208 Add switch to an encryption group - Confirm Configuration dialog box 7. Click Next to confirm the displayed information. The Configuration Status displays. • A progress indicator shows that a configuration step is in progress. A green check mark indicates successful completion of all steps for that Configuration Item. A red stop sign indicates a failed step. • All Configuration Items have green check marks if the configuration is successful.
Creating high availability (HA) clusters 16 8. Note Important Next Steps! below this message, and click Next. Instructions for installing public key certificates for the encryption switch are displayed. These instructions are specific to the key vault type. Copy or print these instructions. FIGURE 210 Add switch to an encryption group - Next Steps dialog box 9. Click Finish to exit the Configure Switch Encryption wizard.
16 Removing engines from an HA cluster 3. Select an encryption group from the tree, and select Group > HA Cluster from the menu bar, or right-click the encryption group and select HA Cluster. Encryption Group Properties are displayed, with the HA Clusters tab selected (Figure 211). Available encryption engines are listed under Non-HA Encryption Engines. 4. Select an available encryption engine, and a destination HA cluster under High-Availability Clusters.
Swapping engines in an HA cluster 16 Swapping engines in an HA cluster Swapping engines is useful when replacing hardware. Swapping engines is different from removing an engine and adding another because when you swap engines, the configured targets on the former HA cluster member are moved to the new HA cluster member. To swap engines, select one engine from the right tree (see Figure 211) and one unclustered engine from the list on the left, and click the double-arrow button.
16 Adding encryption targets Adding encryption targets Adding an encryption target maps storage devices and hosts to virtual targets and virtual initiators within the encryption switch. NOTE It is recommended that you zone the host and target together before configuring them for encryption. If the host and target are not already zoned, you can still configure them for encryption, but afterward you will need to zone the host and target together, and then click the Commit button to commit the changes.
Adding encryption targets 16 5. Click Next to begin. The Select Encryption Engine dialog box displays. The list of engines depends on the scope being viewed. • If the Targets dialog box is showing all targets in an encryption group, the list includes all engines in the group. • If the Targets dialog box is showing all targets for a switch, the list includes all encryption engines for the switch.
16 Adding encryption targets 6. Select the encryption engine (blade or switch) you want to configure, and click Next. The Select Target panel displays. This panel lists all target ports and target nodes in the same fabric as the encryption engine. The Select Target list does not show targets that are already configured in an encryption group. There are two available methods for selecting targets: select from the list of known targets or manually enter the port and node WWNs.
Adding encryption targets 7. 16 Click Next. The Select Hosts panel displays. This panel lists all hosts in the same fabric as the encryption engine. There are two available methods for selecting hosts: select from a list of known hosts or manually enter the port and node world wide names. FIGURE 215 Select Hosts dialog box a. Select a maximum of 1024 hosts from the Host Ports in Fabric list, and click the right arrow to move the host to the Selected Hosts list.
16 Adding encryption targets FIGURE 216 Name Container dialog box 10. Click Next. The Confirmation panel displays.
Adding encryption targets 16 11. Click Next to confirm the displayed information. The Configuration Status displays the target and host that are configured in the target container, as well as the virtual targets (VT) and virtual initiators (VI). NOTE If you can view the VI/VT Port WWNs and VI/VT Node WWNs, the container has been successfully added to the switch. FIGURE 218 Configuration Status dialog box 12. Review the configuration.
16 Adding encryption targets 13. Click Next to confirm the configuration. The Important Instructions dialog box displays. FIGURE 219 Important Instructions dialog box 14. Review the instructions about post-configuration tasks you must complete after you close the wizard. 15. Click Finish to exit the Configure Storage Encryption wizard.
Configuring hosts for encryption targets 16 Configuring hosts for encryption targets Use the Encryption Target Hosts dialog box to edit (add or remove) hosts for an encrypted target. NOTE Hosts are normally selected as part of the Configure Storage Encryption wizard but you can also edit hosts later using the Encryption Target Hosts dialog box. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2.
16 Adding Target Disk LUNs for encryption Adding Target Disk LUNs for encryption The Encryption Target LUNs dialog box lists configured LUNs. The displayed information is different for disk and tape devices. For example, tape volume and label information is included for tape devices. Initially, this list is empty. NOTE If you are using VMware virtualization software or any other configuration that involves mounted file systems on the LUN, you must enable first-time encryption when you create the LUN.
Adding Target Disk LUNs for encryption 16 FIGURE 221 Encryption Target Disk LUNs dialog box 5. Click Add. The Add LUNs dialog box displays. This dialog box includes a table of all LUNs in the storage device that are visible to hosts. LUNs are identified by serial number, or by host WWN and LUN number. The LUN numbers may be different for different hosts.
16 Adding Target Disk LUNs for encryption 6. Select a host from the Host list. There are two possible sources for the list of LUNs: • Specify a range of LUN numbers and click Show LUNs. This fills the table with dummy LUN information. This method works even if the target is offline. You can specify a range of LUN numbers only if a host is chosen from the list. If All Hosts is selected, you will not be able to specify a range but can discover LUNs. • Request discovery and click Show LUNs.
Adding Target Tape LUNs for encryption 16 Adding Target Tape LUNs for encryption You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the encryption property on the Crypto LUN. You must add LUNs manually. After you add the LUNs, you must specify the encryption settings. When configuring a LUN with multiple paths, the same LUN policies must be configured on all the LUN’s paths.
16 Configuring encrypted storage in a multi-path environment 8. Select the desired encryption mode. • If you change a LUN policy from Native Encryption or DF-Compatible Encryption to Clear Text, you disable encryption. • The LUNs of the target which are not enabled for encryption must still be added to the CryptoTarget container with the Clear Text encryption mode option. NOTE The Re-keying interval can only be changed for disk LUNs.
Master keys 16 9. Select target port B, click LUNs, then click Add. Select the LUNs to be encrypted and the encryption policies for the LUNs, making sure that the encryption policies match the policies specified in the other path. 10. Click Commit to make the LUN configuration changes effective in both paths simultaneously. The Management application does not automatically commit LUN configuration changes.
16 Alternate master key Alternate master key The alternate master key is used to decrypt data encryption keys that were not encrypted with the active master key. Restore the alternate master key for the following reasons: • To read an old tape that was created when the group used a different active master key. • To read a tape (or disk) from a different encryption group that uses a different active master key.
Saving the master key to a file 16 4. Select Backup Master Key as the Master Key Action. The Master Key Backup dialog box displays, but only if the master key has already been generated. FIGURE 223 Backup Destination (to file) dialog box 5. Select File as the Backup Destination. 6. Enter a file name, or browse to the desired location. 7. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 8.
16 Saving a master key to a key vault Saving a master key to a key vault Use the following procedure to save the master key to a key vault. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3. Select the Security tab. 4. Select Backup Master Key as the Master Key Action. The Backup Master Key for Encryption Group dialog box displays. FIGURE 224 Backup Destination (to key vault) dialog box 5.
Saving a master key to a smart card set 16 Saving a master key to a smart card set A card reader must be attached to the SAN Management application PC to complete this procedure. Recovery cards can only be written once to back up a single master key. Each master key backup operation requires a new set of previously unused smart cards. NOTE Windows operating systems do not require smart card drivers to be installed separately; the driver is bundled with the operating system.
16 Saving a master key to a smart card set FIGURE 225 Backup Destination (to smart cards) dialog box 5. Select A Recovery Set of Smart Cards as the Backup Destination. 6. Enter the recovery card set size. 7. Insert the first blank card and wait for the card serial number to appear. 8. Run the additional cards needed for the set through the reader. As you read each card, the card ID displays in the Card Serial# field. Be sure to wait for the ID to appear. 9.
Restoring a master key from a file 16 Restoring a master key from a file Use the following procedure to restore the master key from a file. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3. Select the Security tab. 4. Select Restore Master Key as the Master Key Action. The Restore Master Key for Encryption Group dialog box displays.
16 Restoring a master key from a key vault Restoring a master key from a key vault Use the following procedure to restore the master key from a key vault. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3. Select the Security tab. 4. Select Restore Master Key as the Master Key Action. The Restore Master Key for Encryption Group dialog box displays.
Restoring a master key from a smart card set 16 Restoring a master key from a smart card set A card reader must be attached to the SAN Management application PC to complete this procedure. Use the following procedure to restore the master key from a set of smart cards. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3. Select the Security tab. 4.
16 Creating a new master key 10. Insert the next card, and repeat step 8 and step 9. 11. Continue until all the cards in the set have been read. 12. Click OK. Creating a new master key Though it is generally not necessary to create a new master key, you may be required to create one due to circumstances such as the following: • The previous master key has been compromised. • Corporate policy might require a new master key every year for security purposes.
Zeroizing an encryption engine 16 Zeroizing an encryption engine Zeroizing is the process of erasing all data encryption keys and other sensitive encryption information in an encryption engine. You can zeroize an encryption engine manually to protect encryption keys. No data is lost because the data encryption keys for the encryption targets are stored in the key vault. Zeroizing has the following effects: • All copies of data encryption keys kept in the encryption switch or encryption blade are erased.
16 Zeroizing an encryption engine 3. Initialize the encryption engine. An automatic power cycle and reboot occurs on the encryption blade and encryption switch. 4. Enable the encryption engine using the Switch Encryption Properties dialog box: a. Select the encryption engine from the Encryption Center dialog box. b. Click the Properties button. The Switch Encryption Properties dialog box displays. FIGURE 230 Switch Encryption Properties dialog box 528 c.
Tracking Smart Cards 16 Tracking Smart Cards Smart Cards, which are credit card-sized cards that contain a CPU and persistent memory, are a secure way to back up and restore a master key. Using Smart Cards is optional. Master keys can also be backed up to a file or key vaults and are only used for encryption groups using RKM or HP SKM key vaults. Even if an encryption group is deleted, the smart cards are still displayed. You must manually delete them.
16 Encryption-related acronyms in log messages Encryption-related acronyms in log messages Fabric OS log messages related to encryption components and features may have acronyms embedded that require interpretation. Table 28 lists some of those acronyms.
Chapter 17 Virtual Fabrics In this chapter • Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531 • Virtual Fabric requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 • Configuring Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17 Virtual Fabric requirements Terminology The following are definitions of terms used in this document. Term Definition Physical chassis The physical switch or chassis from which you create logical switches and fabrics. Logical switch A collection of zero or more ports that act as a single Fibre Channel (FC) switch. When Virtual Fabrics is enabled on the chassis, there is always at least one logical switch: the default logical switch.
Virtual Fabric requirements 17 For more information about enabling Virtual Fabrics on a physical chassis, refer to “Enabling Virtual Fabrics on a discovered device” on page 535. The following table lists the Virtual Fabric-capable physical chassis and the number of logical switches allowed for each of those physical chassis.
17 Configuring Virtual Fabrics Configuring Virtual Fabrics The Management application allows you to discover, enable, create, and manage Virtual Fabric-capable physical chassis from the same interface. Configuring logical fabrics This procedure describes the general steps you take to configure logical fabrics. The logical fabrics in this example span multiple physical chassis, and the logical switches in each fabric communicate using an XISL in the base fabric. 1.
Enabling Virtual Fabrics on a discovered device 17 Enabling Virtual Fabrics on a discovered device ATTENTION Enabling Virtual Fabrics is disruptive. You should disable the physical chassis before you enable Virtual Fabrics. ATTENTION If the physical chassis is participating in a Fabric, the affected Fabric will be disrupted. To enable Virtual Fabrics, complete the following steps. 1. Right-click the physical chassis in the topology and select Enable Virtual Fabric.
17 Creating a logical switch or base switch 3. Select one of the following in the Existing Logical Switches table: • A physical chassis in the Discovered Logical Switches node. • A NewFabric logical switch template in the Discovered Logical Switches node. • The Undiscovered Logical Switches node. If you select a logical switch template, the fabric-wide settings for the logical switch are obtained from the settings in the template.
Finding the physical chassis for a logical switch 17 15. Select the ports you want to include in the logical switch from the Ports table. 16. Click the right arrow button. The ports display in the selected logical switch node in the Existing Logical Switches table. 17. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box.
17 Assigning ports to a logical switch Assigning ports to a logical switch A port can be assigned to only one logical switch. All ports are initially assigned to the default logical switch. When you create a logical switch, it has no ports and you must explicitly assign ports to it. When you assign a port to a logical switch, it is removed from the original logical switch and assigned to the new logical switch. To assign ports to a logical switch, complete the following steps. 1.
Removing ports from a logical switch 17 Removing ports from a logical switch To remove ports from one or more logical switches, complete the following steps. 1. Select a switch on the Product List or Connectivity Map and select Configure > Logical Switches. The Logical Switches dialog box displays. 2. Select the physical chassis to which the ports belong in the Chassis list. 3. Right-click anywhere in the Existing Logical Switches table and select Table > Expand All. 4.
17 Deleting a logical switch Deleting a logical switch To delete ports from one or more logical switches, complete the following steps. 1. Select a switch on the Product List or Connectivity Map and select Configure > Logical Switches. The Logical Switches dialog box displays. 2. Right-click anywhere in the Existing Logical Switches table and select Table > Expand All. 3. Right-click the logical switch you want to delete from the Existing Logical Switches table and select Delete.
Applying logical fabric settings to all associated logical switches 17 3. Click New Fabric. The New Logical Fabric Template dialog box displays. 4. Enter a new identifier in the Logical Fabric ID field to create a new logical fabric. This identifier is how you distinguish among multiple logical fabric templates in the Logical Switches dialog box. If you create more than one logical fabric template, give them different fabric IDs. 5.
17 Moving a logical switch to a different fabric 3. Right-click the logical switch for which you have configured logical fabric settings from the Existing Logical Switches table and select Configure All. The logical fabric configuration settings (Fabric tab) are applied to all logical switches in the same fabric (determined by fabric ID). 4. Click OK on the Logical Switches dialog box.
