Page 6
Enabling SAN Ethernet loss events ..... . 94 Disabling SAN Ethernet loss events ..... . 94 Event storage.
Page 7
Disabling fabric tracking ......131 Accepting changes for a fabric ......131 Accepting changes for all fabrics .
Page 8
LDAP authorization ........154 Loading an Active Directory group .
Page 9
Deleting a customized view .......179 Copying a view ......... .179 SAN topology layout .
Page 10
Adding an option to the Tools menu ......204 Changing an option on the Tools menu ..... .206 Removing an option from the Tools menu.
Page 11
Launching the SMIA configuration tool on Unix ...231 Launching a remote SMIA configuration tool....232 Service Location Protocol (SLP) support ....232 Home tab .
Page 12
Disabling a port ........273 Filtering port connectivity .
Page 13
Importing storage port mapping ......304 Exporting storage port mapping......305 Chapter 13 Host management In this chapter .
Page 14
Chapter 14 Fibre Channel over Ethernet In this chapter ......... .333 FCoE overview .
Page 15
LLDP-DCBX configuration ....... . .366 Configuring LLDP for FCoE ......366 Adding an LLDP profile .
Page 16
Configuring routing domain IDs ......412 Chapter 17 Virtual Fabrics In this chapter ......... .413 Virtual Fabrics overview .
Page 17
Steps for connecting to an LKM appliance ....448 Launching the NetApp DataFort Management Console ..448 Establishing the trusted link ......448 Obtaining and importing the LKM certificate.
Page 18
Replacing an encryption engine in an encryption group ..509 Creating high availability (HA) clusters ..... . 510 Removing engines from an HA cluster .
Page 19
Viewing and editing switch encryption properties ... . .561 Exporting the public key certificate signing request (CSR) from Properties ......... .563 Importing a signed public key certificate from Properties .
Page 20
Configuring zoning for the SAN ......583 Creating a new zone ....... . .584 Viewing zone properties .
Page 21
Zoning administration........612 Comparing zone databases......612 Managing zone configuration comparison alerts .
Page 22
QOS, DSCP, and VLANs ........642 DSCP quality of service .......642 VLANs and layer two quality of service .
Page 30
E-mailing selected event details from the Master Log ..905 Displaying event details from the Master Log ... . .906 Copying part of the Master Log......907 Copying the entire Master Log .
Page 31
SAN shortcut menus ........941 Appendix B Call Home Event Tables In this appendix .
Page 32
Database tables and fields .......991 Advanced Call Home ....... . .991 Capability .
About This Document In this chapter • How this document is organized ....... . . xxxv •...
Page 36
• Chapter 13, “Host management,” provides information on how to configure an HBA. • Chapter 14, “Fibre Channel over Ethernet,”provides information on how to configure an FCoE. • Chapter 15, “Security Management,” provides security configuration instructions. • Chapter 16, “FC-FC Routing Service Management,” provides information on how to manage Fibre Channel Routing.
Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some devices but not to others, this guide identifies exactly which devices are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc.
Page 38
TABLE 1 Fabric OS Supported Hardware (Continued) Device Name Terminology used in documentation Firmware level required Brocade 5480 embedded switch Embedded 24-port, 8 Gbps Switch Fabric OS v6.1.0 or later Brocade 6510 48-port, 16 Gbpsswitch Fabric OS v7.0.0 or later Brocade 7500 Extension switch 4 Gbps Router, Extension Switch Fabric OS v5.1.0 or later...
Page 39
TABLE 1 Fabric OS Supported Hardware (Continued) Device Name Terminology used in documentation Firmware level required Brocade DCX-4S 192-port Backbone Chassis Fabric OS v6.0.0 or later Brocade DCX-4S with FC8-16, FC8-32, and 192-port Backbone Chassis with 8 Gbps Fabric OS v6.2.0 FC8-48 Blades 16-FC port, 8 Gbps 32-FC port, and 8 Gbps 48-FC port blades...
What’s new in this document The following changes have been made since this document was last released: • Information that was added: • Host adapter discovery • VM Manager discovery • Performance Data Aging tab to SMC • Port Auto Disable dialog box •...
Document conventions This section describes text formatting conventions and important notice formats used in this document. Text formatting The narrative-text formatting conventions that are used are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text...
Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only. Corporation Referenced Trademarks and Products Linus Torvalds Linux Microsoft Corporation...
Other industry resources For additional resource information, visit the Technical Committee T11 website. This website provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.org Getting technical help...
• Brocade 7600—On the bottom of the chassis • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX and DCX-4S—On the bottom right on the port side of the chassis 4. World Wide Name (WWN) Use the wwn command to display the switch WWN. If you cannot use the wwn command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX.
Chapter Getting Started In this chapter • User interface components ........1 •...
Page 46
User interface components FIGURE 1 Main window 1. Menu bar. Lists commands you can perform on the Management application. The available commands vary depending on which tab (SAN or Dashboard) you select. For a list of available commands, refer to Appendix A, “Application menus”.
User interface components Dashboard tab NOTE Only devices in your area of responsibility (AOR) display in the dashboard. The Dashboard tab provides a high-level overview of the network and the current states of managed devices. This allows you to easily check the status of the devices on the network. The dashboard also provides several features to help you quickly access reports, device configuration, and system logs.
User interface components 5. Widgets. Displays operational status, inventory status, event summary, and overall network/fabric status. 6. Status bar. Displays the connection, port, product, fabric, special event, call home, and backup status, as well as Server and User data. Menu bar The menu bar is located at the top of the main window.
Page 49
User interface components Widgets The Dashboard contains four widgets which can be shown or hidden, resized, collapsed or expanded, as well as maximized or minimized; however you cannot detach a widget. The status and inventory widget colors are defined in “Event type color codes”...
Page 50
User interface components 2. SAN Inventory. Displays the SAN products inventory as stacked bar graphs. Displays each group as a separate bar on the graph. Displays the current state of all products discovered for a group in various colors on each bar. Displays the color legend below the y-axis. Displays tooltips on mouse-over to show the number of devices in that state.
Page 51
User interface components Events widget customization • Range list—Select to display event information for a specific duration. To change the duration, select one of the following from the list. This Hour—Displays event information for the current hour beginning when the ...
User interface components • Export. To take a snapshot (.png) of the dashboard, complete the following steps. a. Click Export. b. Browse to the location where you want to save the snapshot. Enter a name for the snapshot in the File Name field. d.
Page 53
User interface components FIGURE 5 Main window - SAN tab 1. Menu bar. Lists commands you can perform on the SAN tab. For a list of SAN tab menu commands, refer to “SAN main menus” on page 932. 2. Main toolbar. Provides buttons that enable quick access to dialog boxes and functions. For a list of available commands, refer to “Main toolbar”...
Page 54
User interface components 11. Utilization Legend. (Trial and Licensed version only) Indicates the percentage ranges represented by the colored, dashed lines on the Connectivity Map. Only displays when you select Monitor > Performance > View Utilization or click the Utilization icon on the toolbar. 12.
User interface components View All list The View All list is located at the top left side of the window and enables you to create, copy, or edit a view, select to how to view the Product list (All Levels, Products and Ports, Products Only, or Ports Only) and to select which view you want to display in the main window.
User interface components Connectivity Map toolbar The Connectivity Map toolbar is located at the top right side of the View window and provides tools to export the topology, to zoom in and out of the Connectivity Map, collapse and expand groups, and fit the topology to the window.
Page 57
User interface components • Domain ID. Displays the Domain ID for the product in the format xx(yy), where xx is the normalized value and yy is the actual value on the wire. • FC Address. Displays the Fibre Channel address of the port. •...
User interface components FIGURE 9 Connectivity Map The Management application displays all discovered fabrics in the Connectivity Map by default. To display a discovered Host in the Connectivity Map, you must select the Host in the Product List. You can only view one Host and physical and logical connections at a time. Master Log The Master Log, which displays in the lower left area of the main window, lists the events and alerts that have occurred on the SAN.
User interface components • Node WWN. The world wide name of the node on which the event occurred. • Fabric Name. The name of the fabric on which the event occurred. • Operational Status. The operational status (such as, unknown, healthy, marginal, or down) of the product on which the event occurred.
User interface components Use the Minimap to view the entire SAN and to navigate more detailed map views. This feature is especially useful if you have a large SAN. Does not display until you discover a fabric. FIGURE 11 Minimap Anchoring or floating the Minimap You can anchor or float the Minimap to customize your main window.
Icon legend 3. Product Status. Displays the status of the most degraded device in the SAN. For example, if all devices are operational except one (which is degraded), the Product Status displays as degraded. Click this icon to open the Product Status Log. 4.
Icon legend Icon Description Icon Description Fabric Fabric OS Switch and Blade Switch Fabric OS Director Fabric OS CEE Switch Fabric OS Router Storage Fabric OS FC Switch in Access Gateway Fabric OS FC Switch in Access Gateway mode (single-fabric connected) mode (multiple-fabric connected) Fabric OS CEE Switch in Access Gateway Fabric OS CEE Switch in Access Gateway...
Icon legend SAN group icons The following table lists the manageable SAN product group icons that display on the topology. Icon Description Icon Description Switch Group Host Group Storage Group Unknown Fabric Group Unmanaged Fabric Group Chassis Group Host group icons The following table lists the manageable Host product group icons that display on the topology.
Icon legend SAN product status icons The following table lists the product status icons that display on the topology. Icon Status No icon Healthy/Operational Attention Bottleneck Degraded/Marginal Device Added Device Removed/Missing Down/Failed Routed In Routed Out Unknown/Link Down Unreachable Brocade Network Advisor SAN User Manual 53-1002167-01...
Icon legend Event icons The following table lists the event icons that display on the topology and Master Log. For more information about events, refer to “Fault Management” on page 843. Event Icon Description Emergency Alert Critical Error Warning Notice Informational Debug Brocade Network Advisor SAN User Manual...
Management server and client Management server and client The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores device-related information; it does not have a user interface. To view information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines.
Page 67
Management server and client TABLE 4 Professional edition ports (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 24602 jboss.connector.bisocket.port - port 2 Bisocket connector port Client–Server 24603 jboss.connector.bisocket.secondary.port Bisocket connector secondary Client–Server - port 3 port 24604 jboss.naming.rmi.port - port 4 RMI naming service port Client–Server...
Page 68
Management server and client TABLE 5 Trial and Licensed version ports (Continued) Port Number Ports Transport Description Communication Path Open in Firewall TACACS+ Authentication port TACACS+ server port for Server–TACACS+ authentication if TACACS+ is Server chosen as an external authentication jboss.web.http.port Non-SSL HTTP/1.1 connector Client–Server...
Page 69
Management server and client TABLE 5 Trial and Licensed version ports (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 24604 jboss.connector.sslbisocket.port - port 4 SSL Bisocket connector port Client–Server 24605 jboss.connector.sslbisocket.secondary.p SSL Bisocket connector Client–Server ort - port 5 secondary port 24606 smp.registry.port - port 6...
Page 70
Management server and client TABLE 5 Trial and Licensed version ports (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 55556 Launch in Context (LIC) client hand Client port used to check if a Client shaking port Management application client opened using LIC is running on the same host NOTE: If this port is in use, the...
Management server and client Logging into a server You must log into a server to monitor your network. NOTE You must have an established user account on the server to log in. To log into a server, complete the following steps. 1.
Management server and client 5. Click Login. 6. Click OK on the Login Banner dialog box. The Management application displays. Clearing previous versions of the remote client The remote client link in the Start menu does not automatically upgrade when you upgrade the Management application.
Page 73
Management server and client 4. Select Internal FTP Server or External FTP Server on the FTP Server screen and click Next. If port 21 is busy, a message displays. Click OK to close the message and continue. Once the Management application is configured make sure port 21 is free and restart the Server to start the FTP service.
Page 74
Management server and client b. Select an address from the Switch - Server IP Configuration Preferred Address list. If DNS is not configured for your network, do not select the ‘hostname’ option from either the Server IP Configuration or Switch - Server IP Configuration Preferred Address list. Selecting the ‘hostname’...
Page 75
Management server and client Click Next. If you enter a syslog port number already in use, a message displays. Click No on the message to remain on the Server Configuration screen and edit the syslog port number (return to step 6a). Click Yes to close the message and continue with step 7. If you enter a port number already in use, a Warning displays next to the associated port number field.
Management server and client The defaults are Administrator and password, respectively. If you migrated from a previous release, your user name and password do not change. 12. Click Login. 13. Click OK on the Login Banner. Changing the database user password To change the read/write or read only database password, complete the following steps in the Install_Home/bin directory.
Management server and client Viewing active sessions To view the Management application active sessions, complete the following steps. 1. Select Server > Active Sessions. The Active Sessions dialog box displays (Figure 19). FIGURE 18 Active Sessions dialog box 2. Review the active session information. The following information displays: •...
Management server and client Viewing server properties To view the Management application server properties, complete the following steps. 1. Select Server > Server Properties. The Server Properties dialog box displays. FIGURE 19 Server Properties dialog box 2. Click Close. Viewing port status You can view the port status for the following ports: FTP, SNMP, Syslog, and Web Server.
Supported open source software products Supported open source software products Table 6 lists the open source software third-party software products used in this release. TABLE 6 Supported Open Source Software Third-party Software Products Open Source Software License Type 7-ZipLZMASDK 4.65 public domain Abator 1.1 Apache License v2.0...
Page 80
Supported open source software products TABLE 6 Supported Open Source Software Third-party Software Products (Continued) Open Source Software License Type dom4j 1.6.1 dom4j License EnterpriseDTFTP 1.5.6 LGPL GlazedLists 1.8.0 LGPL or MPL GoogleGuice 1.0 Apache HPInsightSoftwareVCEMWebClientSDK 6.2 HP SOFTWARE DEVELOPMENT KIT LICENSE AGREEMENT HornetQ 2.0.0 Apache License v2.0...
Page 81
Supported open source software products TABLE 6 Supported Open Source Software Third-party Software Products (Continued) Open Source Software License Type OpenSAML 2.3.0 Apache License v2.0 OpenSSLforLinux 1.0.0a OpenSSL License PostgreSQL 8.4.3 PostgreSQL License QualityFirstLibrary 0.99.0 Mozilla License V1.1 and qflib License Quartz Enterprise Job Scheduler 1.66 Apache License v2.0 RockSawRawSocketLibrary 1.0.0...
SAN feature-to-firmware requirements SAN feature-to-firmware requirements Use the following table to determine whether the Management application SAN features are only available with a specific version of the Fabric OS firmware, M-EOS firmware, or both, as well as if there are specific licensing requirements. Feature Fabric OS M-EOS...
Page 83
SAN feature-to-firmware requirements Feature Fabric OS M-EOS Meta SAN Requires Fabric OS 5.2 or later for FC router and Not available. router domain ID configuration. Requires Fabric OS 6.0 or later in a mixed Fabric OS and M-EOS fabric. Requires Integrated Routing license. Performance Requires Fabric OS 5.0 or later for FC_ports, -end Requires M-EOS and M-EOSn 9.6.X or later for...
Accessibility features for the Management application Accessibility features for the Management application Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. The following list includes the major accessibility features in the Management application: •...
