Creating Secure Fabric OS Policies
Managing Secure Fabric OS Policies
All Secure Fabric OS transactions can be performed through the Primary FCS
switch only, except for sectransabort, secfcsfailover,
secstatsreset, and secstatsshow.
You can create multiple sessions to the Primary FCS switch, from one or more
hosts. However, the software allows only one Secure Fabric OS transaction at a
time. If a second Secure Fabric OS transaction is started, it fails. The only
secondary transaction that can succeed is the sectransabort command.
All policy modifications are saved only in volatile memory until you save or
activate the changes.
You can perform the following functions on existing Secure Fabric OS policies:
76
Saving Changes to Secure Fabric OS
Save changes to flash memory without actually implementing the changes
within the fabric. This saved but inactive information is known as the Defined
Security Policy Set.
Activating Changes to Secure Fabric OS
Simultaneously save and implement all the policy changes you have made
since the last time you activated changes. The activated policies are known as
the Active Security Policy Set.
Adding a Member to an Existing
Add one or more members to a policy. Once the policy has at least one
member, that aspect of the fabric becomes closed to access by all
devices/switches that are not listed in that policy.
Removing a Member from a
Remove one or more members from a policy. If you remove all the members
from a policy, that aspect of the fabric becomes closed to all access.
You cannot remove the last member from the FCS_POLICY, because a
Primary FCS switch must be designated.
Deleting a
Policy, page 80
Delete an entire policy. However, keep in mind that doing so opens up that
aspect of the fabric to all access.
Aborting All Uncommitted
Abort all the changes to the Secure Fabric OS policies since the last time
changes were saved or activated.
Policies, page 77
Policies, page 77
Policy, page 78
Policy, page 79
Changes, page 80
Secure Fabric OS Version 1.0 User Guide