Changing a logical switch to a base switch 17 9. Click Start to send these changes to the affected chassis. NOTE Most changes to logical switches will disrupt data traffic in the fabric. The status of each change is displayed in the Status column and Status area. 10. When the changes are complete, click Close. 11. Discover the new logical fabric. See “Discovering fabrics” on page 39 for instructions. When entering the IP address, use the IP address of the physical fabric.
17 Changing a logical switch to a base switch 9. Select the Re-Enable ports after moving them check box. 10. Click Start to send these changes to the affected chassis. NOTE Most changes to logical switches will disrupt data traffic in the fabric. The status of each change is displayed in the Status column and Status area. 11. When the changes are complete, click Close.
Chapter 18 Zoning In this chapter • Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zoning configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • LSAN zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Traffic isolation zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zoning administration . . . .
18 Zoning overview • QoS zones Assign high or low priority to designated traffic flows. QoS zones are normal zones with additional QoS attributes that you select when you create the zone. • Traffic Isolation zones (TI zones) Isolate inter-switch traffic to a specific, dedicated path through the fabric. See “Traffic isolation zoning” on page 573 for more information. Online zoning Online zoning allows you to do the following: • • • • • • View both defined and active zone information in the fabric.
Accessing zoning 18 Accessing zoning You can access Zoning from the main screen of the Management application using any of the following methods: • • • • Select Configure > Zoning > Fabric. Click the Zoning icon on the toolbar. Right-click a port, switch, switch group, or fabric in the device list and select Zoning. Right-click a port, switch, switch group, or fabric in the Connectivity Map and select Zoning.
18 Administrator zoning privileges .
Zoning configuration 18 Zoning configuration At a minimum, zoning configuration entails creating zones and zone members. However, you can also create zone aliases, zone configurations, and zone databases. You can define multiple zone configurations, deactivating and activating individual configurations as your needs change. Zoning configuration can also involve enabling or disabling safe zoning mode and the default zone.
18 Creating a new zone Creating a new zone 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Click New Zone. A new zone displays in the Zones list. 5. Type the desired name for the zone.
Viewing zone properties 18 Viewing zone properties 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Right-click the zone you want to review in the Zones list and select Properties. The Zone Properties dialog box displays. 5.
18 Creating a new member in a zone by WWN 6. Select an option from the Type list. By default, the first time you launch the Zoning dialog box for a Zoning Scope, the Potential Members list displays valid members using the following rules: • If you select the World Wide Name type, the valid members display by the Attached Ports. • If you select the Domain/Port Index type, the valid members display by the ALL Product Ports (both occupied and unoccupied). This option is available for FC fabrics only.
Creating a new member in a zone by domain, port index 7. 18 Add the new member by port name by completing the following steps. a. Select the Existing End Device Node/Port Name option. b. Select a port name from the list. OR Add the new member by port WWN by completing the following steps. a. Select the End Device Node/Port WWN option. b. Enter a port WWN in the End Device Node/Port WWN field.
18 Creating a new member in a zone by alias 6. Select Domain, Port Index from the Member Type list. 7. Add the new member by port name by completing the following steps. a. Select the Existing Switch Port Name option. b. Select a name from the list. OR Create a new member by domain and port index by choosing one of the following options: • Select the Domain, Port Index (decimal) option and enter domain and port values in the fields.
Enabling or disabling the default zone for fabrics 7. 18 Add the new member by alias name by completing the following steps. a. Select the Existing Alias option. b. Select an alias from the list. OR Create a new alias by completing the following steps. a. Select the New Alias option. b. Enter a name in the New Alias field. c. Assign the alias by choosing one of the following options: • Select the WWN option and enter the WWN in the field.
18 Enabling or disabling safe zoning mode for fabrics 5. Click Zoning Policies. The Zoning Policies dialog box displays. NOTE The format and content of this dialog box vary slightly depending on Interop Mode, the target selected in the Zoning Scope list, and whether safe zoning mode is enabled. If safe zoning mode is enabled, the Default Zone button is disabled. If you want to enable the default zone, you need to disable the safe zoning mode. 6.
Creating a new zone alias 7. 18 Click OK to apply your changes and close the Zoning Policies dialog box. 8. Click OK or Apply on the Zoning dialog box to save your changes. Creating a new zone alias An alias is a logical group of port index numbers and WWNs. Specifying groups of ports or devices as an alias makes zone configuration easier, by enabling you to configure zones using an alias rather than inputting a long string of individual members.
18 Removing an object from a zone alias 5. Click Edit. The Edit Alias dialog box displays. 6. Add members to the alias by completing the following steps. 7. a. Select WWN or Domain, Port Index to choose how to display the objects in the Potential Members list. b. Show all discovered fabrics in the Potential Members list by right-clicking in the Potential Members list and selecting Expand All. c. Select one or more members that you want to add to the alias in the Potential Members list.
Exporting zone aliases 18 Exporting zone aliases Use this procedure to export a zone alias. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select Alias from the Type list. 4. Click Export. The Export Alias dialog box displays. 5. Browse to the location to which you want to export the zone alias data. 6. Enter a name for the export file in the File Name field. 7. Click Export Alias. 8.
18 Viewing zone configuration properties 5. Enter a name for the zone configuration. For zone name requirements and limitations, refer to “Zoning naming conventions” on page 547. 6. Press Enter. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors, and asking whether you want to proceed. Click Yes to continue, or No to cancel the zone creation. 7. Add zones to the zone configuration.
Adding zones to zone configurations 18 Adding zones to zone configurations Use this procedure to add one or more zones to a zone configuration. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4.
18 Activating a zone configuration There are several conditions that could cause the Activate button to be unavailable. They include the following: • If you do not have access privileges to activate zone configurations, the Activate button on the Zone DB tab will be unavailable. You will not be able to activate a zone configuration unless your access privileges are redefined. • The fabric is not manageable.
Deactivating a zone configuration 7. 18 Click OK to activate the zone configuration. A message box displays informing you that the zones and zone configurations you change will be saved in the zone database and asking whether you want to proceed. Click Yes to confirm the activation, or No to cancel the activation. When you click Yes, a busy window displays indicating the activation is in progress. A status field informs you whether the activation succeeded or failed.
18 Creating an offline zone database Creating an offline zone database Use this procedure to create a zone database and save it offline. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a zone database from the Zone DB list. 4. Select Save As from the Zone DB Operation list. The Save Zone DB As dialog box displays. 5. Enter a name for the database in the Zone DB Name field. 6. Click OK. 7.
Refreshing a zone database 18 Refreshing a zone database Use this procedure to refresh a zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a zone database from the Zone DB list. 4. Select Refresh from the Zone DB Operation list. A message displays informing you that refresh will overwrite the selected database. Click Yes to continue. 5. Click OK.
18 Merging two zone databases FIGURE 232 Compare/Merge Zone DBs dialog box 3. Select a database from the Reference Zone DB field. 4. Select a database from the Editable Zone DB field. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases. In the Editable zone DB area, each element type and element display with an icon indicator (Table 29) to show the differences between the two databases. 5.
Saving a zone database to a switch 7. 18 Select the Differences check box to display only the differences between the selected databases. 8. Select the Sync Scroll Enable check box to synchronize scrolling between the selected databases. 9. Merge zone configurations by completing the followings steps. a. Select one or more zone configuration nodes from the Reference Zone DB area. b. Select an element in the Editable Zone DB area. c. Click Merge. 10. Merge zones by completing the followings steps.
18 Exporting an offline zone database 4. Click Yes on the confirmation message. The selected zone database is saved to the fabric without enabling a specific zone configuration. 5. Click OK to save your work and close the Zoning dialog box. Exporting an offline zone database NOTE You cannot export an online zone database. Use this procedure to export a zone database to a specified location. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2.
Rolling back changes to the zone database on the fabric 18 Rolling back changes to the zone database on the fabric Use this procedure to reverse changes made to a zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select the zone database you want to roll back from the Zone DB list. You must select an offline zone database that has a value in the Last Saved to Fabric column. You cannot roll back changes for zone databases that were never saved to the fabric. 3.
18 Creating a new LSAN zone 8. Click OK to activate the LSAN zones and close the dialog box. A message box displays informing you that the zones you change will be saved in the zone database and asking whether you want to proceed. Click Yes to confirm the activation, or No to cancel the activation. When you click Yes, a busy window displays indicating the activation is in progress. A status field informs you whether the activation succeeded or failed.
Adding members to the LSAN zone 18 Adding members to the LSAN zone Use this procedure to add a member to an LSAN zone when the member is listed in the Potential Members list of the Zone DB tab. 1. Select Configure > Zoning > LSAN Zoning (Device Sharing). The Zone DB tab of the Zoning dialog box displays. 2. If you want to show all discovered fabrics in the Potential Members list, right-click anywhere in the table and select Display All. 3.
18 Creating a new member in an LSAN zone Creating a new member in an LSAN zone Use this procedure to add a member to an LSAN zone when the member is not listed in the Potential Members list of the Zone DB tab. For instructions to add a member to a zone when the member is listed in the Potential Members list, refer to the procedure “Adding members to the LSAN zone” on page 571. 1. Select Configure > Zoning > LSAN Zoning (Device Sharing). The Zone DB tab of the Zoning dialog box displays. 2.
Activating LSAN zones 18 Activating LSAN zones Use this procedure to activate LSAN zones. 1. Select Configure > Zoning > LSAN Zoning (Device Sharing). The Zone DB tab of the Zoning dialog box displays. 2. Click Activate. The Activate LSAN Zones dialog box displays. 3. Review the information in this dialog box. 4. Click OK to commit the LSAN zones and activate them in the selected fabrics.
18 Creating a traffic isolation zone Configuring traffic isolation zoning The following procedure provides an overview of the steps you must perform to configure traffic isolation zoning. Note that for any zoning-related procedure, changes to a zone database are not saved until you click OK or Apply on the Zoning dialog box. If you click Cancel or the close button (X), no changes are saved. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2.
Adding members to a traffic isolation zone 18 6. Enter a name for the zone. For zone name requirements and limitations, refer to “Zoning naming conventions” on page 547. 7. Press Enter. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors, and asking whether you want to proceed. Click Yes to continue, or No to cancel the zone creation. 8. Click OK or Apply to save your changes.
18 Enabling a traffic isolation zone 8. Click the right arrow between the Potential Members list and Zones list to add the selected ports to the zone. A message may display informing you that one or some of the selected potential members cannot be zoned. Click OK to close the message box. Reconsider your selections and make corrections as appropriate. 9. Click OK or Apply to save your changes.
Enabling failover on a traffic isolation zone 18 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Right-click the traffic isolation zone you want to disable in the Zones list and clear the Configured Enabled check box. 5. Click OK or Apply to save your changes.
18 Disabling failover on a traffic isolation zone Disabling failover on a traffic isolation zone NOTE Traffic isolation zones are only configurable on a Fabric OS device. If failover is disabled, be aware of the following considerations: • Ensure that there are non-dedicated paths through the fabric for all devices that are not in a TI zone. • If you create a TI zone with just E_Ports, failover must be enabled. If failover is disabled, the specified ISLs will not be able to route any traffic.
Zoning administration 18 Zoning administration This section provides instructions for performing administrative functions with zoning. You can rename, duplicate, delete, and perform other tasks on zone members, zones, and zone configurations. Comparing zone databases You can compare zone databases against one another to identify any and all differences between their membership prior to sending them to the switch.
18 Comparing zone databases FIGURE 233 Compare/Merge Zone DBs dialog box 3. Select a database from the Reference Zone DB field. 4. Select a database from the Editable Zone DB field. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases. In the Editable zone DB area, each element type and element display with an icon indicator (Table 29) to show the differences between the two databases. 5.
Comparing zone databases 18 6. Set the level of detail for the database areas by selecting one of the following options from the Tree Level list. NOTE This list is only available when you set the Comparison View to Full (Zone Configs, Zones, Aliases). • All Level—Displays all zone configurations, zones, and aliases. • Zone Configs—Displays only zone configurations. • Zones—Displays only zones. 7. Select the Differences check box to display only the differences between the selected databases. 8.
18 Setting change limits on zoning activation Setting change limits on zoning activation Use this procedure to set a limit on the number of changes a user can make to the zone database before activating a zone configuration. If the user exceeds the limit, zone configuration activation is not allowed. Changes include adding, removing, or modifying zones, aliases, and zone configurations. By default, all fabrics allow unlimited changes.
Deleting a zone alias 18 4. Select one or more zones in the Zones list that you want to delete, then right-click and select Delete. A message box displays asking you to confirm the deletion. 5. Click Yes to delete the selected zone. The message box closes and, if successful, the zone or zones are removed from the Zones list. NOTE If you select “Do not show me this again.” on the confirmation message box, the next time you delete a zone, the zone is deleted without requesting confirmation from you.
18 Deleting an offline zone database 5. Click Yes to delete the selected zone configuration. The message box closes and, when successful, the selected zone configurations are removed from the Zone Configs list. NOTE If you select “Do not show me this again.” on the confirmation message box, the next time you delete a zone configuration, it will be deleted without requesting confirmation from you.
Clearing the fabric zone database 18 Clearing the fabric zone database Use this procedure to clear a Fabric Zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning databases for the selected entity. 3. Select the Fabric Zone DB from the Zone DB list. 4. Select Clear All from the Zone DB Operation list. 5.
18 Duplicating a zone Duplicating a zone When you duplicate a zone, you make a copy of it in the same zone database. The first time a zone is duplicated, the duplicate is automatically given the name _copy. On subsequent times, a sequential number is assigned to the zone name, such as _copy_1, _copy_2, and _copy_3. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3.