Accessibility features for the Management application Look and Feel You can configure the Management application to mimic your system settings as well as define the size of the font. ‘Look’ refers to the appearance of graphical user interface widgets and ‘feel’ refers to the way the widgets behave.
Page 86
Accessibility features for the Management application Changing the font size The Options dialog box enables you to change the font size for all components including the Connectivity map of the Management application interface. Font size changes proportionately in relation to the system resolution. For example, if the system resolution is 1024 x 768, the default font size would be 8 and large font size would be 10.
Managed count Managed count The Management application audits and verifies the managed count against the maximum limit for your license under the following conditions: • Every 3 hours from server start time. Note that you may be able to manage more products or ports than the maximum licensed limit briefly (maximum of three hours) between these periodic checks.
Upgrading the application NOTE You are not required to enter a license key for SMI Agent only installation. If you choose to the SMI Agent only option, when you open the Management application client, a License dialog displays, where you must enter a license key. Before you enter the license key you must install the application.
Page 90
Upgrading the application TABLE 8 SAN + IP upgrade paths Current Software Release To Software Release SAN Professional Plus + IP SAN + IP Enterprise Licensed version Enterprise Licensed version Enterprise trial Enterprise Licensed version 1. Select Help > License. The License dialog box displays.
SAN discovery overview NOTE Professional Plus edition can discover up to 4 fabrics. NOTE Professional Plus edition can discover, but not manage the Backbone chassis.Use the device’s Element Manager, which can be launched from the Connectivity Map, to manage the device. This device cannot be used as a Seed switch.
SAN discovery overview Discovering fabrics NOTE Fabric OS devices must be running Fabric OS 5.0 or later. M-EOS devices must be running M-EOS 9.6 or later. NOTE Only one copy of the application should be used to monitor and manage the same devices in a subnet.
Page 94
SAN discovery overview FIGURE 22 Add Fabric Discovery dialog box (IP Address tab) 3. Enter a name for the fabric in the Fabric Name field. 4. Enter an IP address for a device in the IP Address field. For seed switch requirements, refer to “Seed switch requirements”...
Page 95
SAN discovery overview For Virtual Fabric discovery device requirements, refer to “Virtual Fabrics requirements” page 415. To discover a Virtual Fabric device, you must have the following permissions: • Switch user account with Chassis Admin role permission on the physical chassis. •...
Page 96
SAN discovery overview d. Select the SNMP version from the SNMP Version list. • If you selected v1, continue with step e. • If you select v3, the SNMP tab displays the v3 required parameters. Go to step i. To discover a Fabric OS device (not virtual fabric-capable), you must provide the existing SNMPv3 username present in the switch.
SAN discovery overview Editing the password for multiple devices You can only edit password for Fabric OS devices in the same fabric. To edit the password for multiple devices within the same fabric, complete the following steps. 1. Select Discover > Fabrics. The Discover Fabrics dialog box displays.
SAN discovery overview Configuring SNMP credentials 1. Select Discover > Fabrics. The Discover Fabrics dialog box displays. 2. Select an IP address from the Discovered Fabrics table. 3. Click Edit. The Add Fabric Discovery dialog box displays. 4. To revert to the default SNMPv3 settings, click the Automiatic option. Go to step 19. 5.
SAN discovery overview 19. Click OK on the Add Fabric Discovery dialog box. If the seed switch is not partitioned, continue with step If the seed switch is partitioned, the Undiscovered Seed Switches dialog box displays. a. Select the Select check box for each undiscovered seed switch to discover their fabrics. b.
Viewing the fabric discovery state Rediscovering a previously discovered fabric To return a fabric to active discovery, complete the following steps. 1. Select Discover > Fabrics. The Discover Fabrics dialog box displays. 2. Select the fabric you want to return to active discovery in the Previously Discovered Addresses table.
Troubleshooting fabric discovery TABLE 9 Discovery Status Icons Icon Description Displays when the fabric or host is managed and the management status is okay. Displays when the switch is managed and the switch management status is not okay. Displays when the fabric or host is not managed. The Discovery Status field details the actual status message text, which varies depending on the situation.
Troubleshooting fabric discovery M-EOSn discovery troubleshooting The following section states a possible issue and the recommended solution for M-EOSn discovery errors. Problem Resolution M-EOS seed switch discovery is not supported Discover the device using SNMPv1. using SNMPv3 on the following devices: To configure SNMPv3 and manage the device, complete the following steps.
Troubleshooting fabric discovery Virtual Fabric discovery troubleshooting The following section state possible issues and the recommended solutions for Virtual Fabric discovery errors. Problem Resolution At the time of discovery, the seed switch is Virtual Fabric-enabled; however, the user does not have Make sure the user account has Chassis Admin role for the seed switch.
SAN Fabric monitoring SAN Fabric monitoring NOTE Monitoring is not supported on Hosts. The upper limit to the number of HBA and CNA ports that can be monitored at the same time is 32. The same upper limit applies if switch ports and HBA ports are combined.
SAN Fabric monitoring Monitoring discovered fabrics NOTE Monitoring is not supported on Hosts. To monitor a fabric and all associated devices, complete the following steps. 1. Select Discovery > Fabrics. The Discover Fabrics dialog box displays. 2. Select the fabric you want to monitor from the Discovered Fabrics table. 3.
SAN Seed switch SAN Seed switch The seed switch must be running a supported Fabric OS or M-EOS version and must be HTTP-reachable. Sometimes, the seed switch is auto-selected, such as when a fabric segments or when two fabrics merge. Other times, you are prompted (an event is triggered) to change the seed switch, such as in the following cases: •...
SAN Seed switch Seed switch requirements Depending on your environment, you must meet the following hardware and firmware version requirements for seed switches. Fabric OS devices: • For Fabric OS only fabrics, the seed switch must be running Fabric OS 5.0 or later. •...
SAN Seed switch Seed switch failover The Management application collects fabric-wide data (such as, fabric membership, connectivity, name server information, zoning, and so on) using the seed switch. Therefore when a seed switch becomes unreachable or there is no valid seed switch, the fabric becomes unmanageable. When the seed switch cannot be reached for three consecutive fabric refresh cycles, the Management application looks for another valid seed switch in the fabric, verifies that it can be reached, and has valid credentials.
SAN Seed switch Changing the seed switch When you change the seed switch for a fabric, the Management application performs the following checks in the order they are listed: • Identifies all switches and removes those running unsupported firmware version. •...
Host discovery Host discovery The Management application enables you to discover individual hosts, import a group of Host from a comma separated values (CSV) file, or import all hosts from discovered fabrics or VM managers. NOTE Host discovery requires HCM Agent 2.0 or later. NOTE SMI and WMI discovery are not supported.
Page 111
Host discovery FIGURE 26 Add Host Adapters dialog box 3. (Optional) Enter a discovery request name (such as, Manual 06/12/2009) in the Discovery Request Name field. 4. Select Network Address from the list. 5. Enter the IP address (IPv4 or IPv6 formats) or host name in the Network Address field. 6.
Host discovery Configure Host credentials, if necessary. a. Enter the HCM Agent port number in the Port field. b. Enter your username in the User ID field. Enter your password Password field. 8. Repeat step 5 through step 7 for each Host you want to discover. 9.
Host discovery 4. Browse to the CSV file location. The CSV file must meet the following requirements: • Comma separated IP address or host names • No commas within the values • No escaping supported For example, XX.XX.XXX.XXX, XX.XX.X.XXX, computername.company.com 5.
Page 114
Host discovery FIGURE 28 Add Host Adapters dialog box 3. Enter a discovery request name (such as, MyFabric) in the Discovery Request Name field. 4. Select Hosts in Fabrics from the list. 5. Select All fabrics or an individual fabric from the list. 6.
Host discovery Importing Hosts from a VM manager To discover Hosts from a discovered VM manager, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Click Add. The Add Host Adapters dialog box displays. FIGURE 29 Add Host Adapters dialog box 3.
Host discovery 8. Click OK on the Add Host Adapters dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Hosts table with pending status. To update the status from pending you must close and reopen the Discover Host Adapters dialog box.
Host discovery To delete a host from active discovery, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Select the host you want to delete from active discovery in the Discovered Hosts table. 3.
Host discovery Viewing the host discovery state The Management application enables you to view device discovery status through the Discover Host Adapters dialog box. To view the discovery status of a device, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays.
VM Manager Discovery VM Manager Discovery The Management application enables you to discover VM managers. NOTE VM Manager discovery requires vCenter Server 4.0 or later. NOTE You can discover up to 10 VM Managers. Discovering a VM manager To discover a VM manager, complete the following steps. 1.
Page 120
VM Manager Discovery 2. Click Add. The Add VM Manager dialog box displays. FIGURE 32 Add VM Manager dialog box 3. Enter the IP address or host name in the Network Address field. 4. Enter the VM manager port number in the Port field. 5.
VM Manager Discovery Editing a VM manager To edit VM manager discovery, complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select the Host in the Discovered VM Managers list and click Edit. The Edit VM Manager dialog box displays.
VM Manager Discovery Including a host in VM manager discovery To include host in VM manager discovery complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select a Host you want to include in the Discovered VM Managers list and click Include.. 3.
VM Manager Discovery Deleting a VM manager from discovery To delete a host permanently from discovery, complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select the VM manager you want to delete permanently from discovery in the Previously Discovered Addresses table.
VM Manager Discovery Troubleshooting VM manager discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly. 1. Verify IP connectivity by issuing a ping command to the switch. a. Open the command prompt. b.
Server Data backup Server Data backup The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary. NOTE Backing up data takes some time. It is possible that, in a disaster recovery situation, configuration changes made after the last backup interval will be missing from the backup.
Server Data backup Back up directory structure overview The Management server backs up data to two alternate folders. For example, if the backup directory location is D:\Backup, the backup service alternates between two backup directories, D:\Backup\Backup and D:\Backup\BackupAlt. The current backup is always D:\Backup and contains a complete backup of the system.
Server Data backup 4. Choose one or more of the following options: • Select the Include Adapter Boot Image directory check box. • Select the Include FTP Root directory check box. If you select the FTP Root directory, the FTP Root sub-directories, Technical Support and Trace Dump, are selected automatically and you cannot clear the sub-directory selections.
Server Data backup 4. Choose one or more of the following options: • Select the Include Adapter Boot Image directory check box. • Select the Include FTP Root directory check box. If you select the FTP Root directory, the FTP Root sub-directories, Technical Support and Trace Dump, are selected automatically and you cannot clear the sub-directory selections.
Page 130
Server Data backup 4. Choose one or more of the following options: • Select the Include Adapter Boot Image directory check box. • Select the Include FTP Root directory check box. If you select the FTP Root directory, the FTP Root sub-directories, Technical Support and Trace Dump, are selected automatically and you cannot clear the sub-directory selections.
Server Data backup Enabling backup Backup is enabled by default. However, if it has been disabled, complete the following steps to enable the function. 1. Select Server > Options. The Options dialog box displays. 2. Select Server Backup in the Category list. 3.
Server Data backup Changing the backup interval When the backup feature is enabled, your SAN is protected by automatic backups. The backups occur every 24 hours by default. However, you can change the interval at which backup occurs. ATTENTION Do NOT modify the backup.properties file. To change the backup interval, complete the following steps.
Server Data restore Reviewing backup events The Master Log, which displays in the lower left area of the main window, lists the events that occur on the Fabric. If you do not see the Master Log, select View > Show Panels > All Panels. The following backup events appear in the Master Log: •...
Server Data restore • Backup\conf – contains the Management application configuration files. • Backup\cimom – contains the SMIA configuration files. In a disaster recovery situation, it is possible that configuration changes made less than 45 minutes before Server loss (depending on the backup interval you set) could be missing from the backup.
SAN Display SAN Display You can configure the display for FICON and reset the display to the default settings. Setting your FICON display FICON display setup rearranges the columns of any table that contains end device descriptions to move the following eight columns to be the first columns: FC Address, Serial #, Tag, Device Type, Model, Vendor, Port Type, and WWN.
SAN Display Resetting your display You can reset your system to display the default display settings. Note that returning to current settings after a reset may require configuring each global fabric or group setting individually. The following table (Table 13) details the settings that change with reset and the associated default state.
SAN End node display SAN End node display The connectivity map can be configured to display or not display end nodes. This option enables you to set the end node display for all newly discovered fabrics. Note that disabling end node display limits the connectivity map to emphasize switch members only.
SAN Ethernet loss events SAN Ethernet loss events An Ethernet event occurs when the Ethernet link between the Management Server and the managed SAN device is lost. You can configure the application to enable events when the Ethernet connection is lost. Enabling SAN Ethernet loss events The Options dialog box enables you to configure the Management application to generate an Ethernet event after a device is offline for a specific period of time.
Event storage Event storage You can configure the number of historical events in the repository as well as how long the events will be retained. Configuring event storage To configure event storage, complete the following steps. 1. Select Server > Options. The Options dialog box displays (Figure 38).
Flyovers Storing historical events purged from repository To store historical events purged from the repository, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Event Storage in the Category list. 3. Select the Yes option. 4.
Page 141
Flyovers FIGURE 39 Options dialog box (Flyovers option, Product tab) a. Select each property you want to display in the product flyover from the Available Properties table. Depending on which protocol you select, some of the following properties may not be available for all protocols: Fibre Channel (default) •...
Page 142
Flyovers Select the Connection tab (Figure 40) and complete the following steps to select the information you want to display on flyover. FIGURE 40 Options dialog box (Flyovers option, Connection tab) a. Select the protocol from the Protocol list. The default protocol is Fibre Channel. Depending on which protocol you select, some properties may not be available for all protocols.
SAN Names FCoE • • Name Port# • • Node WWN Port Type • • FCoE Index # • IP_Address:Port-IP_Address:Port Click the right arrow to move the selected properties to the Selected Properties table. d. Use the Move Up and Move Down buttons to reorder the properties in the Selected Properties table.
SAN Names Setting names to be unique You can edit duplicate names so that each device has a unique name. Note that the Duplicated Names dialog box only displays when you set names to be unique and there are duplicate names in the system.
SAN Names Setting names to be non-unique You can choose to allow duplicate names in your fabric. To set names to be non-unique, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Names in the Category list. 3.
SAN Names 2. Click Fix Duplicates. The Duplicated Names dialog box displays. 3. Select one of the following options. • If you select Append Incremental numbers for all repetitive names, the names are edited automatically using incremental numbering. • If you select I will fix them myself, edit the name in the Name field. 4.
SAN Names 5. Click OK on the confirmation message. 6. Click OK to close the Configure Names dialog box. Adding a name to a new device To add a new device and name it, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays.
SAN Names Removing a name from a device 1. Select Configure > Names. The Configure Names dialog box displays. 2. In the Display table, select the name you want to remove. 3. Click Remove. An application message displays asking if you are sure you want clear the selected name. 4.
SAN Names Importing Names If the name length exceeds the limitations detailed in the following table, you must edit the name (in the CSV file) before import. Names that exceed these limits will not be imported. If you migrated from a previous version, the .properties file is located in the Install_Home\migration\data folder. Device Character limit Fabric OS switch 6.2 or later...
SAN Names 4. Enter the name you want to search for in the Search field. You can search on partial names. NOTE To search for a device, the device must be discovered and display in the topology. 5. Click Search. All devices with the specified name (or partial name) are highlighted in the Display table.