Duplicating a zone configuration 18 Duplicating a zone configuration When you duplicate a zone configuration, you make a copy of it in the same zone database. The first time a zone configuration is duplicated, the duplicate is automatically given the name _copy. On subsequent times, a sequential number is assigned to the zone name, such as _copy_1, _copy_2, and _copy_3.
18 Finding a zone member in the potential member list 4. If you want to show all fabrics discovered in the Potential Members list, right-click in the Potential Members list and select Display All. 5. Select the device or port you want to find in the Potential Members list. Press SHIFT or CTRL and click each zone to select more than one zone. 6. Click Find > between the Potential Members list and Zones list.
Finding a zone configuration member in the zones list 18 4. Select the zone you want to find in the Zones list. Press SHIFT or CTRL and click each zone to select more than one zone. 5. Click Find > between the Zones list and the Zone Configs list. - If the zone is found, all instances of the zone are highlighted in the Zone Configs list. If the zone is not found, a message displays informing you of this. Click OK to close the message box.
18 Removing a member from a zone Removing a member from a zone Use the following procedure to remove one or more members from a zone or zones. Note that the member is not deleted; it is only removed from the zone. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select an FC fabric from the Zoning Scope list.
Removing an offline device 18 5. Perform one of the following actions: • Right-click the name of the zone you want to remove in the Zone Configs list and select Remove. • To remove multiple zones, select the zones to be removed from the zone configuration, and click the left arrow between the Zones list and the Zone Configs list. When successful, the zone is removed from the Zone Configs list. 6. Click OK or Apply to save your changes.
18 Renaming a zone Renaming a zone Use this procedure to assign a new name to a zone. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Right-click the name of the zone you want to change in the Zones list and select Rename. 5.
Replacing zone members 18 6. Press Enter to save the new name. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors, and asking whether you want to proceed. Click Yes to continue, or No to cancel the renaming and consider your options. 7. Click OK or Apply to save your changes.
18 Replacing an offline device by WWN 7. Click OK. If you have entered more than one port name or zoning method, a message displays informing you of the error. Click OK to close the message, correct your entry, and click OK again. If no entry error was made, the new zone member replaces the old zone member in the Zones list and the Replace Zone Member dialog box closes. 8. Click OK or Apply to save your changes.
Replacing an offline device by name 18 Replacing an offline device by name The Management application enables you to replace an offline device from all zones and zone aliases in the selected zone DB. To replace an offline device by name, complete the following steps. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select an FC fabric from the Zoning Scope list.
18 596 Replacing an offline device by name DCFM Enterprise User Manual 53-1001357-01
Chapter 19 Troubleshooting In this chapter • FC troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IP troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Fabric tracking troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Supportsave troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zoning troubleshooting . . . . . . . . .
19 FC troubleshooting Tracing FC routes The Management application enables you to select a source port and a destination port and displays the detailed routing information from the source port or area on the local switch to the destination port or area on another switch. Trace route cannot be performed on the offline devices or virtual devices. NOTE Trace route is only supported on Fabric OS switches running Fabric OS 5.2 or later. To trace routes, complete the following steps. 1.
Troubleshooting device connectivity 19 • Reverse Route. This tab shows the path from the destination port to the source port. NOTE This reverse route may sometimes be different from the forward route. • FC Ping. This tab shows the minimum, maximum and average round trip times between the selected device port WWNs and the domain controller. It details whether the selected device port WWNs are zoned or not.
19 Troubleshooting device connectivity 3. Click OK. The following diagnostic tests are performed: • • • • • • Device Status Switch port health status Zone configuration in the fabric LSAN zone configuration in edge fabrics Edge fabric - FC router physical connection status. Active ACL DCC policy check (Fabric OS only) The Device Connectivity Troubleshooting Results dialog box displays. If no problems are found, the diagnostic test is marked with a check mark.
Confirming fabric device sharing 19 Confirming fabric device sharing NOTE Fabric device sharing is only available on pure Fabric OS fabrics. To confirm fabric device sharing, complete the following steps. 1. Select Configure > FC Troubleshooting > Fabric Device Sharing. The Fabric Device Sharing Diagnosis dialog box displays. 2. Select the fabrics (two or more) for which you want to confirm device sharing from the Available Fabrics table. 3. Click the right arrow button. 4. Click OK.
19 IP troubleshooting IP troubleshooting NOTE IP troubleshooting is only available for Fabric OS devices. You can perform the following operations using IP troubleshooting: • Ping. Use to confirm that the configured FCIP tunnels are working correctly. • Trace Route. Use to view the route information from a source port on the local device to a destination port on another device and determine where connectivity is broken. • Performance. Select to view FCIP tunnel performance between two devices.
IP troubleshooting TABLE 30 19 FCIP IP Ping Response Details Field or Component Description Maximum Round Trip Time The longest time, in milliseconds, of any response. If no response, the round trip times is 0. Average Round Trip Time The average time, in milliseconds, of all responses. If no response, the round trip times is 0. The bottom table (IP Ping Details) provides details for each ping attempt. TABLE 31 7.
19 Tracing IP routes Tracing IP routes The Management application enables you to select an source and a target and displays the detailed routing information from the source port or area on the local switch to the destination port or area on another switch. Trace route cannot be performed on the offline devices or virtual devices. NOTE Trace route is only supported on Fabric OS devices running Fabric OS 5.2 or later. To trace routes, complete the following steps. 1.
Viewing FCIP tunnel performance 7. 19 Click Close on the IP Traceroute Result dialog box. 8. Click Cancel on the IP Traceroute dialog box. Viewing FCIP tunnel performance NOTE IP Performance is only supported on the 4 Gbps Router, Extension Switch and Encryption Blade running Fabric OS 5.2 or later. NOTE If you run IP Performance over a link also being used for production traffic, it will impact the production traffic performance. To view FCIP tunnel performance, complete the following steps. 1.
19 Client browser troubleshooting 7. Field/Component Description DELAY The average round trip time to send a packet of data and receive the acknowledgement. PMTU (Path Maximum Transmission Unit) The largest packet size that can be transmitted over the end-to- end path without fragmentation. This value is measured in bytes and includes the IP header and payload. IP Performance tries the configured Fabric OS Jumbo MTU value (anything over 15000, then 1500, then 1260.
Supportsave troubleshooting 19 Supportsave troubleshooting The following section states a possible issue and the recommended solution for supportsave errors. Problem Resolution Cannot capture support save information. Capture support show by running the batch file from the /bin/supportshow.bat from Windows and UNIX systems. 1 Open \bin\supportsave.bat. 2 Edit file supportsave dbuser dbpasswd [tareget-dir] [pause-option].
19 608 Zoning troubleshooting DCFM Enterprise User Manual 53-1001357-01
Appendix A Supported Key Management Systems In this appendix • Key management systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • The NetApp Lifetime Key Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • The RSA Key Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • The HP Secure Key Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Thales Encryption Manager for Storage. .
A The NetApp Lifetime Key Manager The NetApp Lifetime Key Manager The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network appliance. The encryption engine and LKM appliance communicate over a trusted link. A trusted link is a secure connection established between the Encryption switch or blade and the NetApp LKM appliance, using a shared secret called a link key. One link key per encryption switch is established with each LKM appliance.
Obtaining and importing the LKM certificate A Obtaining and importing the LKM certificate Certificates must be exchanged between LKM and the encryption switch to enable mutual authentication. You must obtain a certificate from LKM, and import it into the encryption group leader. The encryption group leader exports the certificate to other encryption group members. To obtain and import an LKM certificate, do the following. 1. Open an SSH connection to the NetApp LKM appliance and log in. host$ssh admin@10.
A Exporting the KAC certificate signing request Exporting the KAC certificate signing request If you are using the SAN Management program, the KAC certificate signing request (CSR) is exported to a location you specify when you create a new encryption group or add a switch to an encryption group. You can also export the KAC CSR from the Switch Properties view.
Importing the signed KAC certificate A Importing the signed KAC certificate The signed KAC certificate must be imported into the switch or blade that generated the CSR. If you are using the SAN Management program, do the following. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays the status of all encryption-related hardware and functions at a glance. It is the single launching point for all encryption-related configuration. 2.
A Registering the certificates Registering the certificates The switch’s KAC certificate must be registered on the LKM appliance, and the LKM certificate must be registered on the switch. 1. From the external host, register the KAC certificate you exported from the group leader with the NetApp LKM appliance. host$echo lkmserver certificate set 10.32.244.71 \ ‘cat kac_lkm_cert.pem‘ | ssh -l admin 10.33.54.231 Pseudo-terminal will not be allocated because stdinis not a terminal. admin@10.33.54.
Registering the certificates A NODE LIST Total Number of defined nodes: 2 Group Leader Node Name: 10:00:00:05:1e:41:7e Encryption Group state: CLUSTER_STATE_CONVERGED Node Name IP address Role 10:00:00:05:1e:41:9a:7e 10.32.244.71 GroupLeader 10:00:00:05:1e:39:14:00 10.32.244.60 MemberNode (current node) 5. Exchange certificates between the LKM key vault and the member node, starting with exporting the KAC certificate from the member node to an SCP-capable external host.
A LKM appliance cluster support LKM appliance cluster support LKM appliances can be clustered together to provide high availability (HA) failover/failback capabilities. When LKM appliances are clustered, both LKMs in the cluster must be registered and configured with the link keys before starting any crypto operations. If two LKM key vaults are configured, they must be clustered.
Establishing the trusted link A 2. To add the encryption group leader to an LKM appliance third party key sharing group, enter lkmserver add --type third-party --key-sharing-group "/" followed by the group leader IP address. lkm-1>lkmserver add --type third-party --key-sharing-group \ "/" 10.32.244.71 NOTICE: LKM Server third-party 10.32.244.71 added. Cleartext connections not allowed. 3. From the external host, enter echo lkmserver set ‘cat kac_cert_lkm.
A The RSA Key Manager The RSA Key Manager Communication with the RSA Key Manager (RKM) is secured by wrapping DEKs in a master key. The encryption engine must generate its own master key, send DEKs to RKM encrypted in the master key, and decrypt DEKs received from RKM using the same master key. The master key may optionally be stored as a key record in the RKM key vault as a backup, but RKM does not assume responsibility for the master key.
Submitting the CSR to a certificate authority A The following example exports a CSR to USB storage. SecurityAdmin:switch>cryptocfg --export -usb KACcsr kac_rkm_cert.pem Operation succeeded. If you export the CSR to a USB storage device, you will need to remove the storage device from the switch, and then attach it to a computer that has access to a third party certificate authority (CA). If you are using the SAN Management application, this can be your SAN Management application workstation.
A Uploading the KAC and CA certificates onto the RKM appliance 7. Click Save. If you are using the CLI, you can import the signed KAC certificate to the switch from a file on a LAN attached host, or you can write it to a USB storage device, attach the USB storage device to the switch or blade, and import the certificate from that device. The following describes both options. 1. Log into the switch to which you wish to import the certificate as Admin or SecurityAdmin. 2.
Uploading the KAC and CA certificates onto the RKM appliance A 8. Select the Key Classes tab. For each of the following key classes, perform steps a. through h. to create the class. The key classes must be created only once, regardless of the number of nodes in your encryption group and regardless of the number of encryption groups that will be sharing this RKM. kcn.1998-01.com.brocade:DEK_AES_256_XTS kcn.1998-01.com.brocade:DEK_AES_256_CCM kcn.1998-01.com.brocade:DEK_AES_256_GCM kcn.1998-01.com.
A RKM Appliance cluster support 10. Register the RKM key vault on the group leader using the CA certificate for the CA that signed the RKM key vault certificate. The path to the file was entered in the SSLCAcertificateFile field. The group leader automatically shares this information with other group members. SecurityAdmin:switch>cryptocfg --import -scp SecurityAdmin:switch>cryptocfg --reg -keyvault primary 11.
Obtaining a signed certificate from the HP SKM appliance software A Obtaining a signed certificate from the HP SKM appliance software The following steps describe how to get a signed certificate from the Hewlett Packard Secure Key Manager (HP SKM) appliance. You will need this information when you create a new encryption group with the HP SKM key vault, and you must obtain a signed certificate for each switch. 1. Select Tools > Internet Options on your Internet browser.
A Importing a signed certificate Importing a signed certificate After a signed certificate is obtained, it must be imported and registered. 1. Select a switch from the Encryption Targets dialog box, and click the Properties tab. FIGURE 235 Switch Properties dialog box 2. Click the Import button. The Import Signed Certificate dialog box displays. FIGURE 236 Import Signed Certificate dialog box 3. Browse to the location of the stored, signed certificate, and click OK.
Exporting the KAC certificate request A Exporting the KAC certificate request A KAC certificate request must be exported for each encryption node to an SCP-capable host. 1. Log into the group leader as Admin or SecurityAdmin. 2. Set the SKM key vault type by entering the cryptocfg --set -keyvault command with the SKM option. Successful execution sets the key vault type for the entire encryption group. SecurityAdmin:switch>cryptocfg --set -keyvault SKM Set key vault status: Operation Succeeded. 3.
A Registering the Brocade user name and password on the switch Registering the Brocade user name and password on the switch You must register the user name and password that was added to the SKM appliance in “Setting up a Brocade user” on the switch. 1. Register a user password and user name by issuing the following command at the switch. SecurityAdmin:switch>cryptocfg --reg -KAClogin 2. When prompted, enter the user name specified in step 5 of “Setting up a Brocade user”. 3.
Adding the local CA to the trusted CAs list A Adding the local CA to the trusted CAs list You must now update the Trusted CAs list with the local CA name you created in “Setting up the local certificate authority”. 1. Select the Security tab on the SKM key manager. 2. Select Trusted CA Lists under Certificates and CAs. The Trusted CA Lists page is displayed. 3. Select Default under Profile Name. 4. Click Properties. A properties dialog box is displayed. 5. Click Edit.
A Downloading the local CA certificate file 4. Select Create Certificate Request. Successful completion is indicated when the new entry for the server certificate appears on the Certificate List with a Certificate Status of Request Pending. 5. Select the pending server certificate from the list. 6. Select Properties. A Certificate Request Information dialog box is displayed. 7. Copy the key contents, beginning with ---BEGIN CERTIFICATE REQUEST--- and ending with ---END CERTIFICATE REQUEST---.
Creating an SKM Key vault High Availability cluster A 6. Select the Device tab on the SKM key manager. 7. Select KMS Server under Device Configuration. The Key Management Services Configuration page is displayed. 8. Select Edit under KMS Server Settings. 9. Click the check boxes for the following: - Use SSL Allow Key and Policy Configuration Operations Allow Key Export 10. Type in the server certificate name in the Server Certificate field. 11. Select Save to save these settings. 12.
A Copying the local CA certificate Copying the local CA certificate 1. Select the Security tab. 2. Select Local CAs under Certificates & CAs. 3. Select the name of the local CA from the Local Certificate Authority list. The CA Certificate Information is displayed. 4. Copy the key contents, beginning with ---BEGIN CERTIFICATE REQUEST--- and ending with ---END CERTIFICATE REQUEST---. Be careful not to include any extra characters.
Signing the KAC certificate A 14. Select Join. 15. You are prompted to confirm the operation. Select Confirm. The Cluster Configuration page displays, showing the cluster members. Repeat the procedure to add more members, as needed. Delete the temporary cluster key file when finished. You should also verify that the same server certificate configured for all cluster members by selecting the Device tab, and select KMS Server Settings.
A Importing a signed certificate (SAN Management program) Importing a signed certificate (SAN Management program) The public key certificate from the switch is used to authenticate connections to the key vault. 1. Select a switch from the Encryption Targets dialog box, and click the Properties tab. FIGURE 237 Switch Properties dialog box 2. Click the Import button. The Import Signed Certificate dialog box displays. FIGURE 238 Import Signed Certificate dialog box 3.
Thales Encryption Manager for Storage A Thales Encryption Manager for Storage Communication with the Thales Encryption Manager for Storage (TEMS) is referred to as NCKA in operational descriptions in this appendix. NCKA is secured by wrapping DEKs in a master key. The encryption engine must generate its own master key, send DEKs to NCKA encrypted in the master key, and decrypt DEKs received from NCKA using the same master key.
A Signing the CSR Signing the CSR 1. Export the certificate signing request (CSR) certificate from the switch. Cryptocfg -export -scp -KACsr NOTE On some host systems this request does not work. If that is true for your system, copy the .csr file above manually to the workstation you are using to interface with the key vault. 2. Under the certificate column in the user table, click on the pen icon for the newly created user.
Registering the certificates A Registering the certificates Examples below are for the two Thales key vaults installed. Commands assume the exported signed certificates were saved as brcduser1@ncka-1 and brcduser1@ncka-2 for the primary and secondary key vaults and the data port IP addresses are 10.32.44.112 and 10.32.44.114. 1. Set the key vault type. cryptocfg --set -keyvault NCKA 2. Register the signed KAC certificates. cryptocfg --reg -KACcert brcduser1@ncka-1.
A 636 Registering the certificates DCFM Enterprise User Manual 53-1001357-01
Appendix B Call Home Event Tables In this appendix This section provides information about the specific events that display when using Call Home. This information is shown in the following Event Tables. • Call Home Event Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • # CONSRV Events Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • # Thermal Event Reason Codes Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
B Call Home Event Table Event Reason Code FRU Code / Event Type Description Severity 208 PWR/HW Power supply false shutdown. 3 300 FAN/HW A cooling fan propeller has failed. 3 301 FAN/HW A cooling fan propeller has failed (two failed propellers). 3 302 FAN/HW A cooling fan propeller has failed. 3 303 FAN/HW A cooling fan propeller has failed. 3 304 FAN/HW A cooling fan propeller has failed. 3 305 FAN/HW A cooling fan propeller has failed.
B # CONSRV Events Table # CONSRV Events Table Event Reason Code FRU Code/Event Type Description Severity 504 DVP/LIM/HW M-EOS: Port module failure. 3 506 DVP/PORT Fibre Channel port failure 3 509 DVP/PORT Fibre Channel path failure. 0 511 LIM/DVP LIM SPP failure. 3 514 DVP/ LIM/PORT SFP/XFP optics failure. 3 517 LIM LIM SPP Offline. 3 530 LIM/DVP LIM Power-up diagnostic failure. 3 536 LIM/DVP Internal Frame Error port anomaly - threshold exceeded.
B # Brocade Events Table # Brocade Events Table Event Reason Code FRU Code/Event Type Description Severity 1009 MS-1009 Error in registered link incident record (RLIR) 4 1402 FW-1402 Flash usage is out of range (Fabric OS version 6.
Appendix User Privileges C In this appendix • About User Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641 • About Roles and Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657 About User Privileges The Management application provides the User Administrator with a high level of control over what functions individual users can see and use.
C About User Privileges TABLE 33 Privileges and Application Behavior Privilege Description No Privilege Read-Only Read/Write Active Session Management Allows you view active client sessions and disconnect an unwanted user. Disables the Active Sessions command from the SAN menu. Enables the Active Sessions command from the SAN menu. Disables all commands and functions on the dialog box except the Close and Help. Enables the Active Sessions command from the SAN menu.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Configuration Management Allows you to access the Configuration Management dialog box and perform configuration upload and replication. Disables the Switch command on the Configure menu. Configuration upload and replication are disabled. Enables the Switch command on the Configure menu. Only viewing of saved configuration is supported.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Fabric Binding Allows you to define the switches allowed to join a fabric. Allows you to control access to the Fabric Binding dialog box from the Configure menu. Disables the Fabric Binding command on the Configure menu. Enables the Fabric Binding command on the Configure menu; however, disables the OK button.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Fault Management Allows you to control access to the SNMP Trap Registration and Forwarding dialog box, the Event Storage option of the Options dialog box, the Syslog Registration and Forwarding dialog box, as well as the Export and Clear functions in the Event Log dialog box and the Show and Hide functions in the Customize Columns dialog box.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write FCIP Management Allows you to configure FCIP tunnels and troubleshooting of IP interfaces (IP performance, IP ping and IP trace route). Disables the Configure > FCIP Tunnel and Configure > IP Troubleshooting commands. Disables the FCIP Tunnel command on the Fabric right-click menu. Enables the Configure > FCIP Tunnel and Configure > IP Troubleshooting commands.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write High Integrity Fabric For Fabric OS devices, allows you to set Fabric Binding and Insistent Domain IDs. For M-EOS devices, allows you to activate the High Integrity Fabric, which activates Fabric Binding, Switch Binding, Insistent Domain ID, Rerouting Delay, and Domain RSCNs. Disables the High Integrity Fabric command from the Configure menu.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write LSAN Zoning Allows you to edit and activate LSAN zones for the LSAN fabrics that are available within the Zoning dialog box. Prerequisite: Both the backbone fabrics as well as all directly connected edge fabrics must be added to a resource group and a user with LSAN Zoning privilege must be assigned to this specific resource group.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Performance Allows you to configure the performance subsystem, the display of performance graphs, and threshold settings. Disables entire Performance submenu of the Monitor menu as well as the right-click Performance Graph(s) command on ports and switch products. Disables the Port Optics command on the right-click menu.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Product Operation An Element Manager privilege that enables operator functions. Disables the functions described in the Element Manager User Manual for which you do not have rights. Displays the message, “You do not have rights to perform this action.” Same as No Privilege. Enables the functions described in the Element Manager User Manual.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Security Allows you to enable and configure SANtegrity features. Disables the Security command from the Configure > Switch > Replicate menu. Disables the Security Log command on the Monitor > Logs menu. Disables the Security Misc command from the SAN > Options menu. Disables the Security command from the Configure > Switch > Replicate menu.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Storage Encryption Configuration Allows you to configure storage encryption configuration, including selecting storage devices and LUNs, viewing and editing switch, group, or engine properties, viewing and editing storage device encryption properties, and initiating manual LUN re-keying. Disables the Encryption command from the Configure menu.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Storage Encryption Security Allows you to configure storage encryption security, including creating a new encryption group, adding a switch to an existing group, zeroizing an encryption engine, backing up or restoring a master key, and enabling encryption functions after a power cycle. Disables all functions from the dialog box except view.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write User Management Allows you to create and define users and groups, as well as assign privileges and views to groups. Disables the Users command on the main SAN menu and the Users button on the main tool bar.
About User Privileges TABLE 33 C Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Zoning Offline Allows you to edit the zone database in offline mode and save the zone database to the repository or to the switch. In Zoning dialog box, the Zone DB list includes offline zones; however, if an offline zone is selected, the contents are not loaded into the Zoning dialog box.
C About User Privileges TABLE 33 Privileges and Application Behavior (Continued) Privilege Description No Privilege Read-Only Read/Write Zoning Online Allows you to edit any of the fabric zone databases in the available fabrics within the Zoning dialog box from the client side and then save to the switch. In Zoning dialog box, the Zone DB list includes online and offline zones; however, if an online zone is selected, the contents are not loaded into the Zoning dialog box.
About Roles and Access Levels C About Roles and Access Levels The Management application provides four pre-configured roles (System Administrator, Security Administrator, Zone Administrator, Operator, Security Officer, and Network Administrator); however, System Administrators can also create roles manually. Refer to “Creating a user role” on page 343 for instructions. Roles are automatically assigned to all resource groups.
C About Roles and Access Levels TABLE 34 Features and User Groups Access Levels (Continued) Feature Roles with Read/Write Access Roles with Read-Only Access Port Fencing System Administrator Operator Product Administration System Administrator Product Maintenance System Administrator Product Operation System Administrator, Operator Properties Edit System Administrator, Host Administrator Operator Report System Administrator Operator Routing Configuration System Administrator Operator
Appendix D Sybase and Derby Database Fields In this appendix • Advanced Call Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Client_view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
D Database tables and fields • Zoning 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749 • Zoning 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751 Database tables and fields Advanced Call Home NOTE The primary keys are marked by an asterisk (*). TABLE 35 ACH_CALL_CENTER Field Definition ID * Name of the Call Center.
D Capability TABLE 39 ACH_EVENT_FILTER_MAP Field Definition Format FILTER_ID * ID of the event filter. int EVENT_ID * Event ID which needs to be associated with the filter. int TABLE 40 Size ACH_EVENT Field Definition ID * Format Size int REASON_CODE Reason code of the event. varchar 256 FRU_CODE FRU code of the event. varchar 256 DESCRIPTION Description of the event. varchar 256 SEVERITY Severity of the event. int TYPE Type of the event.
D Client_view TABLE 44 CARD Field Definition Format ID * Size int CORE_SWITCH_ID * Core switch DB ID. int SLOT_NUMBER The number of the physical slot in the chassis where the blade is plugged in. For fixed blades, SlotNumber is zero. smallint TYPE ID of the blade to identify the type. smallint EQUIPEMNT_TYPE The type of the blade. It is either SW BLADE or CP BLADE. varchar 16 STATE State of the blade, such as ENABLED or DISABLED.
D Client_view TABLE 46 USER_ (Continued) Field Definition Format Size PASSWORD User password. varchar 128 EMAIL User e-mail ID. varchar 1024 NOTIFICATION_ENABLED Flag for e-mail notification. smallint TABLE 47 USER_PREFERENCE Field Definition Format Size USER_NAME * User name whose preferences are saved. It corresponds to user_name in USER_table. varchar 128 CATEGORY * The name for a set of related preferences.
D Client_view TABLE 50 CLIENT_VIEW_MEMBER Field Definition Format CLIENT_VIEW_ID * Foreign key to CLIENT_VIEW table. int FABRIC_ID * Foreign key to FABRIC table. int Definition Format TABLE 51 FABRIC Field ID * Size int SAN_ID Foreign key to SAN table; usually 1 since there is only one SAN. int SEED_SWITCH_WWN WWN of the virtual switch used as seed switch to discover the fabric. char 23 NAME User-assigned fabric name.
D Collector Collector TABLE 52 FABRIC_CHECKSUM Field Definition Format FABRIC_ID * Fabric ID, foreign key to the FABRIC table. int CHECKSUM_KEY * Type of checksum, e.g. device data or zone data. varchar 32 CHECKSUM Actual checksum value. varchar 16 Size TABLE 53 Size FABRIC_COLLECTION Field Definition Format FABRIC_ID * Fabric ID, foreign key to the FABRIC table. int COLLECTOR_NAME * Name of the collector, e.g.
D Collector TABLE 55 FABRIC (Continued) Field Definition Format AD_ENVIRONMENT 1 = there are user-defined ADs in this fabric. smallint MANAGED 1 = it is an actively "monitored" fabric; otherwise, it is an "unmonitored" fabric. smallint MANAGEMENT_STATE Bit map to indicate various management indications for the fabric. smallint TRACK_CHANGES 1 = changes (member switches, ISL and devices) in the fabric are tracked.
D Collector TABLE 58 VIRTUAL_SWITCH_CHECKSUM Field Definition Format VIRTUAL_SWITCH_ID * DB ID of virtual switch. int CHECKSUM_KEY * Checksum key. varchar 32 CHECKSUM Checksum value. varchar 16 Size TABLE 59 Size CORE_SWITCH_CHECKSUM Field Definition Format CORE_SWITCH_ID * DB ID. int CHECKSUM_KEY * Checksum type. varchar 32 CHECKSUM Checksum value. varchar 16 Size TABLE 60 CORE_SWITCH_COLLECTION Field Definition Format CORE_SWITCH_ID * Core switch ID.