Security Security You can configure the Server Name, CHAP secret value, and login banner, and modify whether or not to allow clients to save passwords. When the login banner is enabled, each time a client connects to the server, the login banner displays with a legal notice provided by you. The client's users must acknowledge the login banner to proceed, otherwise they are logged out.
Security 5. Re-enter the password in the Retype Secret field. If the secret does not meet the application requirements or the CHAP Secret and Retype Secret entries do not match, an error message displays. Click OK to re-enter the CHAP Secret and Retype Secret values.
Security Configuring the login banner display To configure the login banner display, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Security Misc in the Category list. 3. Select the Display login banner upon client login check box. 4.
Syslog Registration Syslog Registration You can automatically register the server as the syslog recipient on products. Registering a server as a Syslog recipient automatically 1. Select Server > Options. The Options dialog box displays. 2. Select Syslog Registration in the Category pane. FIGURE 44 Options dialog box (Trap Registration option) 3.
SNMP Trap Registration SNMP Trap Registration You can automatically register the server as the trap recipient on products. If SAN products have Informs enabled, the registration is for the Informs. Registering a server as a SNMP trap recipient automatically 1. Select Server > Options. The Options dialog box displays.
SNMP Trap Forwarding Credentials SNMP Trap Forwarding Credentials You can configure SNMP credentials for the traps forwarded by the server. Configuring SNMP v1 and v2c credentials To configure a SNMP v1 or v2c credentials, complete the following steps. 1. Select Server > Options. The Options dialog box displays.
Software Configuration 4. Select on of the following authentication types from the Authentication Type options. • HMAC_MD5 • HMAC_SHA 5. Enter the SNMP v3 user name (case sensitive, 1 to 16 characters) in the Auth Password and Confirm Password fields. Allows all printable ASCII characters.
Page 158
Software Configuration FIGURE 47 Options dialog box (Client Export Port option) 3. Enter the client export port number to set a fixed port number for the client in the Client Export Port field. 4. Click Apply or OK to save your work. NOTE Changes to this option take effect after a client restart.
Software Configuration Client/Server IP You can configure connections between the client or switches and the Management application server. Configuring the server IP address NOTE The server binds using IPv6 address by default if your Operating System is IPv6-enabled (dual mode or IPv6 only).
Page 160
Software Configuration 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step • Select a specific IP address. Continue with step • Select localhost. Continue with step When Server IP Configuration is set to All, you can select any available IP address as the Return Address.
Page 161
Software Configuration 5. Complete the following steps on the Server IP Configuration screen (Figure 49). FIGURE 49 Server IP Configuration screen a. Select an address from the Server IP Configuration list. b. Select an address from the Switch - Server IP Configuration Preferred Address list. If DNS is not configured for your network, do not select the “hostname”...
Page 162
Software Configuration Configuring the application to use dual network cards Issues with Client-to-Server connectivity can be due to different reasons. Some examples are: • The computer running the Server has more than one network interface card (NIC) installed. • The computer running the Server is behind a firewall that performs network address translation.
Software Configuration FIGURE 50 Options dialog box (IP Preferences option) Memory allocation You can configure memory allocation for the client and server to improve performance. You can trigger switch polling when a state changes or you can poll at intervals when no state change occurs.
Page 164
Software Configuration For a 32-bit Windows/Linux Server • Small : 768 MB • Medium : 1024 MB • Large : 1024 MB For a 64-bit Windows Server • Small : 20481024 MB • Medium : 1500 MB • Large : 10242048 MB Client Heap Size (for both 32 and 64-bit servers) •...
Page 165
Software Configuration • Enterprise Medium : 1500 MB • Enterprise Large : 2048 MB NOTE There is no restriction on the maximum value for Server Heap Size in a 64-Bit Server. The correct server heap size value must be given according to the RAM present in the server. 6.
Software Configuration 5. Click Apply or OK to save your work. NOTE Changes to this option take effect after an application restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 11.X.X > Server Management Console). 6.
Software Configuration 3. Choose one of the following options: • If you want to connect using HTTP, complete the following steps. a. Select the Connect using HTTP option. b. Enter the connection port number in the Port # field. Continue with step 4. •...
Page 168
Software Configuration Configuring an internal FTP server To configure the internal FTP server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays (Figure 52). 2. Select FTP/SCP in the Category list. FIGURE 52 Options dialog box (FTP/SCP option) 3.
Page 169
Software Configuration Configuring an external FTP server To configure the external FTP server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select FTP/SCP in the Category list. 3. Select the Use External FTP Server and/or SCP Server option. 4.
Page 170
Software Configuration 9. Click Test to test the FTP server. A “Server running successfully” or an error message displays. If you receive an error message, make sure your credentials are correct, the server is running, the remote directory path exists, and you have the correct access permission; then try again. 10.
Software Configuration Server port You can configure the server port settings so that you can assign a web server port number and set the server port to be SSL-enabled. Configuring the server port To configure server settings, complete the following steps. 1.
Software Configuration 6. Click Apply or OK to save your work. NOTE Changes to this option take effect after application restart. Click OK on the “changes take effect after application restart” message. Support mode You can configure support settings to allow enhanced diagnostics. Configuring support mode settings To configure support mode settings, complete the following steps.
Page 173
Software Configuration 3. Select the Log client support data - Log Level list, and select the type of log data you want to configure. Log level options include: All, Fatal, Error, Warn, Info, Debug, Trace, and Off. Default is Info. The log level options return to the default value (Info) when the client or server is restarted.
Fabric tracking Fabric tracking When you discover a new fabric and initial discovery is complete, fabric tracking is automatically enabled. Subsequently, if a switch or end-device is added to or removed from the fabric, a plus (+) or minus (-) icon displays (see table below) next to the product icon. Connections are also tracked. A new connection displays a solid gray line with a added icon and missing connections display a yellow dashed line with a removed icon.
Fabric tracking Disabling fabric tracking 1. Disable fabric tracking by choosing one of the following options: • Select the fabric on which you want to disable fabric tracking on the Product List or Connectivity Map and select Monitor > Track Fabric Changes. •...
Fabric tracking • Device Ports—This table shows a brief summary of the device ports including status (whether the device port will be added ( ) or removed ( ) from the fabric), device type, port, port WWN, node WWN, and attached port number. •...
Page 177
Fabric tracking • Device Ports—This table shows a brief summary of the device ports including status (whether the device port will be added ( ) or removed ( ) from the fabric), device type, port, port WWN, node WWN, and attached port number. •...
Page 178
Fabric tracking Brocade Network Advisor SAN User Manual 53-1002167-01...
User accounts User accounts NOTE You must have User Management Read and Write privileges to add new accounts, set passwords for accounts, and apply roles to the accounts. For a list of privileges, refer to “User Privileges” page 961. Management application user accounts contain the identification of the Management application user, as well as privileges, roles, and AORs assigned to the user.
User accounts 12. Assign roles and AORs by selecting the role or AOR in the Available Roles / AOR table and click the right arrow button to move the role or AOR to the Selected Roles / AOR table. Select multiple roles or AORs by holding down the CTRL key and clicking more than one role or AOR.
User accounts 12. Assign roles and AORs by selecting the role or AOR in the Available Roles / AOR table and click the right arrow button to move the role or AOR to the Selected Roles / AOR table. Select multiple roles or AORs by holding down the CTRL key and clicking more than one role or AOR.
User accounts 12. Assign roles and AORs by selecting the role or AOR in the Available Roles / AOR table and click the right arrow button to move the role or AOR to the Selected Roles / AOR table. Select multiple roles or AORs by holding down the CTRL key and clicking more than one role or AOR.
User accounts 3. Remove roles and AORs by selecting the role or AOR in the Selected Roles / AOR table and click the left arrow button to move the role or AOR to the Available Roles / AOR table. Select multiple roles or AORs by holding down the CTRL key and clicking more than one role or AOR.
User accounts Deleting a user account NOTE You cannot delete the default "Administrator" user account. To permanently delete a user account from the server, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user you want to delete in the Users table and click Delete. 3.
Password policies Password policies NOTE You must have User Management Read and Write privileges to configure password policy. Passwords are an important aspect of computer security. They are the front line of protection for user accounts. The purpose of the password policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.
Page 187
Password policies d. Enter the minimum number of lowercase characters required in the Lower Case Characters field. Only enabled when the Empty Password - Allow check box is clear. Valid values are 0 through 127. The default is 0. e. Enter the minimum number of digits required in the Number of Digits field. Only enabled when the Empty Password - Allow check box is clear.
User profiles 10. Click Yes on the confirmation message. 11. Click Close to close the Users dialog box. Viewing password policy violators To view password policy violators, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2.
User profiles Viewing your user profile To view your user profile, complete the following steps. 1. Select Server > User Profile. The User Profile dialog box displays the following information: • User ID—Displays your user identifier. • Full Name—Displays the name if entered while adding a user; otherwise, this field is blank. •...
User profiles 5. Change your phone number in the Phone Number field. 6. Select the E-mail Notification Enable check box to enable e-mail notification. Clear the E-mail Notification Enable check box to disable e-mail notification. Click Filter to set up basic event filters. For step-by-step instructions about setting up basic event filters, refer to “Setting up basic event filtering”...
User profiles Resetting optional messages To reset all Management application optional messages to their default behaviors, complete the following steps. 1. Select Server > User Profile. The User Profile dialog box displays. 2. Click Optional Messages Reset. The Password Policy dialog box displays. 3.
Roles Roles NOTE You must have User Management Read and Write privileges to view, add, modify, or delete roles. A role is a group of Management application tasks or privileges that can be assigned to several users who have similar functions. When you create a role, it immediately becomes available in the Users dialog box.
Roles 3. Add read and write access by selecting the features to which you want to allow read and write access in the Available Privileges list and click the right arrow button to move the features to the Read & Write Privileges list. Select multiple features by holding down the CTRL key and clicking more than one privilege.
Roles Copying a role You can create a new role by copying an existing one. When you copy a role, you copy the selected privileges in that role. To copy an existing role, complete the following steps. 1. Select Server > Users. The Users dialog box displays.
Areas of responsibility Deleting a role To delete a role, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the role you want to delete in the Roles table and click Delete. 3. Click Yes on the confirmation message. 4.
Areas of responsibility 6. Click OK to save the new AOR and close the Add AOR dialog box. The new AOR displays in the AOR list of the Users dialog box. Click Close to close the Users dialog box. Assigning products to an AOR You can assign fabricsand hosts to an AOR from the Add, Edit, or Duplicate AOR dialog box.
Areas of responsibility Copying an AOR To create a new AOR by copying an existing one, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the AOR you want to copy in the AOR table and click Duplicate. The Duplicate AOR dialog box displays.
LDAP authorization Deleting an AOR To delete an AOR, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the AOR you want to delete in the AOR table and click Delete. 3. Click Yes on the confirmation message. 4.
LDAP authorization 10. Click OK. The Active Directory Groups table displays with all first level Active Directory groups available in the specified LDAP server, as well as any Active Directory groups already mapped in the Management server (Local database). To assign or remove roles and AORs, refer to “Assigning roles and AORs to an Active Directory group”...
LDAP authorization Deleting an Active Directory group To delete an Active Directory group, complete the following steps. 1. Select one or more Active Directory groups that you want to delete from the Active Directory Groups table. 2. Click Delete. 3. Click Yes on the confirmation message. 4.
About call home About call home NOTE Call Home is supported on Windows systems for all modem and E-mail call home centers and is supported on Unix for the E-mail call home centers. Call Home notification allows you to configure the Management application Server to automatically send an e-mail or dial-in to a support center to report system problems on specified devices (Fabric OSand M-EOS switches, routers, and directors).
About call home • Adds an entry to the Master Log file and screen display. • Generates a XML report (only available with EMC call centers) with the product details which is sent with the E-mail. • Generates an HTML report for E-mail-based Call Home centers. For more information about Call Home events, refer to “Call Home Event Tables”...
Showing a call home center Showing a call home center To show a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays (Figure 55). FIGURE 55 Call Home dialog box 2.
Hiding a call home center Hiding a call home center NOTE Before you can hide a call home center, you must remove all assigned products. To hide a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays.
Page 206
Editing a call home center FIGURE 57 Configure Call Home Center dialog box (Brocade International or IBM option) 4. Make sure the call home center type you selected displays in the Call Home Centers list. 5. Select Enable to enable this call home center. 6.
Editing a call home center Editing the Brocade North America call home center Modem call home centers are only available for Brocade. To edit this call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays.
Editing a call home center Editing an E-mail call home center E-mail call home centers are available for Brocade, IBM, and Oracle. To edit one of these call home centers, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays.
Editing a call home center 14. Enter a password in the SMTP Server Settings - Password field. This is a required field when the SMTP server authentication is enabled. 15. Enter the e-mail address for replies in the E-mail Notification Settings - Reply Address field. 16.
Editing a call home center Enter the path to the ConnectEMC application in the ConnectEMC field or browse to the ConnectEMC application location. 8. Enter the phone number or extension of the local server in the Local Server - Modem # field. 9.
Enabling a call home center Enter the port number (default is 2069) of the call home center in the Port field 8. Click Send Test to test the address. The selected call home center must be enabled to test the IP address. A faked event is generated and sent to the selected call home center.
Testing the call home center connection Testing the call home center connection Once you add and enable a call home center, you should verify that call home is functional. To verify call home center functionality, complete the following steps. 1. Select Monitor > Event Notification > Call Home. 2.
Viewing Call Home status Viewing Call Home status You can view call home status from the main Management application window or from the Call Home Notification dialog box. The Management application enables you to view the call home status at a glance by providing a call home status icon on the Status Bar.
Assigning a device to the call home center Assigning a device to the call home center Discovered devices (switches, routers, and directors) are not assigned to a corresponding call home center automatically. You must manually assign each device to a call home center before you use call home.
Removing all devices and filters from a call home center Removing all devices and filters from a call home center To remove all devices and filters from a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays.
Assigning an event filter to a call home center Assigning an event filter to a call home center Event filters allow call home center users to log in to a Management server and assign specific event filters to the devices. This limits the number of unnecessary or ‘acknowledge’ events and improves the performance and effectiveness of the call home center.
Overwriting an assigned event filter Overwriting an assigned event filter A device can only have one event filter at a time; therefore, when a new filter is applied to a device that already has a filter, you must confirm the new filter assignment. To overwrite an event filter, complete the following steps.
Removing an event filter from a device Removing an event filter from a device To remove an event filter from a device, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.
Creating a customized view Creating a customized view You may want to customize the Product List and Connectivity Map to simplify management of large SANs by limiting the topology size or Product List columns. For each customized view, you can specify the fabrics and hosts that display on the Connectivity Map, as well as the columns and device groupings that display on the Product List.
Editing a customized view 3. Click the Fabrics tab. 4. In the Available Fabrics table, select the fabrics you want to include in the view and click the right arrow button to move your selections to the Selected Fabrics and Hosts table. To select more than one row, press CTRL and click individual rows.
Page 222
Editing a customized view FIGURE 64 Edit View dialog box - Fabrics tab 2. Click the Fabrics tab. 3. In the Available Fabrics table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table. 4.