D Config TABLE 61 SECURITY_POLICY Field Definition Format Size VIRTUAL_SWITCH_ID * DB ID of virtual_switch. int POLICY_NUMBER* IPSec Policy Number. The number can range from 1 to 32. smallint POLICY_TYPE* Type of the Policy. The possible values are IKE or IPSec smallint ENCRYPTION_ALGORITHM Encryption Algorithm for the policy.The following are the possible Encryption: NONE,DES,3DES,AES-128,AES-256,AES-CM-128 or AES-CM-256.
D Config TABLE 63 FIRMWARE_FILE_DETAIL (Continued) Field Definition Format RELEASE_DATE Release date of the firmware file. timestamp IMPORTED_DATE Imported date of the file to the Management application. timestamp FIRMWARE_FILE_SIZE Firmware file size. int FIRMWARE_LOCATION Firmware file location in the Management application repository. varchar 1024 RELEASE_NOTES_ LOCATION Release notes file location in the Management application repository.
D Connected end devices TABLE 67 SWITCH_CONFIG Field Definition Format NAME Name of the switch configurations uploaded from the switch either on demand or through scheduler. int ID* varchar Size 64 SWITCH_ID ID of the switch from which the configuration has been uploaded. int BACKUP_DATE_TIME The date/time stamp at which the configuration has been uploaded. timestamp CONFIG_DATA The actual switch configuration data.
D Device Device TABLE 71 DEVICE_PORT Field Definition ID* Format Size int NODE_ID DB ID of the device node to which this port belongs. int DOMAIN_ID Domain ID of the switch to which this device port is attached. int WWN Device port WWN. char 23 SWITCH_PORT_WWN WWN of the switch port to which this device port is attached. char 23 NUMBER Switch port number to which this device is attached. smallint PORT_ID Device port ID. varchar 6 TYPE Device port type, such as N or NL.
D Device TABLE 72 FICON_DEVICE_PORT (Continued) Field Definition Format Size TAG FICON device property, e.g., 809a or 809b. varchar 16 FLAG FICON device property, e.g., 0x10 (hex). varchar 8 PARAMS FICON device property string, e.g., Valid channel port. varchar 16 Format Size TABLE 73 DEVICE_NODE Field Definition ID* int FABRIC_ID Fabric DB ID to which this device node belongs. int WWN Device node WWN. char 23 TYPE Initiator or target or both or unknown.
D Device TABLE 75 DEVICE_ENCLOSURE Field Definition ID* Format Size int FABRIC_ID ID of the fabric to which the device enclosure belongs. int NAME Name of the Device enclosure. varchar 256 TYPE Type of Device enclosure - Storage Array/Server. varchar 32 ICON Type of Icon. int OS Operating System. varchar 256 APPLICATIONS Application which created device enclosure. varchar 256 DEPARTMENT Department using this device enclosure. varchar 256 CONTACT Contact person details.
D Device TABLE 76 FABRIC (Continued) Field Definition Format SECURE 1 = it is secured fabric. smallint AD_ENVIRONMENT 1 = there are user-defined ADs in this fabric. smallint MANAGED 1 = it is an actively "monitored" fabric; otherwise, it is an "unmonitored" fabric. smallint MANAGEMENT_STATE Bit map to indicate various management indications for the fabric. smallint TRACK_CHANGES 1 = changes (member switches, ISL and devices) in the fabric are tracked.
Device TABLE 77 DEVICE_PORT_INFO Name Source MISSING TIME DEVICE_PORT.MISSING_TIME, NPV PHYSICAL DEVICE_PORT.NPV_PHYSICAL TYPE NUMBER FICON_DEVICE_PORT.TYPE_NUMBER MODEL NUMBER FICON_DEVICE_PORT.MODEL_NUMBER MANUFACTURER FICON_DEVICE_PORT.MANUFACTURER MANUFACTURER PLANT FICON_DEVICE_PORT.MANUFACTURER_PLANT SEQUENCE NUMBER FICON_DEVICE_PORT.SEQUENCE_NUMBER TAG FICON_DEVICE_PORT.TAG FLAG FICON_DEVICE_PORT.FLAG PARAMS FICON_DEVICE_PORT.PARAMS NAME USER_DEFINED_DEVICE_DETAIL.
D Device TABLE 78 676 DEVICE_INFO (Continued) Name Source DEVICE PORT TYPE DEVICE_PORT.TYPE DEVICE PORT SYMBOLICE NAME DEVICE_PORT.SYMBOLIC_NAME FC4_TYPE DEVICE_PORT.FC4_TYPE, IP_PORT DEVICE_PORT.IP_PORT HARDWARE_ADDRESS DEVICE_PORT.HARDWARE_ADDRESS DEVICE PORT TRUSTED DEVICE_PORT.TRUSTED DEVICE PORT MISSING DEVICE_PORT.MISSING COS DEVICE_PORT.COS NPV_PHYSICAL DEVICE_PORT.NPV_PHYSICAL SWITCH PORT ID SWITCH_PORT.ID SWITCH PORT WWN SWITCH_PORT.WWN SWITCH PORT NAME SWITCH_PORT.
D Device TABLE 78 DEVICE_INFO (Continued) Name Source VIRTUAL SWITCH ID SWITCH_INFO.ID VIRTUAL SWITCH NAME SWITCH_INFO.NAME OPERATIONAL STATUS SWITCH_INFO.OPERATIONAL_STATUS SWITCH_MODE SWITCH_INFO.SWITCH_MODE VIRTUAL SWITCH WWN SWITCH_INFO.WWN VIRTUAL SWITCH DOMAIN ID SWITCH_INFO.DOMAIN_ID VIRTUAL_FABRIC_ID SWITCH_INFO.VIRTUAL_FABRIC_ID BASE_SWITCH SWITCH_INFO.BASE_SWITCH VIRTUAL SWITCH STATE SWITCH_INFO.STATE VIRTUAL SWITCH STATUS SWITCH_INFO.STATUS FABRIC ID SWITCH_INFO.
D EE- Monitor TABLE 80 DEVICE_NODE_INFO (Continued) Name Source CAPABILITY DEVICE_NODE.CAPABILITY_ TRUSTED DEVICE_NODE.TRUSTED CREATION TIME DEVICE_NODE.CREATION_TIME MISSING DEVICE_NODE.MISSING MISSING TIME DEVICE_NODE.MISSING_TIME, PROXY DEVICE DEVICE_NODE.PROXY_DEVICE AG DEVICE_NODE.AG, NAME USER_DEFINED_DEVICE_DETAIL.NAME USER DEFINED TYPE USER_DEFINED_DEVICE_DETAIL.TYPE IP ADDRESS USER_DEFINED_DEVICE_DETAIL.IP_ADDRESS CONTACT USER_DEFINED_DEVICE_DETAIL.
D EE- Monitor TABLE 82 EE_MONITOR_STATS_30MIN Field Definition Format ID* int EE_MONITOR_ID int CREATION_TIME timestamp ACTIVE_STATE smallint TX double precision RX double precision CRCERRORS double TABLE 83 EE_MONITOR_STATS_2HOUR Field Definition Format ID* int EE_MONITOR_ID int CREATION_TIME timestamp ACTIVE_STATE smallint TX double precision RX double precision CRCERRORS double TABLE 84 Definition ID* Format Size int MONITOR_ID The Number (Index) given by th
D Event/FM TABLE 85 EE_MONITOR_STATS_1DAY (Continued) Field Definition Format CREATION_TIME timestamp ACTIVE_STATE smallint TX double precision RX double precision CRCERRORS double Size Event/FM TABLE 86 RECIPIENT_TYPE Field Definition ID* Type of the recipient (Syslog or SNMP). varchar 20 Format Size SOURCE_OBJECT_TYPE Field Definition ID* int TYPE_NAME Type of the object to which the event applies, such as Fabric, Switch or Port.
D Event/FM TABLE 90 EVENT_SUB_TYPE Field Definition ID* Format Size int EVENT_TYPE_ID Unique Event Sub type ID int DESCRIPTION Description of Event Sub Type varchar 255 Format Size TABLE 91 SNMP_CREDENTIALS Field Definition ID* int VIRTUAL_SWITCH_ID Virtual switch ID for which this instance of the SNMP credentials apply. int RECIPIENT_ID Refers to recipient in the MESSAGE_RECIPIENT table. int PORT_NUMBER Port number of the SNMP agent on the switch for get and set requests.
D Event/FM TABLE 91 SNMP_CREDENTIALS (Continued) Field Definition Format Size AUTH_PASSWORD The localized secret key used by the authentication protocol for authenticating messages. This is applicable if the agent is configured to operate in SNMPv3. varchar 64 PRIV_PROTOCOL An indication of whether messages sent or received on behalf of this user can be encrypted and if so, which privacy protocol to use.
D Event/FM TABLE 93 EVENT Field Definition ID* Format Size int SWITCH_ID ID of the switch. int PARENT_ID ID of the Parent. int 255 SOURCE_NAME Name of the source from which the event originated. varchar 32 SOURCE_ADDR IP Address of the source from which the event originated. varchar 50 EVENT_SOURCE Source from which the event is generated. varchar 32 SINK_SOURCE Sink Source of the event (Syslog/SNMP Trap/errlog/Application).
D Event/FM TABLE 93 EVENT (Continued) Field Definition Format Size EVENT_CATEGORY Category of the event varchar 64 DISCOVERY_TYPE Discovery type of the product varchar 64 MANAGEMENT_LINK Management link status varchar 255 OPERATIONAL_STATUS Operational Status of the switch from which the event is triggered varchar 255 NODE_WWN WWN of the node from which the event is triggered varchar 23 PORT_WWN WWN of the port from which the event is triggered varchar 23 NODE_NAME Node Name
D Event/FM TABLE 95 EVENT_NOTIFICATION (Continued) Field Definition Format Size USER_NAME User name for authentication. varchar 256 PASSWORD Password for authentication. varchar 256 NOTIFICATION_INTERVAL Time interval between successive event notifications. int NOTIFICATION_UNIT Time interval Unit: 0 = Seconds 1 = Minutes 2 = Hours smallint TEST_OPTION Time interval Unit: 0 = Send test to configured e-mail address. 1 = Send test to all enabled users.
D Fabric TABLE 96 EVENT_RULE (Continued) Field Definition Format LAST_MODIFIED_TIME Rules last edited time. timestamp SELECTED_TIME_UNIT Timestamp unit of the selected rule: 0 = second 1 = Minutes 2 = Hours smallint TABLE 97 Size EVENT_RULE_ACTION Field Definition ID* Format Size int RULE_ID The rule ID present in the Event_Rule Table.
D Fabric TABLE 99 FABRIC Field Definition ID* Format Size int SAN_ID Foreign key to SAN table; usually 1 since there is only one SAN. int SEED_SWITCH_WWN WWN of the virtual switch used as seed switch to discover the fabric. char 23 NAME User-assigned fabric name. varchar 256 CONTACT User-assigned "contact" for the fabric. varchar 256 LOCATION User-assigned "location" for the fabric. varchar 256 DESCRIPTION User-assigned fabric description.
D Fabric TABLE 100 Source MANAGEMENT_STATE FABRIC.MANAGEMENT_STATE LAST_FABRIC_CHANGED FABRIC.LAST_FABRIC_CHANGED SECURE FABRIC.SECURE AD_ENVIRONMENT FABRIC.AD_ENVIRONMENT MANAGED FABRIC.MANAGED CONTACT FABRIC.CONTACT LOCATION FABRIC.LOCATION DESCRIPTION FABRIC.DESCRIPTION CREATION_TIME FABRIC.CREATION_TIME LAST_SCAN_TIME FABRIC.LAST_SCAN_TIME LAST_UPDATE_TIME FABRIC.LAST_UPDATE_TIME TRACK_CHANGES FABRIC.TRACK_CHANGES TYPE FABRIC.TYPE USER_DEFINED_VALUE_1 FABRIC.
D FC Port Stats FC Port Stats TABLE 102 FC_PORT_STATS Field Definition ID* Format int SWITCH_ID References the ID in CORE_SWITCH table. int PORT_ID References the ID in SWITCH_PORT table. int TX Transmission (TX) value in bytes. double RX Receive (RX) value in bytes. double TX_UTILIZATION Transmit utilization value in percentage. double RX_UTILIZATION Receive utilization value in percentage. double‘ CREATION_TIME The polling time.
D FC Port Stats TABLE 103 FC_PORT_STATS_30MIN (Continued) Field Definition SIGNALLOSSES double SEQUENCEERRORS double INVALIDTRANSMISSIONS double CRCERRORS double DATA_GAPS_IN5MIN smallint TABLE 104 Definition Format ID* int SWITCH_ID int PORT_ID int TX double RX double TX_UTILIZATION double RX_UTILIZATION double‘ CREATION_TIME timestamp ACTIVE_STATE smallint LINKFAILURES double TXLINKRESETS double RXLINKRESETS double SYNCLOSSES double SIGNALLOSSES double SEQUEN
D FC Port Stats TABLE 105 FC_PORT_STATS_1DAY (Continued) Field Definition Format RX_UTILIZATION double‘ CREATION_TIME timestamp ACTIVE_STATE smallint LINKFAILURES double TXLINKRESETS double RXLINKRESETS double SYNCLOSSES double SIGNALLOSSES double SEQUENCEERRORS double INVALIDTRANSMISSIONS double CRCERRORS double DATA_GAPS_IN5MIN smallint DATA_GAPS_IN30MIN smallint DATA_GAPS_IN2HOUR smallint DCFM Enterprise User Manual 53-1001357-01 Size 691
D FCIP FCIP TABLE 106 FCIP_TUNNEL Field Definition ID* Size int ETHERNET_PORT_ID GigE Port ID on which the tunnel is created. int TUNNEL_ID Tunnel ID for that GigE Port. smallint VLAN_TAG VLAN Tag on the tunnel (if present). int SOURCE_IP Source IP on which the tunnel is created. char 64 DEST_IP Destination IP on the other end of tunnel. char 64 LOCAL_WWN Local port WWN for the tunnel. char 23 REMOTE_WWN_RESTRICT Remote Port WWN for the tunnel.