Deleting a customized view Deleting a customized view To delete a customized view, use the following procedure. 1. Select View > Manage View > Delete View > View_Name. 2. Click Yes on the message. If you delete the current view, the view changes to the default view (View All). Copying a view To copy a customized view, use the following procedure.
SAN topology layout SAN topology layout You can customize various parts of the topology, including the layout of devices and connections and groups’ background colors, to easily and quickly view and monitor devices in your SAN. The following menu options are available on the View menu. Use these options to customize the topology layout.
Customizing the layout of devices on the topology Customizing the layout of devices on the topology You can customize the layout of devices by group type or for the entire Connectivity Map. Customizing the layout makes it easier to view the SAN and manage its devices. Group types include Fabric, Host, Storage, Router and Switch groups.
Customizing the layout of connections on the topology 3. Select the Set as Default Layout check box to set your selection as the default. 4. Click OK on the Map Display Properties dialog box. Customizing the layout of connections on the topology You can change the way inter-device connections display on the topology.
Reverting to the default background color 3. Select or specify a color and preview it in the Preview pane. • To pick a color from a swatch, select the Swatches tab. Select a color from the display. • To specify a color based on hue, saturation, and brightness, click the HSB tab. Specify the hue (0 to 359 degrees), saturation (0 to 100%), and brightness (0 to 100%).
Changing the port label Changing the port label To change the port label, complete the following steps. 1. Select a port in the Connectivity Map or Product List. 2. Select View > Port Label, and select one of the following options: •...
Grouping on the topology Grouping on the topology To simplify management, devices display in groups. Groups are shown with background shading and are labeled appropriately. You can expand and collapse groups to easily view a large topology. Collapsing groups To collapse a single group on the topology, choose one of the following options: •...
Grouping on the topology Configuring custom connections NOTE Active zones must be available on the fabric. To create a display of the connected end devices participating in a single zone or group of zones, complete the following steps. 1. Choose one of the following options: •...
Customizing the main window Deleting a custom connection configuration NOTE Active zones must be available on the fabric. To delete a custom connection configuration, complete the following steps. 1. Choose one of the following options: • Select a fabric on the topology and select View > Connected End Devices > Custom. •...
Customizing the main window b. Select a zoom percentage. Click OK to save your changes and close the Zoom dialog box. Zooming out To zoom out of the Connectivity Map, use one of the following methods: • Click the zoom-out icon ( ) on the Connectivity Map toolbar. •...
Customizing the main window 4. Click Save. If the file name is a duplicate, a message displays. Click Yes to replace the image or click No to go back to the Export Topology To PNG File dialog box and change the file name. The File Download dialog box displays.
Page 234
Customizing the main window FIGURE 70 Customize Columns dialog box 2. Choose from the following options: • Select the check box to display a column. Select the column name and click Show. • Clear the check box to hide a column. Select the column name and click Hide.
Page 235
Customizing the main window Resizing the columns You can resize a single column or all columns in the table. To resize a single column, right-click the column header and select Size Column to Fit or Table > Size Column to Fit. To resize all columns in the table, right-click anywhere in the table and select Size All Columns to Fit or Table >...
Search Searching for information in a table You can search for information in the table by any of the values found in the table. 1. Right-click anywhere in the table and select Table > Search. The focus moves to the Search field. FIGURE 71 Search field 2.
Search Searching for a device You can search for a device by name, WWN, or device type. When searching in the Connectivity Map, make sure you search the right view (View > Manage View > Display View > View_Name) with the appropriate options of port display (View >...
Search 3. Enter your search criteria in the search field. • Text—Enter a text string in the search text box. This search is case sensitive. For example, you can enter the first five characters in a device name. All products in the Product List that contain the search text display highlighted.
Starting third-party tools from the application Starting third-party tools from the application You can open third-party tools from the Tools menu or a device’s shortcut menu. Remember that you cannot open a tool that is not installed on your computer. You must install the tool on your computer and add the tool to the Tools menu or the device’s shortcut menu.
Launching an Element Manager Launching an Element Manager Element Managers are used to manage Fibre Channel switches and directors. You can open a device’s Element Manager directly from the application. To launch a device’s Element Manager, complete the following steps. On the Connectivity Map, double-click the device you want to manage.
Launching Web Tools Launching Web Tools Use Web Tools to enable and manage Fabro OS access gateway, switches, and directors. You can open Web Tools directly from the application. For more information about Web Tools, refer to the Brocade Web Tools Administrator’s Guide. For more information about Fabro OS access gateway, switches, and directors, refer to the documentation for the specific device.
Launching FCR configuration Launching FCR configuration Use FCR Configuration to launch the FC Routing module, which enables you to share devices between fabrics without merging the fabrics. You can open the FC Routing module directly from the Management application. For more information about FC Routing, refer to the Brocade Web Tools Administrator’s Guide.
Launching Name Server Launching Name Server Use Name Server to view entries in the Simple Name Server database. You can open the Name Server module directly from the Management application. For more information about Name Server, refer to the Brocade Web Tools Administrator’s Guide. NOTE You must have Element Manager - Product Administration privileges for the selected device to launch Web Tools.
Launching HCM Agent Launching HCM Agent Use Fabric OS HCM Agent to enable and manage Fabric OS HBAs. You can open HCM Agent directly from the application. For more information about HCM Agent, refer to the HCM Agent Administrator’s Guide. For more information about Fabric OS HBAs, refer to the documentation for the specific device.
Launching Fabric Watch Launching Fabric Watch Use Fabric Watch as an health monitor that allows you to enable each switch to constantly monitor its SAN fabric for potential faults and automatically alerts you to problems long before they become costly failures.. For more information about Fabric Watch, refer to the Fabric Watch Administrator’s Guide.
Adding a tool Adding a tool You can specify third-party tools so they appear on the Setup Tools dialog box. From there, you can add them to the Tools menu and then open the tools directly from the Management application. To add a tool, complete the following steps.
Entering the server IP address of a tool Entering the server IP address of a tool If the third-party tool is a web-based application, you must enter the IP address of the applications server as a parameter to be able to open the application. To enter the server IP address, complete the following steps.
Page 249
Adding an option to the Tools menu FIGURE 73 Setup Tools dialog box (Tools menu tab) 3. Type a label for the option as you want it to appear on the Tools menu in the Menu Text field. 4. Select the application from the Tool list, or click Define if you want to specify a new tool. To specify a new tool, refer to “Adding a tool”...
Changing an option on the Tools menu Changing an option on the Tools menu You can edit parameters for third-party tools that display on the Tools menu. To edit a option to the tools menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays.
Adding an option to a device’s shortcut menu Adding an option to a device’s shortcut menu You can add an option to a device’s shortcut menu. To add an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays.
Changing an option on a device’s shortcut menu Changing an option on a device’s shortcut menu You can change the parameters for a tool that displays on a device’s shortcut menu. To edit an option to the device’s shortcut menu, complete the following steps. 1.
Removing an option from a device’s shortcut menu Removing an option from a device’s shortcut menu You can remove a tool that displays on a device’s shortcut menu. To remove an option to the device’s shortcut menu, complete the following steps. 1.
Microsoft System Center Operations Manager (SCOM) plug-in SCOM plug-in requirements • Make sure you import the Management application management pack (Management_Application_Name.FabricView.xml) to the SCOM Server prior to registering the SCOM Plug-in. The management pack is located in the following directory on the DVD scom/OEM_Name.
Microsoft System Center Operations Manager (SCOM) plug-in Editing a SCOM server To edit the SCOM server, complete the following steps. 1. Select Tools > Plug-in for SCOM. The Plug-in for SCOM dialog box displays. 2. Select the server you want to edit and click Edit. The Edit SCOM Server dialog box displays.
Page 256
Microsoft System Center Operations Manager (SCOM) plug-in Brocade Network Advisor SAN User Manual 53-1002167-01...
Services Launching the SMC on Linux Perform the following steps to launch the Server Management Console on Linux systems. 1. On the Management application server, go to the following directory: Install_Directory/bin 2. Type the following at the command line: ./smc sh smc Services You must be logged in at the administrator (Windows systems) or root (UNIX systems) level to stop,...
Services 3. Review the following information for each available service. • Name—The name of the server; for example, FTP Server or Database Server. • Process Name—The name of the process; for example, postgres.exe (Database Server). • Status—The status of the service; for example, started or stopped. •...
Services Starting all services NOTE The Start button restarts running services in addition to starting stopped services which causes client-server disconnect. To start all services, complete the following steps. 1. Launch the Server Management Console. 2. Click the Services tab. 3.
Changing server port numbers Changing server port numbers Use the Ports tab of the Server Management Console to change the Management application server and Web server port numbers. The default Web Server port number is 80. The Management application server default port number is 24600. To change the Management application server or web server port number, complete the following steps.
Page 262
AAA Settings • Know the TCP port you are using. For Radius servers, ports 1812 or 1645 (actually UDP ports) are commonly used. Check with the Radius server vendor if you are not sure which port to specify. • Know how long you want to wait between attempts to reach the server if it is busy. This is expressed as a timeout value (default is 3 seconds) in seconds.
Page 263
AAA Settings 6. Select the authentication policy (PAP or CHAP) from the Authentication Type field. Default is CHAP. Enter the shared secret in the Shared Secret and Confirm Secret fields. 8. Enter the timeout timer value (in seconds) that specifies the amount of time to wait between retries when the server is busy in the Timeout (Sec) field.
AAA Settings Configuring an LDAP server If you are using an LDAP server for authentication, make the following preparations first: • Have the IP address of the server available. • Know the TCP port you are using. The LDAP server uses Transport Layer Security (TLS). LDAP over TLS generally uses port 389.
Page 265
AAA Settings 3. Click Add. The Add or Edit LDAP Server dialog box displays (Figure 78). FIGURE 78 Add or Edit LDAP server 4. Enter the LDAP server’s IP address in the IP Address field. 5. Enter the TCP port used by the LDAP server in the TCP Port field. Default is 389.
AAA Settings Configuring a TACACS+ server To configure TACACS+ server authentication, complete the following steps. 1. Select the AAA Settings tab. 2. For Primary Authentication, select TACACS+ Server. FIGURE 79 AAA Settings tab - TACACS+ server 3. Click Add. FIGURE 80 Add or Edit TACACS+ server 4.
AAA Settings 9. Click OK to return to the AAA Settings tab. 10. Set secondary authentication by selecting one of the following options from the Secondary Authentication list: • Local Database • None 11. Set the fall back condition to secondary authentication by selecting one of the following options from the Fail Over Option list: •...
AAA Settings Enter your user ID and password and click Test. Test verifies your user ID and password on the switch and verifies user privileges on the Management application server. 8. Click Apply to save the configuration. Configuring Windows authentication Windows authentication enables you to authenticate a user account against the Windows user accounts and the Management application server when running on Windows hosts.
Restoring the database Displaying the client authentication audit trail All responses to authentication requests coming from clients are logged to an audit trail log file. This file is automatically backed up on the first day of every month. 1. Select the AAA Settings tab. 2.
Page 270
Restoring the database FIGURE 81 Restore tab 4. Click Browse to select the path (defined in the Output Directory field on the Options dialog box - Backup pane) to the database backup location. 5. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console.
Capturing technical support information Capturing technical support information The Technical Support Information tab of the SMC allows you to capture technical support information for the Management application as well as the configuration files for all switches in discovered fabrics. This information is saved in a zip file in a location that you specify. To capture technical support information, complete the following steps.
Upgrading HCM on the Management server 3. Enter the path where you want to save the support data and a name for the support save file in the Output Path field. For example, Full_Path\Support_Save_File_Name.zip. You can also browse to the location you want to save the support data and append the file name to the path when you return to the Techncial Support Information tab.
Defining the performance data aging interval Defining the performance data aging interval The Performance Data Aging tab enables you to define the performance data collection interval. NOTE Changes to the performance data aging option requires a server restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 11.X.X >...
SMI Agent configuration 5. Click Yes on the confirmation message. The server automatically restarts. 6. Click Close. SMI Agent configuration The SMIA Configuration Tool enables you to configure SMI Agent settings, such as security, CIMOM, and certificate management. This tool is automatically installed with the Management application as part of the Server Management Console.
SMI Agent configuration 3. Enter your username and password in the appropriate fields. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. 4. Select or clear the Save password check box to choose whether you want the application to remember your password the next time you log in.
SMI Agent configuration 4. Enter your username and password in the appropriate fields and click OK. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. The SMIA Configuration Tool dialog box displays. Launching a remote SMIA configuration tool To launch a remote SMIA configuration tool, complete the following steps.
Page 277
SMI Agent configuration SLP support includes the following components: • slpd script starts the slpd platform • slpd program acts as a Service Agent (SA). A different slpd binary executable file exists for UNIX and Windows systems. • slptool script starts the slptool platform-specific program •...
Page 278
SMI Agent configuration • slptool findattrs service:wbem:https://IP_Address:Port NOTE Where IP_Address:Port is the IP address and port number that display when you use the slptool findsrvs service:wbem command. Use this command to verify that Management application SMI Agent SLP service is properly advertising its WBEM SLP template over the HTTP protocol.
Page 279
SMI Agent configuration SLP on UNIX systems This section describes how to verify the SLP daemon on UNIX systems. SLP file locations on UNIX systems • SLP log—Install_Home/cimom /cfg/slp.log • SLP daemon—Install_Home/cimom /cfg/slp.conf You can reconfigure the SLP daemon by modifying this file. •...
SMI Agent configuration Verifying SLP service installation and operation on Windows systems 1. Launch the Server Management Console from the Start menu. 2. Click Start to start the SLP service. 3. Open a command window. 4. Type cd c:\Install_Home\cimom \bin and press Enter to change to the directory where slpd.bat is located.
SMI Agent configuration Accessing Management application features To access Management application features such as, fabric and host discovery, role-based access control, application configuration and display options, server properties, as well as the application name, build, and copyright, complete the following steps. 1.
Page 282
SMI Agent configuration 1. Click the Authentication tab. FIGURE 87 Authentication tab 2. Select the Enable Client Mutual Authentication check box, as needed. If the check box is checked, CIM client mutual authentication is enabled. If the check box is clear (default), client mutual authentication is disabled.
SMI Agent configuration 1. Click the Authentication tab. 2. Choose from one of the following options: • Select No Authentication to allow the CIM client to query the CIMOM server without providing credentials; however, note that the CIMOM server requires the Management application credentials to connect to the Management application server to retrieve the required data.
Page 284
SMI Agent configuration Configuring the SMI Agent port number To configure the SMI Agent port number, complete the following steps. 1. Click the CIMOM tab. FIGURE 88 CIMOM tab 2. Select or clear the Enable SSL check box, to enable or disable SSL for the SMI Agent. NOTE Disabling SSL will disable Indication and Client Mutual Authentication.
Page 285
SMI Agent configuration 4. Click Apply. NOTE Changes on this tab take effect after the next CIMOM server restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 11.X.X > Server Management Console). If you disabled SSL, a confirmation message displays.
Page 286
SMI Agent configuration Configuring the CIMOM log NOTE You must have SAN - SMI Operation Read and Write privileges to view or make changes on the CIMOM tab. To configure the CIMOM log, complete the following steps. 1. Click the CIMOM tab. 2.