FCIP TABLE 107 D FCIP_TUNNEL_INFO (Continued) Name Source WAN_TOV_ENABLED FCIP_TUNNEL.WAN_TOV_ENABLED TUNNEL_STATUS FCIP_TUNNEL.TUNNEL_STATUS COMPRESSION_ENABLED FCIP_TUNNEL_DETAILS.COMPRESSION_ENABLED TURBO_WRITE_ENALBED FCIP_TUNNEL_DETAILS.TURBO_WRITE_ENABLED TAPE_ACCELERATION_ENABLED FCIP_TUNNEL_DETAILS.TAPE_ACCELERATION_ENABLED IKE_POLICY_NUM FCIP_TUNNEL_DETAILS.IKE_POLICY_NUM IPSEC_POLICY_NUM FCIP_TUNNEL_DETAILS.IPSEC_POLICY_NUM PRESHARED_KEY FCIP_TUNNEL_DETAILS.
D FCIP TABLE 107 Source REMOTE PORT WWN FCIP_PORT_TUNNEL_MAP.TUNNEL_ID = FCIP_TUNNEL.ID and FCIP_PORT_TUNNEL_MAP.SWITCHPORT_ID = PORT.ID) REMOTE_PORT_WWN REMOTE NODE WWN FCIP_PORT_TUNNEL_MAP.TUNNEL_ID = FCIP_TUNNEL.ID and FCIP_PORT_TUNNEL_MAP.SWITCHPORT_ID = PORT.ID) REMOTE_NODE_WWN TABLE 108 FCIP_PORT_TUNNEL_MAP Field Definition Format SWITCHPORT_ID* Switch Port ID. int TUNNEL_ID* FCIP Tunnel ID.
D FCIP Tunnel Stats TABLE 109 FCIP_TUNNEL_DETAILS (Continued) Field Definition Format FICON_TAPE_WRITE_ EMULATION_ENABLED Whether this is enabled on that tunnel. smallint FICON_TAPE_READ_ EMULATION_ENABLED Whether this is enabled on that tunnel. smallint FICON_DEBUG__FLAGS FICON_DEBUG_FLAGS for that particular tunnel. double Size FCIP Tunnel Stats TABLE 110 FCIP_TUNNEL_STATS Field Definition ID* Format int TUNNEL_DBID References the ID in FCIP_TUNNEL table.
D FCIP Tunnel Stats TABLE 111 FCIP_TUNNEL_STATS_30MIN (Continued) Field Definition DROPPED PACKETS double precision COMPRESSION double precision LATENCY double precision LINK_RETRANSMITS double precision ACTIVE_STATE smallint TABLE 112 Definition Format ID* int TUNNEL_DBID int SWITCH ID int CREATION TIME timestamp TX double precision RX double precision TX_UTILIZATION double precision RX_UTILIZATION double precision DROPPED PACKETS double precision COMPRESSION double pr
D GigE Port Stats TABLE 113 FCIP_TUNNEL_STATS_1DAY (Continued) Field Definition Format LINK_RETRANSMITS double precision ACTIVE_STATE smallint TABLE 114 Size FCIP_TUNNEL Field Definition ID* Format Size int ETHERNET_PORT_ID GigE Port ID on which the tunnel is created. int TUNNEL_ID Tunnel ID for that GigE Port. smallint VLAN_TAG VLAN Tag on the tunnel (if present). int SOURCE_IP Source IP on which the tunnel is created.
D GigE Port Stats TABLE 115 GIGE_PORT_STATS (Continued) Field Definition Format DROPPED PACKETS Number of dropped packets. double precision COMPRESSION The compression value. double precision LATENCY The latency value. double precision BANDWIDTH The bandwidth value.
D ISL TABLE 118 GIGE_PORT_STATS_1DAY Field Definition Format ID* int SWITCH ID int PORT_ID int CREATION TIME timestamp TX double precision RX double precision TX_UTILIZATION double precision RX_UTILIZATION double precision DROPPED PACKETS double precision COMPRESSION double precision LATENCY double precision BANDWIDTH double precision Size ISL TABLE 119 ISL_INFO Name Source ID ISL.ID FABRIC_ID ISL.FABRIC_ID COST ISL.COST TYPE ISL.TYPE SOURCE_DOAMIN_ID ISL.
D ISL TABLE 120 ISL_TRUNK_INFO Name Source ID ISL_TRUNK_GROUP.ID COST ISL_INFO.COST TYPE ISL_INFO.TYPE SOURCE PORT NUMBER ISL_INFO.SOURCE_PORT_NUMBER SOURCE SWITCH ID ISL_INFO.SOURCE_SWITCH_ID SOURCE SWITCH IP ADDRESS SOURCE_CORE_SWITCH.IP_ADDRESS SOURCE SWITCH WWN SOURCE_VIRTUAL_SWITCH.WWN MASTER PORT ISL_INFO.SOURCE_DOMAIN_ID SOURCE SWITCH NAME ISL_INFO.SOURCE_SWITCH_NAME SOURCE SWITCH PORT ID ISL_INFO.SOURCE_SWITCH_PORT_ID DEST PORT NUMBER ISL_INFO.
D ISL TABLE 122 FABRIC Field Definition ID* Format Size int SAN_ID Foreign key to SAN table; usually 1 since there is only one SAN. int SEED_SWITCH_WWN WWN of the virtual switch used as seed switch to discover the fabric. char 23 NAME User-assigned fabric name. varchar 256 CONTACT User-assigned "contact" for the fabric. varchar 256 LOCATION User-assigned "location" for the fabric. varchar 256 DESCRIPTION User-assigned fabric description.
D License TABLE 124 ISL_TRUNK_GROUP Field Definition ID* Format Size int VIRTUAL_SWITCH_ID Virtual switch DB ID. int MASTER_USER_PORT Port number of master port. smallint License TABLE 125 LICENSE_FEATURE_MAP Field Definition Format LICENSE_ID* Foreign Key (SWITCH_LICENSE.ID) and is part of the primary key. integer FEATURE_ID* Foreign Key (LICENSED_FEATURE.ID) and is part of the primary.
D Encryption Device Encryption Device TABLE 129 KEY VAULT Field Definition ID* Format Size int IP_ADDRESS The IP Address (IPv4, IPv6, or hostname) of the key vault. varchar PORT_NUMBER The TCP port number for the key vault. int PUBLIC_CERTIFICATE The key vault’s public key certificate. Switches use varchar this to establish a secure connection to the key vault. 4096 CRETIFICATE_LABEL A text name to identify the certificate.
D Encryption Device TABLE 130 CRYPTO_SWITCH Field Definition Format Size KAC_CERTIFICATE The public key certificate, in PEM format, of the switch’s Key Archive Client module. This certificate is installed on key vaults to establish secure communication between this switch and the key vault. varchar 4096 PRIMARY_VAULT_ CONNECTIVITY_STATUS The status of the network connection between this switch and the primary key vault. For possible values, see the enum definition in the DTO class.
D Encryption Device TABLE 131 ENCRYPTION GROUP Field Definition Format ACTIVE_MASTER_KEY_STAT US The operational status of the "master key" or "Key Encryption Key (KEK)" used to encrypt Data Encryption Keys in a key vault. Not used for NetApp LKM key vaults. 0 = not used 1 = required but not present 2 = present but not backed up 3 = okay smallint ALT_MASTER_KEY_STATUS The operational status of an alternate "master key" used to access older data encryption keys. Not used for NetApp LKM key vaults.
D Encryption Device TABLE 132 ENCRYPTION_TAPE_POOL Field Definition Format Size TAPE_POOL_NAME User-supplied name or number for the tape pool. This is the same name or number specified in the tape backup application. Numbers are stored in hex. varchar 64 TAPE_POOL_OPERATION_M ODE Specifies which type of encryption should be used by tape volumes in this tape pool. 0 = Native 1 = DF-compatible. smallint TAPE_POOL_POLICY Specifies whether tape volumes in this tape pool should be encrypted.
D Encryption Device TABLE 135 QUORUM_CARD_GROUP_MAPPING Field Definition ID Format int ENCRYPTION_GROUP_ID Foreign key reference to the ENCRYPTION_GROUP for which an authorization card is registered. int SMART_CARD_ID Foreign key reference to the SMART_CARD that is registered as an authorization card for the encryption group. int Definition Format TABLE 136 Size HA CLUSTER Field ID* Size int NAME User-supplied name for the HA Cluster.
D Encryption Device TABLE 137 SMART CARD Field Definition Format Size GROUP_NAME 'The name of the Encryption Group used to initialize the card. For recovery set cards, this identifies which group’s master key is backed up on the card. varchar 64 CREATION_TIME The date and time that the card was initialized. For recovery set cards, this is the date and time the master key was written to the card.
D Encryption Container Encryption Container TABLE 139 CRYPTO HOST Field Definition ID* Format Size int CRYPTO_TARGET_CONTAIN ER_ID Foreign key reference to the int CRYPTO_TARGET_CONTAINER that contains this host. VI_NODE_WWN Node WWN of Virtual Initiator that represents this host. char 23 VI_PORT_WWN Port WWN of Virtual Initiator that represents this host.
D Encryption Container TABLE 141 CRYPTO LUN Field Definition ID* 710 Format Size int CRYPTO_TARGET_ CONTAINER_ID Foreign key reference to the CRYPTO_TARGET_CONTAINER that contains the host for which these LUNs are configured. int SERIAL_NUMBER The LUN serial number, used to identify the physical LUN. varchar ENCRYPTION_STATE Boolean. True (1) if LUN is being encrypted. False (0) if cleartext. smallint STATUS Not currently used but left in for possible future use. Replaced by LUN_STATE.
D Encryption Container TABLE 141 CRYPTO LUN Field Definition Format DECRYPT_EXISTING_DATA Not used. When configuring disk LUN that was previously encrypted and is to become cleartext, this property tells the switch whether or not to start a re-keying operation to decrypt the existing LUN data. This property does not need to be persisted. This feature is no longer supported in Fabric OS. smallint KEY_ID Hex-encoded binary key vault ID for the current data encryption key for this LUN.
D Encryption Container TABLE 142 ENCRYPTION ENGINE Field Definition Format SYSTEM_CARD_STATUS Indicates whether a System Card is currently inserted in the Encryption Engine, and whether the card is valid or not. This feature is not yet supported. smallint WWN_POOLS_AVAILABLE Not used. Previously used to indicate the number of WWN pools remaining for allocation on this encryption engine. This feature is no longer supported.
Encryption Container D TABLE 144 Name Source CRYPTO HOST ID LUN.CRYPTO_HOST_ID CRYPTO LUN ID LUN.ID CRYPTO_LUN_ID LUN NUMBER LUN.LUN_NUMBER CRYPTO TARGET CONTAINER ID LUN.CRYPTO_TARGET_CONTAINER_ID SERIAL NUMBER LUN.SERIAL_NUMBER ENCRYPTION STATE LUN.ENCRYPTION_STATE STATUS LUN.STATUS REKEY_INTERVAL LUN.REKEY_INTERVAL VOLUME_LABEL_PREFIX LUN.VOLUME_LABEL_PREFIX LAST_REKEY_DATE LUN.LAST_REKEY_DATE LAST_REKEY_STATUS LUN.LAST_REKEY_STATUS LAST_REKEY_PROGRESS LUN.
D Meta SAN Meta SAN TABLE 145 LSAN_DEVICE Field Definition ID* Size int BB_FABRIC_ID Backbone fabric DB ID. int FCR_FABRIC_ID FID assigned to edge fabric. int DEVICE_PORT_WWN Device port WWN of physical device. char 23 PHYSICAL_PID PID of physical device.
D Meta SAN TABLE 148 FABRIC (Continued) Field Definition Format TYPE Type of fabric: 0 = legacy fabric 1 = base fabric 2 = logical fabric smallint SECURE 1 = it is a secured fabric. smallint AD_ENVIRONMENT 1 = there are user-defined ADs in this fabric. smallint MANAGED 1 = it is an actively "monitored" fabric; otherwise, it is an "unmonitored" fabric. smallint MANAGEMENT_STATE Bit map to indicate various management indications for the fabric.
D Network TABLE 150 IFL_INFO Name Source ID IFL.ID EDGE_FABRIC_ID IFL.EDGE_FABRIC_ID FCR SWITCH ID FCR_PORT.VIRTUAL_SWITCH_ID EDGE_PORT_WWN IFL.EDGE_PORT_WWN BB_FABRIC_ID IFL.BB_FABRIC_ID BB_PORT_WWN IFL.BB_PORT_WWN BB_RA_TOV IFL.BB_RA_TOV BB_ED_TOV IFL.BB_ED_TOV BB_PID_FORMAT IFL.BB_PID_FORMAT EDGE SWITCH ID SWITCH_PORT.VIRTUAL_SWITCH_ID EDGE PORT ID SWITCH_PORT.ID EDGE PORT NUMBER SWITCH_PORT.USER_PORT_NUMBER EDGE PORT TYPE SWITCH_PORT.
D Others TABLE 152 IP_ROUTE (Continued) Field Definition Format Size FLAG Flag. int CHECKSUM Check Sum. varchar 64 Others TABLE 153 SYSTEM_PROPERTY Field Definition Format Size NAME* The name of the property. char 64 VALUE The value for the property. VARCHAR 2048 Field Definition Format Size OUI* Vendor OUI, 6-digit hexadecimal number which can have leading digits as zero. char 6 VENDOR Vendor name.