SMI Agent configuration Certificate management NOTE You must have SMI Operation Read and Write privileges to view or make changes on the Certificate Management tab. The Certificate Management tab enables you to manage your CIM client and Indication authentication certificates. Using this tab, you can perform the following operations: •...
Page 288
SMI Agent configuration 5. Click Import. The new certificate displays in the Certificates list and text box. If the certificate location is not valid, an error message displays. Click OK to close the message and reenter the full path to the certificate location. If you did not enter a certificate name, an error message displays.
SMI Agent configuration Deleting a certificate NOTE You must have SMI Operation Read and Write privileges to view or make changes to the Certificate Management tab. To delete a certificate, complete the following steps. 1. Click the Certificate Management tab. 2.
Page 290
SMI Agent configuration 1. Click the Summary tab. FIGURE 90 Summary tab 2. Review the summary. NOTE When the CIMOM server is stopped, the server configuration information does not display on the Summary tab. The following information is included in the summary. Field/Component Description Client Mutual Authentication...
Page 291
SMI Agent configuration Field/Component Description Log Level Displays the log level for the Server Configuration and the Current Configuration. Options include the following: • 10000—Off • 1000—Severe • 900—Warning • 800—Info (default) • 700—Config • 500—Fine • 400—Finer • 300—Finest •...
Page 292
SMI Agent configuration Brocade Network Advisor SAN User Manual 53-1002167-01...
Configuration repository management Saving switch configurations NOTE Save switch configuration is only supported on Fabric OS switches. NOTE To save switch configuration on more than one switch at a time, you must have the Enhanced Group Management license. Configuration files are uploaded from the selected switches and stored in individual files. Files are named with the convention cfg_fabricName_switchName_domainID.
Configuration repository management Restoring a switch configuration for a selected device The Restore Switch Configuration dialog box enables you to download a previously saved switch configuration to a selected device. To restore a switch configuration, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Restore.
Configuration repository management Backing up a switch configuration NOTE The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all fabrics discovered.
Page 297
Configuration repository management 3. Set the Schedule parameters. These include the following: The desired Frequency for backup operations (daily, weekly, monthly). The Day you want back up to run. If Frequency is Daily, the Day list is grayed out. If Frequency is Weekly, choices are days of the week (Sunday through Saturday). If Frequency is Monthly, choices are days of the month (1 through 31).
Configuration repository management Restoring a configuration from the repository If you delete a fabric or switch from discovery, the configuration remains in the repository until you delete it manually. Stored configurations are linked to the switch WWN; therefore, if the IP address or switch name is changed and then rediscovered, the Switch Configuration Repository dialog box displays the new switch name and IP address for the old configuration.
Configuration repository management Viewing configuration file content NOTE This feature requires a Trial or Licensed version. You can view switch configuration file content in a text file. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository.
Configuration repository management Searching the configuration file content NOTE This feature requires a Trial or Licensed version. To search the configuration file content, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository.
Configuration repository management Deleting a configuration NOTE This feature requires a Trial or Licensed version. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2.
Configuration repository management Keeping a copy past the defined age limit NOTE This feature requires a Trial or Licensed version. 1. Right click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2.
Enhanced group management Enhanced group management Use Enhanced Group Management (EGM), a separate licensed feature, to control access to specific features on Fabric OS devices. The features affected include the following: • Firmware Download - enables you to perform group firmware download. For specific instructions for firmware download, refer to “Firmware management”...
Firmware management Displaying the firmware repository The firmware repository is available on the Firmware Management dialog box. The Management application supports .zip and .gz compression file types for firmware files. 1. Select Configure > Firmware Management. The Firmware Management dialog box displays. 2.
Firmware management Importing a firmware file and release notes Firmware files and release notes can be imported into the Firmware Repository. 1. Select Configure > Firmware Management. The Firmware Management dialog box displays. 2. Select the Repository tab (Figure 97). 3.
Firmware management Download firmware NOTE Non-disruptive firmware download (HCL) is not supported when downgrading from Fabric OS version 6.2 to 6.1. You must remove all non-default logical switches and disable Virtual Fabrics before downgrading. NOTE You cannot use Fabric OS firmware download with command line options in the Management application.
Page 307
Firmware management 6. To download the firmware to the selected switches one at a time, select the Serial download check box. Use the Up and Down buttons to determine the order in which the firmware is downloaded to the switches. If firmware download fails on one switch, all other switches in the queue will be skipped.
Properties Properties You can customize the device and fabric Properties dialog boxes to display only the data you need by adding, editing, and deleting property labels. You can also edit property fields to change information. Viewing Fabric properties To view the properties for a fabric, complete the following step. 1.
Properties Viewing device properties To view the properties for a device or, complete the following step. 1. Right-click any product icon and select Properties. The Properties dialog box displays, with information related to the selected device (such as, switches, directors, HBAs, trunks, tunnels, and nodes). Depending on the device type, some of the properties listed in the following table may not be available for all products.
Page 310
Properties TABLE 17 Device properties (Continued) Field/Component Description IP Address The device’s IP address. IPSec Policy # The IPSec policy number. Also includes the following information: • Authentication Algorithm • Encryption Algorithm • SA Life L2 Capable Whether the device is Layer 2 capable. L3 Capable Whether the device is Layer 3 capable.
Page 311
Properties TABLE 17 Device properties (Continued) Field/Component Description State The device’s state, for example, online or offline. Status The operational status. Switch Name The switch name. Switch IP The switch IP address. Switch WWN The switch world wide name. Tape Pipelining Whether tape pipelining is On or Off for the FCIP tunnel.
Properties Adding a property label You can add a new field to any of the tabs on the Properties dialog box. To add a new field, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays. 2.
Properties Deleting a property label You can delete any label that you created on any of the tabs from the Properties dialog box. To delete a label, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays. 2.
Ports Ports You can enable and disable ports, as well as view port details, properties, type, status, and connectivity. Viewing port connectivity The connected switch and switch port information displays for all ports. To view port connectivity, choose one of the following steps: •...
Page 315
Ports The following table details the information located (in alphabetical order) on the Port Connectivity View dialog box. TABLE 18 Port connectivity properties Field Description Actual Distance The actual distance for -end port connectivity. Area ID /Port Index The area ID and the port index of the port. Blade Number The number of the blade.
Page 316
Ports TABLE 18 Port connectivity properties (Continued) Field Description Device Port/Switch Name The device port and switch name. Device Port/Switch State The device port and switch state. Device Port/Switch Manufacturer The device port and manufacturer of the switch. Device Port/Switch Manufacturing Plant The device port and switch manufacturing plant.
Ports TABLE 18 Port connectivity properties (Continued) Field Description Switch IDID Whether the switch’s insistent domain ID (IDID) is enabled. If it is enabled, the IDID is the same ID that is requested during switch reboots, power cycles, CP failovers, firmware downloads, and fabric reconfiguration.
Ports Filtering port connectivity To filter results from the port connectivity view, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box The Filter dialog box displays (Figure 101). FIGURE 101 Filter dialog box 2.
Ports Resetting the filter Reset immediately clears all existing definitions. You cannot cancel the reset. To reset the Filter dialog box, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box. The Filter dialog box displays. 2.
Ports Viewing ports and port properties To view ports on the Connectivity Map, right-click a product icon and select Show Ports. NOTE Show Ports is not applicable when the map display layout is set to Free Form (default). NOTE This feature is only available for connected products. On bridges and CNT products, only utilized Fibre Channel ports display;...
Page 321
Ports Depending on the port type, some of the following properties (Table 19) may not be available for all products. TABLE 19 Port properties Field Description # Virtual Session Ports The number of virtual session ports associated with the GE port. Additional Port Info Additional error information relating to the selected port.
Page 322
Ports TABLE 19 Port properties (Continued) Field Description MAC Address The Media Access Control address assigned to a network adapters or network interface cards (NICs). Manufacturer Plant The name of the manufacturer plant. Modify button Click to launch the Element Manager. Model The model number of the device.
Ports TABLE 19 Port properties (Continued) Field Description Vendor The product vendor. Virtual FCoE Port Count The number of FC ports on the device. Port types On the Connectivity Map, right-click a switch icon and select Show Ports. The port types display showing which ports are connected to which products.
Ports Viewing port connection properties You can view the information about products and ports on both sides of the connection. 1. Right-click the connection between two end devices on the Connectivity Map and select Properties. Double-click the connection between two devices on the Connectivity Map. The Connection Properties dialog box displays.
Page 325
Ports TABLE 21 Port connection properties (Continued) Field Description 2-WWPN The world wide port number of the second switch. 2-MAC Address The MAC address of the second switch. 2-IP Address The IP address of the second switch. 2-Trunk Whether there is a trunk on the second switch. 2-Speed (Gbps) The speed of the second switch.
Page 326
Ports TABLE 21 Port connection properties (Continued) Field Description Name The name of the switch. NPIV Enabled Whether the NPIV port is enabled. Parameter The parameter of the switch. Physical/Logical Whether the port is a physical port or a logical port. PID Format The port ID format of the switch.
Ports Determining inactive iSCSI devices For router-discovered iSCSI devices, you can view all of the inactive iSCSI devices in one list. To do this, use the Ports Only view and then sort the devices by FC Address. The devices that have an FC address of all zeros are inactive.
Ports Viewing port optics NOTE QSFP ports do not display in the Port Optics dialog box. To view port optics, complete the following steps. 1. Right-click the switch for which you want to view port optic information on the Connectivity Map and select Port Optics (SFP).
Page 329
Ports Status icons: Warning icon—One of the five parameters exceeds the threshold of that parameter. The corresponding parameter field displays with a yellow background. No icon—No parameters exceed the threshold of that parameter. Unknown icon—The port is not a 16 Gbps capable port or the device is running ...
Port Auto Disable 3. Sort the results by clicking on the column header. 4. Rearrange the columns by dragging and dropping the column header. 5. Click Close to close the Port Optics (SFP) dialog box. Refreshing port optics To refresh port optics, click Refresh. The Management application retrieves updated port optic information.
Port Auto Disable Viewing the port auto disable status NOTE The device must be running Fabric OS 6.3 or later. To view the port auto disable status, complete the following steps. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays. FIGURE 105 Port Auto Disable dialog box 2.
Port Auto Disable • Loss of Sync—Whether the Loss of Sync event is enabled or disabled in port auto disable. • Loss of Signal—Whether the Loss of Signal event is enabled or disabled in port auto disable. • OLS—Whether the Offline Primitive Sequence event is enabled or disabled in port auto disable.
Port Auto Disable 6. Select one or more of the following event types: • Port Auto Disable • Loss Of Sync—Requires devices running Fabric OS 7.0 or later. • Loss Of Signal—Requires devices running Fabric OS 7.0 or later. • OLS (Offline Primitive Sequence)—Requires devices running Fabric OS 7.0 or later.
Port Auto Disable Enabling port auto disable on all ports on a device NOTE The device must be running Fabric OS 6.3 or later. To enable port auto disable on all ports on a device, complete the following steps. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays.
Port Auto Disable 6. Clear any of the following selected event types. • Port Auto Disable • Loss Of Sync—Requires devices running Fabric OS 7.0 or later. • Loss Of Signal—Requires devices running Fabric OS 7.0 or later. • OLS (Offline Primitive Sequence)—Requires devices running Fabric OS 7.0 or later. •...
Port Auto Disable Unblocking ports NOTE The device must be running Fabric OS 6.3 or later. To unblock ports, complete the following steps. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to enable port auto disable (PAD) from the Fabric list. 3.
Creating a new Host Creating a new Host To create a new Host, complete the following steps. 1. Right-click an HBA icon and select Host Port Mapping. The Host Port Mapping dialog box displays. FIGURE 106 Host Port Mapping dialog box 2.
Deleting an HBA Host Deleting an HBA Host To delete a Host, complete the following steps. 1. Right-click an HBA icon and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Select the Host you want to delete in the Hosts table. 3.
Importing HBA-to-Host mapping Importing HBA-to-Host mapping The Host Port Mapping dialog box enables you to import externally created HBA ports-to-Host mapping information into the application. The imported file must be in CSV format. The first row must contain the headers (wwn, name) for the file. Example wwn,name 20:00:00:00:C9:69:D5:27, s1...
Removing an HBA from a Host • Checks for existing mappings in the current map. If a mapping already exists, a message displays with the current mapping information. Click Yes to overwrite the current mapping. Click Yes to All to overwrite all mapping conflicts.
Page 342
Exporting Host port mapping 4. Browse to the location where you want to save the export file. Depending on your operating system, the default export location are as follows: • Desktop\My documents (Windows) • \root (Linux) 5. Enter a name for the files and click Save. 6.
Creating a storage array Creating a storage array To create a storage array, complete the following steps. 1. Open the Storage Port Mapping dialog box by performing one of the following actions: Select a storage port icon in the topology view, then select Discover > Storage Port Mapping.
Unassigning a storage port from a storage array Unassigning a storage port from a storage array To unassign a storage port from a storage array, complete the following steps. 1. Open the Storage Port Mapping dialog box by performing one of the following actions: Select a storage port icon in the topology view, then select Discover >...
Editing storage array properties Editing storage array properties To edit storage array properties, complete the following steps. 1. Open the Storage Port Mapping dialog box by performing one of the following actions: Select a storage port icon in the topology view, then select Discover > Storage Port Mapping.
Viewing storage port properties Viewing storage port properties 1. Open the Storage Port Mapping dialog box by performing one of the following actions: Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. Right-click any storage port icon in the topology view and select Storage Port Mapping. Right-click any storage port in the Device Tree and select Storage Port Mapping.
Importing storage port mapping Importing storage port mapping The Storage Port Mapping dialog box enables you to import externally created storage port mapping information into the application. The imported file must be in CSV format. The first row must contain the headers (wwn, name) for the file, which is ignored during the import. Example wwn,name 20:00:00:04:CF:BD:89:6E,name1...
Exporting storage port mapping When import is complete a result summary displays with the following information (“Import Results” on page 305). TABLE 23 Import Results Value Definition Total Valid Input Records Number of lines identified in the CSV file without any errors (excluding the Header).
Page 350
Exporting storage port mapping 3. Click Export. The Export dialog box displays. 4. Browse to the location where you want to save the export file. Depending on your operating system, the default export location are as follows: • Desktop\My documents (Windows) •...
HCM software • HCM supports management for individual adapters (1/4/8 Gbps HBAs), 10 Gbps CNAs, 16 Gbps FC adapters, and other devices, such as the host, DCB ports, FCoE ports, and Ethernet ports. The Management application, in conjunction with HCM, provides end-to-end management capability.
Host bus adapters • Diagnostics, which enables you to test the adapters and the devices to which they are connected: Link status of each adapter and its attached devices Loopback test, which is external to the adapter, to evaluate the ports (transmit and receive transceivers) and the error rate on the adapter Read/write buffer test, which tests the link between the adapter and its devices FC protocol tests, including echo, ping, and traceroute...
Converged network adapters Converged network adapters Table 25 describes available Brocade Converged Network Adapters (CNAs) for PCIe x 8 host bus interfaces, hereafter referred to as Brocade CNAs. These adapters provide reliable, high-performance host connectivity for mission-critical SAN environments. TABLE 25 Brocade Fibre Channel CNA models Model Number Port Speed...
Fabric adapters Fabric adapters Table 26 describes available Brocade 1860 Fabric Adapter models. The BR-1860 provides dual mode support for the port. TABLE 26 Brocade Fabric adapter models Model Number Port Speed Number of Ports Adapter Type BR-1860-1F 16 Gbps FC HBA or 10 Gbps CNA Fabric BR-1860-2F 16 Gbps FC HBA or 10 Gbps CNA...
Connectivity map Connectivity map The Connectivity Map, which displays in the upper right area of the main widow, is a grouped map that shows physical and logical connectivity of Fabric OS components, including discovered and monitored devices and connections. These components display as icons in the Connectivity Map. For a list of icons that display in the Connectivity Map, refer to the following tables in Chapter 1, “Getting...
Page 357
Host port mapping If you create a new Host and associate HBAs to it, and then you try to discover a host with the same HBAs using Host discovery, the HBA’s discovered using host discovery must match the HBAs associated to the Host exactly; otherwise, Host discovery will fail. Instructions for mapping a Host to HBAs are detailed in Chapter 11, “Host Port Mapping”...
Adapter software Adapter software The Adapter Software dialog box allows you to perform the following tasks: • Select and import a driver file or delete existing drivers from the driver repository • Update the driver to the hosts. This feature is available for hosts that are disovered through the Host Connectivity Manager (HCM) agent with driver version 2.3.0.0 and higher.
Adapter software Driver repository You can access the Driver Repository dialog box from the Adapter Software dialog box. Initially, the repository is empty. You must import files into the repository. Imported driver files are then displayed in the Available Driver Files list in the Driver Repository dialog box. Importing a driver into the repository To import drivers into the Management application, perform the following tasks.
Adapter software Deleting a boot image from the repository 1. Select one or more driver files from the Available Driver Files list on the Driver Repository dialog box. 2. Click Delete. The driver file is removed from the Driver Repository dialog box. NOTE Windows drivers (.exe files) cannot be imported into the server repository when the Management application server is running on Linux or Solaris platforms.
Page 361
Adapter software Importing a boot image into the repository To import boot images into the Management application, perform the following tasks. 1. From the Boot Image Management dialog box, click the Repository button. The Boot Image Repository dialog box, shown in Figure 110, displays.
Page 362
Adapter software Downloading a boot image to a selected host To download boot images to a selected host, perform the following tasks. 1. Select one or more hosts from the Available Hosts list on the Boot Image Management dialog box, and click the right arrow button to move the selected hosts to the Selected Hosts list. You can select up to 50 hosts.
Role-based access control Role-based access control The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to assign users to a role within the resource group. The Management application provides one pre-configured resource group (All Fabrics). When you create a resource group, all available roles are automatically assigned to the resource group.
Host performance management Host performance management Real-time performance enables you to collect data from managed HBA and CNA ports. You can use real-time performance to configure the following options: • Select the polling rate from 20 seconds up to 1 minute. •...
Host security authentication TABLE 27 Counters (Continued) FC port measures HBA port measures CNA port measures Received length error frames Received code error frames Instructions for generating real-time performance data are detailed in “Generating a real-time performance graph” on page 783. Host security authentication Fibre Channel Security Protocol (FC-SP) is a mechanism used to secure communication between two switches or between a switch and a device such as an HBA port.
supportSave on adapters a. Select the Enable Authentication check box to enable or disable the authentication policy. If authentication is enabled, the port attempts to negotiate with the switch. If the switch does not participate in the authentication process, the port skips the authentication process.
Host fault management Host fault management Fault management enables you to monitor your SAN using the following methods: • Monitor logs for specified conditions and notify you or run a script when the specified condition is met. • Create event-based policies, which contain an event trigger and action. •...
Backup support Syslog forwarding NOTE Syslog messages are only available on Brocade devices and HBAs (managed using the HCM Agent). Syslog forwarding is the process by which you can configure the Management application to send Syslog messages to other computers. Switches only send the Syslog information through port 514; therefore, if port 514 is being used by another application, you must configure the Management application to listen on a different port.
Backup support 6. Enter the time (using a 24-hour clock) you want the backup process to begin in the Next Backup Start Time Hours and Minutes fields. Select an interval from the Backup Interval drop-down list to set how often backup occurs. 8.
Adapter port WWN virtualization Adapter port WWN virtualization Adapter port world wide name (WWN) virtualization enables the adapter port to use a switch-assigned WWN rather than the physical port WWN for communication, allowing you to pre-provision the server with the following configuration tasks: •...
Page 371
Adapter port WWN virtualization Enabling the FAWWN feature on a switch or AG ports 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port from the Fabric Assigned WWN - Configuration list. 3.
Page 372
Adapter port WWN virtualization Manually assigning a FAWWN to a switch or AG port 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port or AG port from the Fabric Assigned WWN - Configuration list. 3.
Adapter port WWN virtualization Configuring Fabric Assigned WWNs on attached AG ports The Add AG Fabric Assigned WWN Configuration dialog box, shown in Figure 113, enables you to configure the Fabric Assigned WWN feature on a selected attached Access Gateway (AG) port. 1.
Page 374
Adapter port WWN virtualization FIGURE 114 Add AG Fabric Assigned WWN Configuration dialog box 5. Enter a valid world wide name (WWN), with or without colons, for the Access Gateway node. Optionally, you can select an existing AG Node WWN from the list. The AG Node WWN combo box includes all discovered AG Node WWNs that are connected to the selected switch.
VM Manager 3. Select the WWN row you want to move by right-clicking it, select the Copy Row option, and paste the contents into a text editor. 4. Select an online AG FAWWN row and click the Delete button. 5. Select a switch from the Switch list and click Add to launch the Add AG Fabric Assigned WWN Configuration dialog box.
VM Manager 6. Enable or disable the vSphere client plug-in registration. If you enable this plug-in, events are forwarded from the Management application to the vCenter server. Click OK. The VMM discovery process begins. When complete, the vCenter server and all ESX hosts managed by that vCenter display in the Host product tree.
Enhanced Ethernet features DCB exchange protocol DCB Exchange (DCBX) protocol allows enhanced Ethernet devices to convey and configure their DCB capabilities and ensures a consistent configuration across the network. DCBX protocol is used between data center bridging (DCB) devices, such as a converged network adapter (CNA) and a FCoE switch, to exchange configuration with directly-connected peers.
FCoE protocols supported Ethernet jumbo frames The basic assumption underlying FCoE is that TCP/IP is not required in a local data center network and the necessary functions can be provided with Enhanced Ethernet. The purpose of an “enhanced” Ethernet is to provide reliable, lossless transport for the encapsulated Fibre Channel traffic.
FCoE Licensing FCoE Licensing The FCoE license enables Fibre Channel over Ethernet (FCoE) functionality on the 8 Gbps 8-FC port, 10 GbE 24-DCB port Switch. Without the FCoE license, the 8 Gbps 8-FC port, 10 GbE 24-DCB port Switch is a pure L2 Ethernet switch and will not allow FCoE bridging capabilities. With the FCoE license, the FCoE Configuration dialog displays virtual FCoE port information and enables you to manage the virtual port information.
DCB configuration 2. Highlight a discovered DCB switch from the Available Switches table, and click the right arrow button to move the switch to the Selected Switches Table. 3. Highlight the selected switch and click OK to start the configuration. The running configuration is saved to the selected switch, effective on the next system startup.
Switch policies Switch policies You can configure and enable a number of DCB policies on a switch, port, or link aggregation group (LAG). The following switch policy configurations apply to all ports in a LAG: • DCB map and Traffic Class map •...
Switch policies Opening the DCB Configuration dialog box Launch the DCB Configuration dialog box using one of the following methods: • Select Configure > DCB from the menu bar. • Right-click the DCB switch from the device tree, and select Configure > DCB. •...
Page 384
Switch policies Creating a DCB map to carry the LAN and SAN traffic To create a DCB map to carry the LAN and SAN traffic, complete the following steps. This procedure is applicable for FOS versions lower than FOS 7.0. For FOS versions 7.0 and higher, you can only edit the the default DCB map.
Page 385
Switch policies Configuring LLDP for FCoE To configure LLDP for FCoE, complete the following steps. 1. Select Configure > DCB. The DCB Configuration dialog box displays. 2. Select the switch to edit in the DCB Ports and LAGs table and click Edit. The Edit Switch dialog box displays.
Page 386
Switch policies Configuring the DCB interface with the DCB Map and Global LLDP profile To configure the DCB interface, complete the following steps. 1. Select Configure > DCB. The DCB Configuration dialog box displays. 2. Select the Te port connected to the CNA in the DCB Ports and LAGs table and click Edit. 3.
Page 387
Switch policies Click OK on the VLAN Configuration dialog box. The VLAN Configuration dialog box displays. 8. Select the VLAN you created and click Edit to convert the VLAN to FCoE VLAN. 9. Select the FCoE check box. 10. Select the DCB interface to carry the FCoE traffic from the Selection List and click Add to add it to the Selected List.
Switch policies Adding a LAG Link aggregation is a mechanism to bundle several physical ports together to form a single logical channel or trunk. The collection of ports is called a link aggregation group (LAG). NOTE An internal port cannot be part of a LAG. You can create LAGs with external ports only. The Add LAG button is enabled when a single DCB switch or ports of a single DCB switch are selected.
Page 389
Switch policies 4. Configure the following LAG parameters: NOTE Ports with 802.1x authentication or ports that are L2 or L3 mode-enabled are not supported in a LAG. • Status - Enabled or Disabled. You must enable the LAG to use the DCB functionality. •...
Switch policies 9. Click Start on the Deployment Status dialog box to save the changes to the selected LAG or LAGs. 10. Click Close to close the Deployment Status dialog box. Editing a DCB switch 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions.
Switch policies 6. Click OK. The Deploy to Products dialog box displays. Click OK after changing the attributes of the current deployment. The Deployment Status dialog box launches. 8. Click Start on the Deployment Status dialog box to save the changes to the selected devices. 9.
Page 392
Switch policies 4. Modify the following DCB Port parameters as required: • Status - Enable or Disable. You must enable the LAG to use the DCB functionality. • Interface Mode - None or L2. For external ports, the L3 interface mode displays, in addition to None or L2.
Switch policies Editing a LAG Use the following procedure to change members and policies in a link aggregation group (LAG). 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions.
Page 394
Switch policies • L2 Mode - Select the L2 mode (Access or Trunk). Access mode allows only one VLAN and allows only untagged frames. Trunk mode allows more than one VLAN association and allows tagged frames. • Primary - Enter the primary IP address assigned to an L3 port. NOTE Primary and secondary IP fields are applicable only to the external ports and the interface mode must be L3 to enable these fields.
Switch policies Enabling a DCB port or LAG If you select multiple switches or multiple ports and LAGs from two or more switches, both the Enable button and the Disable button are disabled. 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions.
QoS configuration QoS configuration QoS configuration involves configuring packet classification, mapping the priority and traffic class, controlling congestion, and scheduling. The configuration of these QoS entities consist of DCB Map and Traffic Class Map configuration. In a Data Center Bridging (DCB) configuration, Enhanced Transmission Selection (ETS) and Priority-based flow control (PFC) are configured by utilizing a priority table, a priority group table, and a priority traffic table.
QoS configuration Creating a DCB map This procedure is applicable only for FOS versions lower than FOS 7.0. When you create a DCB map, each of the Class of Service (CoS) options (0-7) must be mapped to at least one of the Priority Group IDs (0-7) and the total bandwidth must equal 100. All QoS, DCB map, and Traffic map configurations apply to all ports in a LAG.
QoS configuration 4. Select DCB from the Map Type list. 5. Configure the following DCB Map parameters in the DCB Map table: • Name - Enter a name to identify the DCB map. If the switch is a 10 Gbps DCB/FC switch module, you cannot change the name.
QoS configuration 5. Keep the same DCB Map name and modify the following values, as required. See Table 28 an example of priority group configuration. • Name - Enter a name to identify the DCB map. If the switch is a 10 Gbps DCB/FC switch module, you cannot change the name.
QoS configuration Assigning a DCB map to a port or link aggregation group A port can have either a DCB map or a Traffic Class map assigned to it, but it cannot have both. 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions.
QoS configuration Creating a traffic class map 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays.
QoS configuration Deleting a traffic class map 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays.
FCoE provisioning FIGURE 126 QoS, assign a traffic class map to a port dialog box 4. Click the Assign a map check box. 5. Select Traffic Class in the Map Type list. 6. Select a Traffic Class Map in the Traffic Class Map list. When you have finished the configuration, click OK to launch the Deploy to Ports/LAGs dialog box.
FCoE provisioning Changing the VLAN ID on the default FCoE map You can change the VLAN ID on the default FCoE map only when no ports or LAGs are participating as members of the switch. You must first manually remove the FCoE Map option for each of the port members before you change the VLAN ID on the switch.
FCoE provisioning Enabling or disabling the FCoE map on the port You must first manually disable an FCoE map-enabled port if you want to edit the VLAN ID of the FCoE map. See “Changing the VLAN ID on the default FCoE map” on page 360 for information on editing the VLAN ID using the Edit Switch dialog box, FCoE tab.
VLAN classifier configuration VLAN classifier configuration The Management application supports VLAN classifier management only on Fabric OS (FOS) version 6.3.1_dcb and FOS 7.0.0. VLAN classifier rules are used to define specific rules for classifying untagged packets to selected VLANs based on protocol and MAC addresses. The classified frames are then tagged with a VLAN VLAN classifier rules can be categorized into the following areas: •...
Page 407
VLAN classifier configuration FIGURE 129 Edit Switch dialog box, VLAN Classifiers tab 4. Click the Add button under the Available Rule list. The Add Rules dialog box displays, as shown in Figure 130. FIGURE 130 Add Rules dialog box The Rule ID field is pre-populated with the next available Rule ID number. 5.
VLAN classifier configuration 9. Click OK to add the rule to the Available Rules list on the VLAN Classifiers dialog box and close the Add Rules dialog box. NOTE Clicking Apply also adds the rule to the Available Rules list on the VLAN Classifiers dialog box, and in addition, the Add Rules dialog box remains open and clears all entries for you to define the next rule.
VLAN classifier configuration Creating a VLAN classifier group You can assign existing rules to a selected VLAN classifier and form a VLAN classifier group. If no rules are available, you can add rules to a selected switch using the Add Rules dialog box. 1.
LLDP-DCBX configuration LLDP-DCBX configuration Link Layer Discovery Protocol (LLDP) provides a solution for the configuration issues caused by increasing numbers and types of network devices in a LAN environment, because, with LLDP, you can statically monitor and configure each device on a network. Data Center Bridging Capability Exchange Protocol (DCBX) enables Enhanced Ethernet devices to discover whether a peer device supports particular features, such as Priority Flow Control or Class of Service (CoS).
LLDP-DCBX configuration FIGURE 131 Edit Switch dialog box - LLDP-DCBX tab 5. Select the Global Configuration LLDP profile in the LLDP Profiles table. 6. Click the left arrow button to edit. Select the FCoE Application and FCoE Logical Link check boxes in the Advertise table to advertise them on the network.
LLDP-DCBX configuration 5. Configure the LLDP Profile parameters: • Name - Type a name for the LLDP profile. If the name of the LLDP profile already exists on the switch, an overwrite warning displays. • Description - Type a meaningful description of the LLDP profile. •...