D Port Fencing Port Fencing TABLE 158 PORT_FENCING_POLICY Field Definition ID* Name of the policy. The length of the field should be 62 because M-EOS switch supports only maximum 62 characters. varchar TYPE 0 = ISL Protocol 1 = Link 2 = Security smallint THRESHOLD_LIMIT Threshold Limits for M-EOS Switch. int THRESHOLD_DURATION Duration In minutes for M-EOS Switch. int DEFAULT_POLICY 1 = the default port fencing policies. 0 = the non-default policies.
D Quartz Quartz TABLE 160 QRTZ_JOB_DETAILS Field Definition Format Size JOB_NAME* Name of the job. varchar 80 JOB_GROUP* Name of the job group. varchar 80 DESCRIPTION Description of the job (optional). varchar 120 JOB_CLASS_NAME The instance of the job that will be executed. varchar 128 IS_DURABLE Whether the job should remain stored after it is orphaned. bit IS_VOLATILE Whether the job should not be persisted in the JobStore for re-use after program restarts.
D Quartz TABLE 162 Field Definition Format size TRIGGER_NAME* Name of the trigger varchar 80 TRIGGER_GROUP* name of the trigger group varchar 80 REPEAT_COUNT number of times to repeat numeric 13,0 REPEAT_INTERVAL interval for first and second job numeric 13,0 TIMES_TRIGGERED Number of times the corresponding trigger fired numeric 13,0 TABLE 163 QRTZ_FIRED_TRIGGERS Field Definition Format size ENTRY_ID* Fired instance ID. varchar 95 TRIGGER_NAME Name of the trigger.
D Quartz TABLE 166 QRTZ_JTRIGGER_LISTENERS Field Definition Format Size TRIGGER_NAME* Name of the trigger. varchar 80 TRIGGER_GROUP* Name of the trigger group. varchar 80 TRIGGER_LISTENER* The listener action. varchar 80 TABLE 167 QRTZ_BLOB_TRIGGERS Field Definition Format Size TRIGGER_NAME* Name of the trigger. varchar 80 TRIGGER_GROUP* Name of the trigger group. varchar 80 BLOB_DATA The Scheduler info.
D Reports Reports TABLE 172 REPORT_TYPE Field Definition Format ID* Meta Data for available reports. int NAME Report name. varchar 128 DESCRIPTION Report type description. varchar 256 Format Size TABLE 173 Size GENERATED_REPORT Field Definition ID* int NAME Report name. varchar TYPE_ID Report type. int EFCM_USER The Management application user who has generated this report. varchar REPORT_OBJECT Report object BLOB.
D Role Based Access Control TABLE 177 PRIVILEGE Field Definition ID* Size int NAME TABLE 178 Format Privilege Name. varchar 128 Size PRIVILEGE_GROUP_MAP Field Definition Format GROUP_ID* Privilege group ID. int PRIVILEGE_ID* Privilege ID. int 128 Format Size TABLE 179 PRIVILEGE_GROUP Field Definition ID* int NAME TABLE 180 Privilege group name. 128 ROLE_PRIVILEGE_INFO name Source ID ROLE.ID ROLE NAME ROLE.NAME ROLE DESCRIPTION ROLE.DESCRIPTION ID PRIVILEGE.
D Role Based Access Control TABLE 183 RESOURCE_GROUP Field Definition Format ID* int NAME Resource group name. varchar 128 DESCRIPTION Resource group description. varchar 512 Size TABLE 184 RESOURCE_FABRIC_MAP Field Definition Format RESOURCE_GROUP_ID* Resource group ID. int FABRIC_ID* Fabric ID, which is in the resource group. int TABLE 185 724 Size USER_ROLE_RESOURCE_INFO name Source RESOURCE GROUP ID RESOURCE_GROUP.
D SNMP SNMP TABLE 186 SNMP_CREDENTIALS Field Definition ID* Format Size int VIRTUAL SWITCH_ID Virtual switch ID for which this instance of the SNMP credentials apply. int RECIPIENT_ID Recipient in the MESSAGE_RECIPIENT table. int POR)_NUMBER Port number of the SNMP agent on the switch for get and set requests. smallint RETRY_COUNT Number of times to retry if get/set request to the SNMP agent times out. Default value is 3.
D SNMP TABLE 186 Definition Format Size PRIV_PROTOCOL An indication of whether messages sent or received on behalf of this user can be encrypted and if so, which privacy protocol to use. The current values for this field are: usmNoPrivProtocol and usmDESPrivProtocol. This is applicable if the agent is configured to operate in SNMPv3. varchar 16 PRIV_PASSWORD The localized secret key used by the privacy protocol for encrypting and decrypting messages.
D SNMP TABLE 187 SNMP_PROFILE (Continued) Field Definition Format Size AUTH_PROTOCOL An indication of whether or not messages sent or received on behalf of this user can be authenticated and if so, which authentication protocol to use. The supported values for this field are: usmNoAuthProtocol, usmHMACMD5AuthProtocol, and usmHMACSHAAuthProtocol. This is applicable if the agent is configured to operate in SNMPv3.
D Stats Stats TABLE 189 FAVORITES Field Definition ID* Size int NAME Name of the favorite. varchar 64 USER_ The application user credentials. varchar 128 TOP_N The top number of ports(5,10,15,20). varchar 40 SELECTION_FILTER Types of ports (FC/FCIP/GE) and End-to-End Monitors. varchar 40 FROM_TIME The time interval in which the graph is shown. Time interval can be predefined or custom.
D Stats TABLE 191 STATS_AGING Field Definition ID* Format int FIVE_MIN_VALUE Configured maximum samples value for the five minute table. int THIRTY_MIN_VALUE Configured maximum samples value for the thirty minute table. int TWO_HR_VALUE Configured maximum samples value for the two hour table. int ONE_DAY_VALUE Configured maximum samples value for the one day table. int MAX_SAMPLES_VALUE The maximum number of samples value, i.e., 3456.
D Switch Switch TABLE 194 VIRTUAL-SWITCH Field Definition ID* 730 Format Size int LOGICAL_ID Logical ID of the switch. smallint NAME Switch name. varchar 64 WWN WWN of the switch. char 23 VIRTUAL_FABRIC_ID Virtual fabric ID. If VF enabled then will have the VFID; otherwise it will be -1. smallint DOMAIN_ID Domain ID of the switch. smallint BASE_SWITCH 1 = this is a base switch; otherwise, 0. smallint SWITCH_MODE 2 = switch is in AG mode; otherwise, 0.
D Switch TABLE 195 CORE_SWITCH Field Definition ID* Format Size int IP_ADDRESS IP address of the switch. varchar 128 WWN Chassis WWN. char 23 NAME Switch name. varchar 64 CONTACT Any associated contact name, obtained through SNMP. varchar 256 LOCATION Physical location, obtained through SNMP. varchar 256 DESCRIPTION User assigned description, obtained through SNMP. varchar 256 TYPE SWBD type number as given by Fabric OS.
D Switch TABLE 195 CORE_SWITCH (Continued) Field Definition Format NIC_PROFILE_ID NIC profile of the Management application server host used by this switch to communicate in interactive configuration and other operations. It determines which Management application host IP used by this switch. int MANAGING_SERVER_IP_ ADDRESS IP address of the server which is currently managing this switch. Used for M-EOS switch only. It does not apply to Fabric OS switches.
Switch TABLE 197 SWITCH_INFO name Source NIC_PROFILE_ID CORE_SWITCH.NIC_PROFILE_ID MANAGING_SERVER_IP_ADDRESS CORE_SWITCH.MANAGING_SERVER_IP_ADDRESS ID VIRTUAL_SWITCH.ID NAME VIRTUAL_SWITCH.NAME OPERATIONAL_STATUS VIRTUAL_SWITCH.OPERATIONAL_STATUS SWITCH_MODE VIRTUAL_SWITCH.SWITCH_MODE AD_CAPABLE VIRTUAL_SWITCH.AD_CAPABLE WWN VIRTUAL_SWITCH.WWN ROLE VIRTUAL_SWITCH.ROLE FCS_ROLE VIRTUAL_SWITCH.FCS_ROLE DOMAIN_ID VIRTUAL_SWITCH.DOMAIN_ID VIRTUAL_FABRIC_ID VIRTUAL_SWITCH.
D Switch TABLE 198 SWITCH_MODEL Field Definition ID* Size int SWBD_TYPE Switch type number, universally used by all the Management application module implementation. smallint SUBTYPE Switch subtype. At present no subtypes for existing model records are defined. smallint DESCRIPTION Model description, such as FC link speed, port count and whether multi-card (director) class switch or other type of switch. varchar 32 MODEL Switch model string.
D Switch details Switch details TABLE 200 CORE_SWITCH_DETAILS Field Definition Format Size CORE_SWITCH_ID* DB ID. int ETHERNET_MASK Subnet mask. char 64 FC_MASK Subnet mask for FC IP. char 64 FC_IP Fibre Channel IP address. char 64 FC_CERTIFICATE smallint SW_LICENSE_ID char 23 SUPPLIER_SERIAL_ NUMBER Serial number of the chassis. varchar 32 PART_NUMBER The part number assigned by the organization responsible for producing or manufacturing the PhysicalElement.
D Switch details TABLE 200 CORE_SWITCH_DETAILS (Continued) Field Definition Format Size STBY_CP_PRI_FW_VERSIO N Standby CP primary firmware version. varchar 128 STBY_CP_SEC_FW_VERSIO N Standby CP secondary firmware version. varchar 128 TYPE SWBD number as assigned by embedded SW depending upon the switch type / platform. smallint EGM_CAPABLE 1 = the switch is EGM-capable. smallint SUB_TYPE SWBD sub type number.
D Switch details TABLE 201 CORE_SWITCH (Continued) Field Definition Format LAST_SCAN_TIME timestampty LAST_UPDATE_TIME Time when this record was last updated. timestamp SYSLOG_REGISTERED 1 if the Management application server is registered with the switch to receive Syslog. smallint CALL_HOME_ENABLED 1 if "call home" is enabled for this switch. smallint SNMP_REGISTERED 1 if the Management application server is registered with the switch to receive SNMP traps.
D Switch details TABLE 202 738 SWITCH_DETAILS_INFO Name Source MANAGING_SERVER_IP_ADDRESS CORE_SWITCH.MANAGING_SERVER_IP_ADDRESS ID VIRTUAL_SWITCH.ID NAME VIRTUAL_SWITCH.NAME OPERATIONAL_STATUS VIRTUAL_SWITCH.OPERATIONAL_STATUS SWITCH_MODE VIRTUAL_SWITCH.SWITCH_MODE AD_CAPABLE VIRTUAL_SWITCH.AD_CAPABLE WWN VIRTUAL_SWITCH.WWN ROLE VIRTUAL_SWITCH.ROLE FCS_ROLE VIRTUAL_SWITCH.FCS_ROLE DOMAIN_ID VIRTUAL_SWITCH.DOMAIN_ID VIRTUAL_FABRIC_ID VIRTUAL_SWITCH.
Switch details TABLE 202 SWITCH_DETAILS_INFO Name Source PART_NUMBER CORE_SWITCH_DETAILS.PART_NUMBER CHECK_BEACON CORE_SWITCH_DETAILS.CHECK_BEACON TIMEZONE CORE_SWITCH_DETAILS.TIMEZONE FMS_MODE CORE_SWITCH_DETAILS.FMS_MODE MAX_PORT CORE_SWITCH_DETAILS.MAX_PORT CHASSIS_SERVICE_TAG CORE_SWITCH_DETAILS.CHASSIS_SERVICE_TAG BAY_ID CORE_SWITCH_DETAILS.BAY_ID TYPE_NUMBER CORE_SWITCH_DETAILS.TYPE_NUMBER MODEL_NUMBER CORE_SWITCH_DETAILS.MODEL_NUMBER MANUFACTURER CORE_SWITCH_DETAILS.
D Switch port Switch port TABLE 203 GIGE_PORT Field Definition ID* Size int SWITCH_PORT_ID ID for the GigE Port in SWITCH_PORT. int PORT_NUMBER GigE Port Number(0 for ge0 and 1 for ge1). int SLOT_NUMBER Slot number on which the GigE Port is present. int ENABLED Enabled or disabled. smallint SPEED Port speed details. int MAX_SPEED Port maximum speed supported. int MAC_ADDRESS MAC Address of that port. varchar 64 PORT_NAME GigE Port Name.
D Switch port TABLE 204 SWITCH_PORT (Continued) Field Definition Format Size MAC_ADDRESS MAC address of this port. varchar 64 varchar 64 PORT_MOD TYPE Port type. The specific mode currently enabled for the port. varchar 16 FULL_TYPE Port type. varchar 128 STATUS The current status of the switch port. varchar 64 varchar 16 255 HEALTH STATUS_MESSAGE Status message if any.
D Switch port TABLE 204 Definition Format NPIV_CAPABLE Instance NPIV mode capability: 1 = indicates port has NPIV capability 2 = NPIV license is enabled smallint NPIV_ENABLED Whether NPIV mode is enabled. smallint FC_FAST_WRITE_ENABLED 1 = FC fast write is enabled.
D Switch port TABLE 205 GIGE_PORT_INFO (Continued) name Source INTERFACE_TYPE GIGE_PORT.INTERFACE_TYPE CHECKSUM GIGE_PORT.CHECKSUM FCIP_CAPABLE GIGE_PORT.FCIP_CAPABLE ISCSI_CAPABLE GIGE_PORT.ISCSI_CAPABLE INBAND_MANAGEMENT_STATUS GIGE_PORT.INBAND_MANAGEMENT_STATUS VIRTUAL SWITCHID SWITCH_PORT.VIRTUAL_SWITCH_ID USER PORT NUMBER SWITCH_PORT.
D Switch port TABLE 209 FPORT_TRUNK_MEMBER Field Definition Format GROUP_ID* Foreign key to the PORT_TRUNK_GROUP table. INT PORT_NUMBER* Member user port number. SMALLINT WWN Member port WWN. CHAR 23 Format Size TABLE 210 VIRTUAL_SWITCH Field Definition ID* 744 Size int LOGICAL_ID Logical ID of the switch. smallint NAME Switch name. varchar 64 WWN WWN of the switch. char 23 VIRTUAL_FABRIC_ID Virtual fabric ID.
D Switch SNMP info TABLE 210 VIRTUAL_SWITCH (Continued) Field Definition Format CRYPTO_CAPABLE 0 = the switch is not crypto-enabled; if capable it will have non-zero value smallint FCR_CAPABLE 0 = the switch is not FCR-enabled; if capable it will have non-zero value smallint FCIP_CAPABLE 0 if the switch is not FCIP-enabled; if capable it will have non-zero value smallint Size Switch SNMP info TABLE 211 VIRTUAL_SWITCH Name Source PHYSICAL SWITCH ID PHYSICAL_SWITCH_ID PHYSICAL SWITCH NA
D Switch SNMP info TABLE 211 VIRTUAL_SWITCH Name Source BASE SWITCH BASE_SWITCH MAX ZONE CONFIG SIZE MAX_ZONE_CONFIG_SIZE CREATION TIME CREATION_TIME LAST UPDATE TIME LAST_UPDATE_TIME USER NAME SWITCH_INFO.
D Threshold Threshold TABLE 212 SWITCH_THRESHOLD-SETTING Field Definition Format SWITCH_ID* References the ID in CORE_SWITCH table. int POLICY_ID* References the ID in THRESHOLD_POLICY table. int STATUS The status of applied to the switch. smallint OVERRIDDEN Policy is overridden or not overridden. smallint DESCRIPTION Description about the status of policy applied to the switch.
D User Interface TABLE 217 THRESHOLD_MEASURE (Continued) Field Definition Format LOW_BOUNDARY Configured low boundary threshold value for measure ID. int BUFFER_SIZE Configured buffer size for measure ID. int POLICY_ID* References the ID in THRESHOLD_POLICY table. int Size User Interface TABLE 218 AVAILABLE_FLYOVER_PROPERTY Field Definition ID* Size int NAME Name of the available property to be included in the flyover display.
D Zoning 1 TABLE 221 TOOL_PATH (Continued) Field Definition Format Size PATH Path of the tool where installed or available. varchar 1057 WORKING_FOLDER Working folder for that application. varchar 512 Format Size TABLE 222 PRODUCT_APP Field Definition ID* int MENU_TEXT Name of the product menu. varchar 256 PROP1_KEY First condition name to be satisfied by a selected product to launch a particular tool.
D Zoning 1 TABLE 223 ZONE_DB (Continued) Field Definition Format MCDATA_DEFAULT_ZONE McData switch default zoning mode. smallint MCDATA_SAFE_ZONE McData switch safe zoning mode. smallint ZONE_CONFIG_SIZE Zone configuration string length. int TABLE 224 ZONE_DB_USERS Field Definition ID* Format Size int ZONE_DB_ID PK of the owning zone DB. int USER_NAME List of users currently editing this zone DB.
D Zoning 2 Zoning 2 TABLE 228 ZONE_ALIAS_IN_ZONE Field Definition Format ZONE_ALIAS_ID* PK of the zone alias. int ZONE_ID* PK of the zone. int 23 Definition Format Size TABLE 229 Size ZONE_ALIAS Field ID* int ZONE_DB_ID PK of the owning ZONE_DB. int NAME The zone alias name. varchar 64 Format Size TABLE 230 ZONE_ALIAS_MEMBER Field Definition ID* int TYPE Zone alias member type: 2 = WWN 4 = D,P smallint VALUE Member value (D,P or WWN).
D Zoning 2 TABLE 233 ZONE_DB Field Definition ID* Size int FABRIC_ID PK of the owning fabric. NAME Zone DB name for offline Zone DBs. varchar OFFLINE Offline Zone DB (1 = offline). smallint CREATED Created timestamp. timestamp LAST_MODIFIED Last modified timestamp. timestamp LAST_APPLIED Last saved to switch timestamp. timestamp CREATED_BY Created by user name. varchar 128 LAST_MODIFIED_BY Last modified by user name.
Index A access assigning, 340 changing, 341 removing, 342 access levels defined, 657 features, 657–658 roles, 657 accessing FTP server folder, 120 ACK emulation, device level, 382 activating event policies, 275 LSAN zones, 573 PDCM configuration, 450 zone configuration, 561 active session management, roles and access levels, 657 active sessions, viewing, 68 add/delete properties, roles and access levels, 657 Adding C3 discard frames threshold, 198 state change threshold, 205, 215 adding, 268 destination fo
Index B backbone fabric, 462 backup changing interval, 97 configuration repository, 176 configuring to hard drive, 94 configuring to network drive, 95 configuring to writable CD, 93 data, 92 disabling, 96 enabling, 96 immediate, 98 management server, 92 reviewing events, 98 roles and access levels, 657 starting, 98 status, determining, 16 switch configuration, 176 viewing status, 97 broadcast messages defining, 272 browse access, assigning, 340, 341 C C3 Discard Frames threshold, 196 call home, 75 centers
Index configuration file searching, 179 viewing, 178 configuration files, saving, 174, 175 configuration management roles and access levels, 657 configuration repository backup, 176 configuration repository management, overview, 173 Configure menu, 5 configuring asset polling, 131 call home, 75 cascaded FICON fabric, 451 client export port, 118 discovery, 39, 119 e-mail notification, 284 encrypted storage in a multi-path environment, 509 explicit server IP address, 125 external FTP server, 122 FCIP advance
Index customized views, editing, 154 customizing, product list columns, 152, 154 D data historical performance, 307 real time performance, 303 data backup, 92 data collection historical performance, 307 historical performance graph, 308 historical performance graph configuration, 310 data restore, 99 database fields Sybase and Derby, 659 database, restoring, 169 deactivating event policies, 275 deactivating zone configuration, 563 default background color, changing, 151 default community strings, 44 defau
Index disabling SNMP informs, 291 disabling trap forwarding, 290 Discover menu, 5 discovering a fabric, 37 discovery, 37 configuring, 39, 119 description of, 357 in-band, enabling, 39 out-of-band, enabling, 39 setting up, 39 SNMP version, 39 state, 51 troubleshooting, 52 discovery setup roles and access levels, 657 display end nodes, 102 display, FICON, 100 displaying event details, 262, 263 FCIP performance graphs for Ethernet ports, 391 FCIP performance graphs for FC ports, 391 firmware repository, 186 l
Index 468 launching the encryption target properties dialog box, 489 launching the encryption targets dialog box, 487 moving a target to a different encryption engine, 488 removing a target, 488 selecting mode for LUNs, 516 viewing and editing group properties, 478 encryption engines adding to HA clusters, 483 effects of zeroizing, 527 recovering from zeroizing, 527 removing from HA clusters, 483 support for tape pools, 485 zeroizing, 527 encryption group adding a switch using the management application, 4
Index events Ethernet, 103 event types, 267, 356 filtering, 265, 341, 356 monitoring methods, 259 policy actions, 268 policy types, 267 storage, 104 viewing, 283 expanding groups, 156 explicit server IP address configuring, 125 export switch configuration, 180 export commands --export, 612, 618 exporting log entries, 262 master log, 265 real time performance data, 306, 311 reports, 334 zone alias, 559 zone databases, 568 Extended Fabrics license, 452 external FTP server configuring, 122 F fabric binding a
Index FCR configuration, launching, 146 feature active session management, 657 add/delete properties, 657 backup, 657 call home, 75, 657 CEE management, 657 configuration management, 657 diagnose and troubleshooting, 657 discovery setup, 657 e-mail event notification setup, 657 event management, 657 fabric binding, 657 fabric tracking, 657 fault management, 657 FCIP management, 657 FCoE management, 657 FICON management, 657 firmware management, 657 high integrity fabric, 657 host management, 657 license up
Index G generating performance graph, 304 performance reports, 335 reports, 332 zoning reports, 337 graphing end-to-end monitor pairs, historical, 314 end-to-end monitor pairs, real time, 314 historical performance data collection, 308 graphs FCIP performance for Ethernet ports, 391 FCIP performance for FC ports, 391 group background color, changing, 150 grouping overview, 155 groups collapsing, 155 determining, 350 expanding, 156 finding users in, 350 overview, 155 groups, changing color, 150 groups, icon
Index invalid words thresholds adding, 201 editing, 211, 213, 214 IP configuration, 124 IP frames, 364 IP interfaces, configuring, 375 IP routes, configuring, 375 IPSec limitations, 373 IPsec FCIP, 369 IPSec policies, 373 configuring, 381 iSCSI devices, identifying inactive, 226, 232 ISL offline policies adding, 269 duplicating, 277 editing, 281 ISL protocol threshold, 197 adding, 204 K keep switch configuration, 180 key vaults adding or changing using the management application, 493 connection from switc
Index LUN choosing to be added to an encryption target container, 515 editing a re-keying interval, 514 selecting the encryption mode, 514 M Main window master log, 13 menu bar, 3 minimap, 15 Management application server and client, 62 management application main window, 2 user interface, 1 Management application feature listing, 32 Management application services monitoring and managing, 160 management server registering as trap recipient, 287 registering for syslog forwarding, 292 management software c
Index N names adding to existing device, 111 adding to new device, 112 editing, 112 exporting, 113 fixing duplicates, 110 importing, 113 removing from device, 112 searching by, 114 setting as non-unique, 110 setting as unique, 109 viewing, 111 names, overview, 109 naming conventions, 547 NetApp Lifetime Key Manager (LKM), description of, 610 NetApp LKM key vaults effects of zeroizing, 527 new device, adding name, 112 NIS authentication configuring, 167 O objects removing thresholds, 218 offline ports, dis
Index port connectivity view disabling filter, 225 enabling filter, 225 filtering results, 224 refreshing, 223 resetting filter, 225 viewing details, 225 port connectivity, viewing, 220 port display, changing, 152 port fencing roles and access levels, 658 port fencing inheritance avoiding, 208 port fencing, description, 195 port label, changing, 151 port optics refreshing, 233 viewing, 232 port properties, 226 port status, determining, 232 port types, viewing, 229 port-based routing, 256 ports, 220 determi
Index reassigning storage ports to storage array, 239 refreshing end-to-end monitoring pairs, 315 port optics view, 233 zone databases, 565 refreshing the port connectivity view, 223 register commands --reg -keyvault, 622, 624 registering host server, 287 host server for syslog forwarding, 293 management server, 287 management server for syslog forwarding, 292 registration SNMP traps, 287 remote client logging in, 66 remote host management, 357 removing destination for syslog forwarding, 294 destination, S
Index S safe zoning mode disabling, 556 enabling, 556 SAN zoning, 549 SAN menu, 3 saving historical performance graph configuration, 310 switch configuration files, 174, 175 zone databases to switch, 567 scheduling technical support information collection, 243 search names, 114 WWN, 114 searching configuration file, 179 members in zones, 587 Potential Members list, 588 zones in zone configuration, 588 Zones list, 589 security configuring, 115 roles and access levels, 658 security authentication configuring
Index SNMP traps adding V1 destination, 288 adding V3 destination, 289 editing a destination, 290 registering a different host server, 287 registering the management server, 287 removing a destination, 290 removing the host server, 288 trap forwarding, disabling, 290 trap forwarding, enabling, 288 SNMP traps, registration and forwarding, 287 software configuration, 118 software configuration properties roles and access levels, 658 start monitoring, 55 state change threshold, 198 status backup, 97 discovery
Index table # Brocade events, 640 # CONSRV event, 639 # thermal event reason codes, 639 call home event, 637 features, user groups access levels, 657–658 privileges and application behavior, 642–656 tables advanced call home database fields, 660–?? capability database fields, 661–662 client_view database fields, 662–664 collector database fields, 665–668 config database fields, 668–670 connected end devices database fields, 670 device database fields, 671–678 EE-monitor database fields, 678–680 encryption
Index thresholds, 195 assigning, 207 editing, 208 finding specific, 217 overview, 321 removing, 218 viewing, 217 viewing on a specific device, 218 thresholds table removing thresholds, 219 TIN/TUP emulation, 382 tips, turning on and off, 108 tips, viewing, 108 tool tips, turning on and off, 108 tool tips, viewing, 108 toolbox, 13 tools adding, 138 adding menu options, 139 adding to device shortcut menu, 142 changing menu options, 141 changing option on device shortcut menu, 143 changing server address, 139
Index users, total, 16 using from encryption group properties dialog, 527 V V1 destination adding, 288 V3 destination adding, 289 VE_Ports, 371 VEX_Port, 371 view all tab, 11 view management, 152 roles and access levels, 658 View menu, 3 view options, changing, 70 View window product list, 11 view all tab, 11 View window, toolbox, 13 viewing call home status, 86 configuration file, 178 device properties, 181 disabling port connectivity filter, 225 enabling port connectivity filter, 225 event logs, 260 eve
Index duplicating, 587 finding member in Zones list, 589 removing a zone, 590 removing zones, 590 renaming, 592 zone configuration comparison alerts managing, 581 zone configuration member finding in Zones list, 589 zone database automatic checkout, undoing, 585 zone databases comparing, 579 creating, 564 exporting, 568 importing, 568 merging, 565 refreshing, 565 rolling back changes, 569 saving to switch, 567 zone members adding to zone, 551 creating in zone by alias, 554 creating in zone by domain,port,