LLDP-DCBX configuration Click the right arrow to update the LLDP Profile parameters. 8. When you have finished the configuration, click OK to launch the Deploy to Products dialog box, shown in Figure 134. Deleting an LLDP profile 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions.
Page 414
LLDP-DCBX configuration FIGURE 132 Assign an LLDP profile dialog box 4. Click Assign an LLDP profile to <port name> button to enable the feature. NOTE Assign the Global Configuration is the default. The Available Profiles list is disabled if global configuration is selected.
802.1x authentication 802.1x authentication 802.1x is a standard authentication protocol that defines a client-server-based access control and authentication protocol. 802.1x restricts unknown or unauthorized clients from connecting to a LAN through publicly accessible ports. NOTE 802.1x is not supported for internal ports. A switch must be enabled for 802.1x authentication before you configure its parameters.
802.1x authentication Setting 802.1x parameters for a port The 802.1x parameters can be configured whether the feature is enabled on the switch. The default parameters are initially populated when 802.1x is enabled, but you can change the default values as required. 1.
Product, Port, and LAG Deployment • Re-authentication Interval - The number of seconds between re-authentication attempts. The value range is 1 to 4294967295. The default value is 3600 seconds. This feature is not dependent on the re-authentication state being enabled. •...
Page 418
Product, Port, and LAG Deployment FIGURE 134 Deploy to Products dialog box FIGURE 135 Deploy to Ports dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Page 419
Product, Port, and LAG Deployment FIGURE 136 Deploy to LAGs dialog box 4. Click one of the following deployment options: • Deploy now • Save and deploy now • Save deployment only • Schedule 5. Click one of the following save configuration options: •...
Page 420
Product, Port, and LAG Deployment 8. Select one or more of the following configurations, to be deployed on the selected targets: For switches: • QoS, DCB Map • QoS, Traffic Class Map • FCoE Map • VLAN Classifiers and Rules •...
Page 421
Product, Port, and LAG Deployment Source to target switch FOS version compatibility for deployment Table 29 lists the restrictions that exist when deploying source switches to target switches. TABLE 29 Source to target switch FOS version compatibility Source FOS version and device Target FOS version supported Comments Brocade 8000 DCB switch and...
DCB Performance DCB Performance Performance monitoring provides details about the quantity of traffic and errors a specific port or device generates on the fabric over a specific time frame. You can also use Performance features to indicate the devices that create the most traffic and to identify the ports that are most congested.
DCB Performance Historical Performance Graph The Historical Performance Graph dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance graph 1. Select a DCB port from the DCB Configuration dialog box, and select Historical Graph from the Performance list.
FCoE login groups FCoE login groups The FCoE Configuration dialog box allows you to manage the FCoE login configuration parameters on the DCB switches in all discovered fabrics. FCoE login configuration is created and maintained as a fabric-wide configuration. 1. Select Configure > FCoE from the menu bar. Right-click the DCB device and select FCoE.
FCoE login groups Adding an FCoE login group Complete the following steps to add switches to a login group. You can manually add ports by entering the world wide name (WWN) or select available managed CNAs from all discovered hosts. Only directly-connected devices are supported.
FCoE login groups Click OK. The FCoE Login Group Confirmation and Status dialog displays. 8. Review the changes carefully before you accept them. 9. Click Start to apply the changes, or click Close to abort the operation. On closing the FCoE Login Group Confirmation and Status dialog box, the FCoE Configuration Dialog refreshes the data and the latest information is displayed.
FCoE login groups 3. Change the name of the login group. NOTE The Fabric field and the Switch field are read-only fields. 4. Perform one of the following editing tasks: • Rename the login group by entering the new name into the Name field. The Allow All option must be selected to rename the login group.
FCoE login groups Disabling the FCoE login management feature on a switch 1. Select Configure > FCoE from the menu bar. Right-click the DCB device and select FCoE. The FCoE Configuration dialog box displays. 2. Select an FCoE-enabled switch from the Login Groups list and click Disable. The FCoE Login Group Confirmation and Status dialog displays.
Virtual FCoE port configuration Virtual FCoE port configuration The virtual FCoE port has the following configuration features: • Displays the virtual FCoE ports on each of the DCB devices, which provides the Ethernet with bridging capability. • One-to-one mapping of FCoE ports with 10 Gbps Ethernet ports. •...
Virtual FCoE port configuration 4. Perform one of the following tasks: • Click Enable to enable a selected virtual FCoE port for DCB configuration. • Click Disable to disable a selected virtual FCoE port from DCB configuration. • Click Connected Devices to view a list of FCoE virtual ports and to what they are directly connected.
Layer 2 access control list management Fabric OS L2 ACL configuration This section provides procedures for configuring a standard for extended L2 ACL on a device, assigning the L2 ACL to an interface, as well as clearing L2 ACL assignments from a device. Creating a standard L2 ACL configuration To create a standard L2 ACL configuration, complete the following steps.
Page 433
Layer 2 access control list management The new ACL configuration displays in the ACLs table. To create additional ACLs, repeat step 2 through step 11. Click OK on the Device_Name - L2 ACL Configuration dialog box. The Deploy to Products - L2 ACL dialog box displays. To save the configuration, refer to “Saving a security configuration deployment”...
Page 434
Layer 2 access control list management d. Select the Count check box to enable counting. Count specifies the number of packets filtered (allowed or denied) for the ACL rule. e. Click the right arrow button. The new ACL entry displays in the ACL Entries table. To add additional ACL entries, repeat step 6.
Page 435
Layer 2 access control list management a. Enter the sequence number for the ACL in the Sequence field. b. Select Permit or Deny from the Action list. In the Source list, select one of the following options: • • Selecting MAC enables the Source field. Enter the source MAC address on which the configuration filters traffic in the Source field.
Page 436
Layer 2 access control list management 4. Enter a name for the ACL in the Name field. 5. Enter a sequence number for the ACL in the Sequence field. 6. Select Permit or Deny from the Action list. In the Source list, select one of the following options: •...
Page 437
Layer 2 access control list management Editing an extended L2 ACL configuration To edit an extended L2 ACL configuration on a Fabric OS device, complete the following steps. 1. Select the device and select Configure > Security > L2 ACL > Product. The Device_Name - L2 ACL Configuration dialog box displays.
Page 438
Layer 2 access control list management a. Enter sequence number for the ACL in the Sequence field. b. Select Permit or Deny from the Action list. In the Source list, select one of the following options: • • Host • Selecting MAC or Host enables the Source field.
Page 439
Layer 2 access control list management Copying an extended L2 ACL configuration To copy an extended L2 ACL configuration, complete the following steps. 1. Select the device and select Configure > Security > L2 ACL > Product. The Device_Name - L2 ACL Configuration dialog box displays. 2.
Page 440
Layer 2 access control list management 6. To add a rule, complete the following steps. a. Enter sequence number for the ACL in the Sequence field. b. Select Permit or Deny from the Action list. In the Source list, select one of the following options: •...
Page 441
Layer 2 access control list management Click OK on the Duplicate - L2 ACL Configuration dialog box. The new ACL displays in the ACL Entries table. To copy additional ACLs, repeat step 2 through step 8. Click OK on the Device_Name - L2 ACL Configuration dialog box. The Deploy to Products - L2 ACL dialog box displays.
Layer 2 access control list management 3. Click Yes on the confirmation message. 4. Click OK on the Device_Name - L2 ACL Configuration dialog box. NOTE The L2 ACL configuration is not deleted from the switch until you deploy the configuration to the switch.
Security configuration deployment Security configuration deployment Figure 146 shows the standard interface used to deploy security configurations. FIGURE 146 Deploy to Product/Ports dialog box Before you can deploy a security configuration, you must create the security configuration. For step-by-step instructions, refer to the following procedures: •...
Security configuration deployment Deploying a security configuration on demand To deploy a security configuration immediately, complete the following steps. FIGURE 147 Deploy to Product/Ports dialog box 1. Choose one of the following options: • Deploy now—Select to deploy the configuration immediately on the product or port without saving the deployment definition.
Security configuration deployment Saving a security configuration deployment To save a security configuration deployment, complete the following steps. FIGURE 148 Deploy to Product/Ports dialog box 1. Select the Save deployment only option to save the deployment definition for future deployment. 2.
Security configuration deployment Scheduling a security configuration deployment To schedule a security configuration deployment, complete the following steps. FIGURE 149 Deploy to Product/Ports dialog box 1. Select Configure > Security > L2 ACL > Product. The Device_Name - L2 ACL Configuration dialog box displays. 2.
Page 448
Security configuration deployment 10. Choose one of the following options to configure the frequency at which deployment runs for the schedule: • To configure deployment to run only once, refer to “Configuring a one-time deployment schedule” on page 404. • To configure hourly deployment, refer to “Configuring an hourly deployment schedule”...
Page 449
Security configuration deployment Configuring an hourly deployment schedule To configure an hourly schedule, complete the following steps. 1. Select Hourly from the Frequency list. 2. Select the minute past the hour you want deployment to run from the Minutes past the hour list.
Page 450
Security configuration deployment Configuring a monthly deployment schedule To configure a monthly schedule, complete the following steps. 1. Select Monthly from the Frequency list. 2. Select the time of day you want deployment to run from the Time (hh:mm) lists. Where the hour value is from 0 through 12, the minute value is from 00 through 59, and the day or night value is AM or PM.
Fibre Channel routing overview Fibre Channel routing overview Fibre Channel (FC) routing provides connectivity to devices in different fabrics without merging the fabrics. Using Fibre Channel routing, you can share tape drives across multiple fabrics without the administrative overhead, such as change management and network management, and scalability issues that might result from merging the fabrics.
Guidelines for setting up Fibre Channel routing VE_Port Edge fabric 2 IP cloud Edge fabric 1 Edge fabric 3 E_Port E_Port VEX_Port FC router EX_Port (2) = LSAN Backbone fabric FIGURE 150 A metaSAN with edge-to-edge and backbone fabrics Guidelines for setting up Fibre Channel routing The following are some general guidelines for setting up Fibre Channel routing: •...
Connecting edge fabrics to a backbone fabric Connecting edge fabrics to a backbone fabric The following procedure explains how to set up FC-FC routing on two edge fabrics connected through an FC router using E_Ports and EX_Ports. For Enterprise Edition only: If you are connecting Fibre Channel SANs through an IP-based network, “Configuring an FCIP tunnel”...
Page 455
Connecting edge fabrics to a backbone fabric 4. Click the right arrow button to move the FC router you selected to the Selected Router list. 5. Select a valid fabric ID (1 through 128) from the Fabric ID list. You can choose any unique fabric ID as long as it is consistent for all EX_Ports that connect to the same edge fabric.
Configuring routing domain IDs Configuring routing domain IDs Logical (phantom) domains are created to enable routed fabrics. Two types of logical domains are created: • A front domain is created in edge fabrics for every interfabric link (IFL). • A translate (Xlate) domain is created in routed fabrics that share devices. Use the following procedure to change the domain IDs of these logical domains.
Virtual Fabrics overview Terminology Table 30 lists definitions of Virtual Fabrics terms. TABLE 30 Virtual Fabrics terms Term Definition Physical chassis The physical switch or chassis from which you create logical switches and fabrics. Logical switch A collection of zero or more ports that act as a single Fibre Channel (FC) switch. When Virtual Fabrics is enabled on the chassis, there is always at least one logical switch: the default logical switch.
Virtual Fabrics requirements Virtual Fabrics requirements To configure Virtual Fabrics, you must have at least one Virtual Fabrics-enabled physical chassis running Fabric OS 6.2.0 or later in your SAN. Use one of the following options to discover a Virtual Fabrics-enabled physical chassis on the Management application topology: •...
Configuring Virtual Fabrics TABLE 32 Blade and port types supported on logical switches for backbone chassis (Continued) • Logical switch Extension Blade—GE_ and VE_Ports • FC 8 GB Port Blade—E_ and F_Ports • FC 16 GB Port Blade—E_ and F_Ports •...
Configuring Virtual Fabrics 3. Set up logical switches in each physical chassis: a. Create logical switches in each physical chassis and assign ports to them. Make sure the logical switches are configured to allow XISL use. “Creating a logical switch or base switch” on page 418 for instructions.
Configuring Virtual Fabrics Creating a logical switch or base switch NOTE Virtual Fabrics must be enabled on at least one physical chassis in your fabric. Optionally, you can define the logical switch to be a base switch. Each chassis can have only one base switch.
Page 463
Configuring Virtual Fabrics 8. (Optional) Perform the following steps to make the logical switch a base switch: a. Clear the Base Fabric for Transport check box. This check box is not relevant for base switches because all base switches can use XISLs. b.
Configuring Virtual Fabrics 20. Click Start to send these changes to the affected chassis. NOTE Most changes to logical switches will disrupt data traffic in the fabric. The status of each change is displayed in the Status column and Status area in the dialog box. 21.
Configuring Virtual Fabrics 6. Click the right arrow button. The ports display in the selected logical switch node in the Existing Logical Switches table. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box.
Configuring Virtual Fabrics 8. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box. The Re-Enable ports after moving them and QoS disable the ports while moving them check boxes are selected by default.
Configuring Virtual Fabrics Configuring fabric-wide parameters for a logical fabric When you create a logical switch, you must assign it to a fabric and configure fabric-wide parameters. All the switches in a fabric must have the same fabric-wide settings. Instead of configuring these settings separately on each logical switch, you can create a logical fabric template, which defines the fabric-wide settings for a logical fabric.
Configuring Virtual Fabrics 8. Click OK on the New Logical Fabric Template dialog box. The new logical fabric template displays under the Discovered Logical Switches node in the Existing Logical Switches table (already highlighted). All of the logical fabric templates have the same name, “NewFabric”. You can differentiate among the templates by the FID number.
Configuring Virtual Fabrics Moving a logical switch to a different fabric You can move a logical switch from one fabric to another by assigning a different fabric ID. 1. Select a switch on the Product List or Connectivity Map and select Configure > Virtual Fabric > Logical Switches.
Configuring Virtual Fabrics Changing a logical switch to a base switch The Base Switch column in the Existing Logical Switches table indicates whether a logical switch is a base switch. 1. Select a switch on the Product List or Connectivity Map and select Configure > Virtual Fabric > Logical Switches.
Encryption Center features Encryption Center features The Encryption Center dialog box is the single launching point for all encryption-related configuration in the Management application (Figure 153). It also provides a table that shows the general status of all encryption-related hardware and functions at a glance. FIGURE 153 Encryption Center dialog box Beginning with Fabric OS 6.4, the Encryption Center is dynamically updated to reflect the latest...
Encryption user privileges Encryption user privileges In the Management application, resource groups are assigned privileges, roles, and fabrics. Privileges are not directly assigned to users; users get privileges because they belong to a role in a resource group. A user can only belong to one resource group at a time. The Management application provides three pre-configured roles: •...
Page 474
Encryption user privileges TABLE 33 Privilege Read/Write • Storage Encryption Launch the Encryption center dialog box. • View switch, group, or engine properties. Configuration • View the Encryption Group Properties Security tab. • View encryption targets, hosts, and LUNs. • View LUN centric view •...
Smart card usage Smart card usage Smart Cards are credit card-sized cards that contain a CPU and persistent memory. Smart cards can be used as security devices. You must have Storage Encryption Security user privileges to activate, register, and configure smart cards. Smart cards can be used to do the following: •...
Page 476
Smart card usage 1. Select Configure > Encryption from the menu task bar. The Encryption Center dialog box displays (Figure 153). 2. Select an encryption group from the Encryption Center Devices table, then select Group > Security from the menu task bar, or right-click an encryption group and select Security. The Encryption Group Properties dialog box displays with the Security tab selected (Figure 154).
Smart card usage FIGURE 155 Add Authentication Card dialog box 5. Insert a smart card into the card reader. Wait for the card serial number to appear, then enter card assignment information as directed. 6. Click OK. Wait for the confirmation dialog box indicating initialization is done, then click OK. The card is added to the Registered Authentication Cards table in the Encryption Group Properties dialog box.
Smart card usage 3. Select the authentication card in the Registered Authentication Cards table. 4. Click Deregister. 5. A confirmation dialog box displays. Click Yes to confirm deregistration. The registered authentication card is removed from the table. 6. Click OK. The card is deregistered from the group.
Smart card usage 1. Select an encryption group from the Encryption Center Devices table, then select Group > Security from the menu task bar, or right-click a group and select Security. The Encryption Group Properties dialog box displays, with the Security tab selected (Figure 156).
Smart card usage 6. Store the card in a secure location, not in proximity to the switch or blade. Deregistering a system card System cards can be removed from the database by deregistering them. Use the following procedure to deregister a system card: 1.
Smart card usage 2. Select a smart card from the table, then do one of the following: • Click Delete to remove the smart card from the Management application database. Deleting smart cards from the Management application database keeps the Smart Cards table at a manageable size, but does not invalidate the smart card.
Network connections Network connections Before you use the encryption setup wizard for the first time, you must have the following required network connections: • The management ports on all encryption switches and 384-port Backbone Chassis CPs that have encryption blades installed must have a LAN connection to the SAN management program, and must be available for discovery.
Configuring blade processor links Configuring blade processor links Each encryption switch or blade has two GbE ports labeled Ge0 and Ge1. The Ge0 and Ge1 ports are Ethernet ports that connect encryption switches and blades to other encryption switches and blades.
Encryption node initialization and certificate generation Encryption node initialization and certificate generation When an encryption node is initialized, the following security parameters and certificates are generated: • FIPS crypto officer • FIPS user • Node CP certificate • A signed Key Authentication Center KAC) certificate •...
Supported encryption key manager appliances Supported encryption key manager appliances As stated under “Network connections”, a supported key management appliance must be connected on the same LAN as the management port of the encryption switches, or of the Backbone Chassis Control Processors (CPs) in the case of the encryption blade. Secure communication between encryption nodes in an encryption group, and between encryption nodes and key manager appliances requires an exchange of certificates that are used for mutual authentication.
Steps for connecting to an RKM appliance Steps for connecting to an RKM appliance All switches you plan to include in an encryption group must have a secure connection to the RSA Key Manager (RKM). The following is a suggested order of steps needed to create a secure connection to RKM: 1.
Steps for connecting to an RKM appliance Submitting the CSR to a certificate authority The CSR must be submitted to a CA to be signed. The certificate authority is a trusted third-party entity that signs the CSR. There are several CAs available and procedures vary, but the general steps are as follows: 1.
Page 489
Steps for connecting to an RKM appliance 5. Select Upload, Configure SSL, and Restart Webserver. 6. After the web server restarts, enter the root password. Open another web browser window, and start the RSA management user interface. You will need the URL, and have the proper authority level, user name, and password. NOTE The Identity Group name used in the next step might not exist in a freshly installed RKM.
Steps for connecting to an RKM appliance The CA certificate file referenced in the SSLCAcertificateFile field (see step 4) must be imported and registered on the switch designated as an encryption group leader. You may want to note this location before proceeding to “Loading the CA certificate onto the encryption group leader”...
Page 491
Steps for connecting to an RKM appliance FIGURE 164 Encryption Group Properties with Key Vault Certificate 2. Select Load from File. A dialog box opens that allows you to browse to a location on your client PC that contains the downloaded CA certificate in .pem format.
Steps for connecting to an LKM appliance Steps for connecting to an LKM appliance The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network appliance. The encryption engine and LKM appliance communicate over a trusted link. A trusted link is a secure connection established between the Encryption switch or blade and the NetApp LKM appliance, using a shared secret called a link key.
Steps for connecting to an LKM appliance 1. Select an LKM group from the Encryption Center Devices table, then select Group > Link Keys from the menu task bar, or right-click an LKM group and select Link Keys. The switch name displays in the link status table under Switch, with a Link Key Status of Link Key requested, pending LKM approval.
Page 494
Steps for connecting to an LKM appliance 2. Add the group leader to the LKM key sharing group. Enter lkmserver add type third-party key-sharing-group "/" followed by the group leader IP address. lkm-1>lkmserver add --type third-party --key-sharing-group \ "/" 10.32.244.71 NOTICE: LKM Server third-party 10.32.244.71 added.
Steps for connecting to an LKM appliance LKM key vault high availability deployment LKM appliances can be clustered to provide high availability capabilities. You can deploy and register one LKM with an encryption switch or blade and later deploy and register another LKM at any time if LKMs are clustered or linked together.
Steps for connecting to an LKM appliance Tape LUN and DF -compatible tape pool support • DEK creation - The DEK is created and archived to the primary LKM only. Upon successful archival of the DEK to the primary LKM, the DEK can be used for encryption of a Tape LUN or DF-Compatible tape pool.
Steps for connecting to an SKM appliance Steps for connecting to an SKM appliance The SKM management web console can be accessed from any web browser with Internet access to the SKM appliance. The URL for the appliance is as follows: https://<appliance hostname>:<appliance port number>...
Steps for connecting to an SKM appliance 3. Select Local Users & Groups under Users and Groups. The User & Group Configuration page displays. 4. Select Add under Local Users. 5. Create a Brocade user name and password. 6. Select the User Administration Permission and Change Password Permission check boxes. Select Save to save this user data.
Steps for connecting to an SKM appliance FIGURE 166 Key Vault Credentials dialog box 3. Enter the Brocade group user name and password. Keep the following rules in mind when registering the Brocade user name and password: The user name and password must match the user name and password specified for the Brocade group.
Page 500
Steps for connecting to an SKM appliance 4. Enter information required by the Create Local Certificate Authority section of the window to create your local CA. Enter a Certificate Authority Name and Common Name. These may be the same value. Enter your organizational information.
Steps for connecting to an SKM appliance 8. From the list of Available CAs in the right panel, select the CA you just created. Repeat these steps any time another local CA is needed. Downloading the local CA certificate from SKM The local CA certificate you created using the procedure for “Setting up the local Certificate Authority (CA) on SKM”...
Page 502
Steps for connecting to an SKM appliance 11. Enter the required data in the Sign Certificate Request section of the window. Select the CA name from the Sign with Certificate Authority drop-down list. Select Server as the Certificate Purpose. Enter the number of days before the certificate must be renewed based on your site's security policies.
Steps for connecting to an SKM appliance Creating an SKM High Availability cluster The HP SKM key vault supports clustering of HP SKM appliances for high availability. If two SKM key vaults are configured, they must be clustered. If only a single SKM appliance is configured, it may be clustered for backup purposes, but the backup appliance will not be directly used by the switch.
Steps for connecting to an SKM appliance Adding SKM appliances to the cluster If you are adding an appliance to an existing cluster, select the Cluster Settings section of the window, click Download Cluster Key, then save the key to a convenient location, such as your computer's desktop.
Steps for connecting to an SKM appliance Signing the Brocade encryption node KAC certificates 1. The KAC certificate signing request generated when the encryption node is initialized must be exported for each encryption node and signed by the Brocade local CA on SKM. The signed certificate must then be imported back into the encryption node.
Steps for connecting to an SKM appliance 1. Select a switch from the Encryption Center Devices table, then select Switch > Import Certificate from the menu task bar, or right-click a switch and select Import Certificate. The Import Signed Certificate dialog box displays (Figure 168).
Page 507
Steps for connecting to an SKM appliance Tape LUN support • DEK Creation - The DEK is created and archived to the SKM cluster using the cluster’s virtual IP address. The DEK is synchronized with other SKMs in the cluster. Upon successful archival of the DEK to the SKM cluster, the DEK can be used for encryption of the tape LUN.
Steps for connecting to a TEMS appliance Steps for connecting to a TEMS appliance TEMS provides a web user interface for management of clients, keys, admins, and configuration parameters. A Thales officer creates domains, groups, and managers (a type of administrator), assigns groups to domains, and assigns managers to manage groups.
Page 509
Steps for connecting to a TEMS appliance 1. Log in to the Thales management program as admin and select the Network tab (Figure 169). FIGURE 169 TEMS Network Settings 2. Enter the management IP address information under Management Interface. 3. Enter the client IP address information under KM Server Interface. 4.
Steps for connecting to a TEMS appliance Creating a client on TEMS This step assumes the group brocade has been created by an administrator. If the group brocade does not exist, you must log in to TEMS as officer, create the group, and assign the group to a manager.
Steps for connecting to a TEMS appliance 9. Enter a password in the Password and Verify Password fields. 10. Select the group brocade from the group pull-down menu. 11. Click Add Client. A TEMS client user is created and is listed in the table. Establishing TEMS key vault credentials on the switch The credentials established for the TEMS client must be presented to TEMS by the switch.
Steps for connecting to a TEMS appliance 4. In the user table under the Certificate column, click the pen icon for the newly created user. The Sign Certificate Request page displays. 5. Enter the CSR file name exported from the switch in the From File box, or if you copied the CSR from Switch >...
Steps for connecting to a TKLM appliance Steps for connecting to a TKLM appliance All switches you plan to include in an encryption group must have a secure connection to the Tivoli Key Lifecycle Manager (TKLM). A local LINUX host must be available to transfer certificates. NOTE Ensure that the time zone and clock time setting on the TKLM server and Brocade encryption nodes are the same.
Steps for connecting to a TKLM appliance 1. Select a switch from the Encryption Center Devices table, then select Switch > Export Certificate from the menu task bar, or right-click the switch and select Export Certificate. The Export Signed Certificate dialog box displays. 2.
Steps for connecting to a TKLM appliance Creating a self-signed certificate for TKLM You must create a self-signed certificate for TKLM that can be downloaded to the Fabric OS encryption engines to verify the authenticity of TKLM. 1. Select Tivoli Key Lifecycle Manager > Configuration. The Configuration page displays.
Steps for connecting to a TKLM appliance For Windows: <installed directory>\ibm\tivoli\tiptklmV2\bin\wsadmin.bat -username TKLMAdmin -password <password> -lang jython 2. Check the certificate list using the following command: print AdminTask.tklmCertList('[]') The listing will contain the uuid for all certificates. Use the uuid of the server certificate to export the server certificate from the database to the file system.
Encryption preparation Encryption preparation Before you use the encryption setup wizard for the first time, you should have a detailed configuration plan in place and available for reference. The encryption setup wizard assumes the following: • You have a plan in place to organize encryption devices into encryption groups. •...
Creating a new encryption group Creating a new encryption group The following steps describe how to start and run the encryption setup wizard and create a new encryption group. NOTE When a new encryption group is created, any existing tape pools in the switch are removed. 1.
Page 519
Creating a new encryption group FIGURE 176 Configure Switch Encryption wizard - welcome dialog box 4. Click Next. The Designate Switch Membership dialog box displays (Figure 177). FIGURE 177 Designate Switch Membership dialog box 5. Verify that Create a new encryption group containing just this switch is selected. 6.
Page 520
Creating a new encryption group FIGURE 178 Create a New Encryption Group dialog box Enter an Encryption Group Name for the encryption group and select Automatic failback mode. Encryption group names can have up to 15 characters. Letters, digits, and underscores are allowed.
Creating a new encryption group 9. Select the Key Vault Type. Configuration options vary based on the key vault type you choose. To complete the wizard steps, proceed to the section that describes your particular key vault type. Key vault types are: RSA Key Manager (RKM).
Page 522
Creating a new encryption group 3. If you are implementing encryption on data replication LUNs used by the EMC Symmetrix Remote Data Facility (SRDF), you must select Enabled for REPL Support. 4. Click Next. The Specify Certificate Signing Request File Name dialog box displays (Figure 181).
Page 523
Creating a new encryption group FIGURE 182 Specify Master Key File Name dialog box Enter the location of the file where you want to store back up master key information, or browse to the desired location. 8. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Page 524
Creating a new encryption group FIGURE 183 Select Security Settings dialog box 11. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 525
Creating a new encryption group FIGURE 184 Confirm Configuration dialog box 13. Verify the information, then click Next. 14. The Configuration Status dialog box displays (Figure 185). FIGURE 185 Configuration Status dialog box 15. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 16.
Creating a new encryption group FIGURE 186 Next Steps dialog box 17. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 18. Click Finish to exit the Configure Switch Encryption wizard. 19. Review “Understanding configuration status results” on page 503.
Page 527
Creating a new encryption group FIGURE 187 Select Key Vault dialog box for LKM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the desired location.
Page 528
Creating a new encryption group FIGURE 188 Specify Public Key Certificate (KAC) File Name dialog box 5. Specify the location of the file where you want to store the public key certificate that is used to authenticate connections to the key vault. The certificate stored in this file is the switch’s public key certificate.
Page 529
Creating a new encryption group FIGURE 189 Select Security Settings dialog box Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 530
Creating a new encryption group FIGURE 190 Confirm Configuration dialog box 9. Click Next. The Configuration Status dialog box displays (Figure 191). FIGURE 191 Configuration Status dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Creating a new encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Page 532
Creating a new encryption group FIGURE 193 Select Key Vault dialog box for SKM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s CA key certificate or browse to the desired location.
Page 533
Creating a new encryption group FIGURE 194 Specify Certificate Signing Request File Name dialog box 6. Enter the location of the file where you want to store the certificate information, or browse to the desired location. Click Next. The Specify Master Key File Name dialog box displays (Figure 195).
Page 534
Creating a new encryption group 8. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 9. Re-enter the passphrase for verification. 10. Click Next. 11.
Page 535
Creating a new encryption group FIGURE 197 Confirm Configuration dialog box 14. Verify the information, then click Next. The Configuration Status dialog box displays (Figure 198). FIGURE 198 Configuration Status dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Creating a new encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Page 537
Creating a new encryption group FIGURE 200 Select Key Vault dialog box for TEMS 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate, or browse to the desired location.
Page 538
Creating a new encryption group FIGURE 201 Specify Master Key File Name dialog box 6. Enter the name of the file used for backing up the master key or browse to the desired location. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Page 539
Creating a new encryption group FIGURE 202 Select Security Settings dialog box 10. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 540
Creating a new encryption group FIGURE 203 Confirm Configuration dialog box 12. Verify the contents, then click Next. 13. The Configuration Status dialog box displays (Figure 204). FIGURE 204 Configuration Status dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Creating a new encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Page 542
Creating a new encryption group FIGURE 206 Select Key Vault dialog box for TKLM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the desired location.
Page 543
Creating a new encryption group FIGURE 207 Specify Public Key Certificate (KAC) File Name dialog box 5. Enter the name of the file where the switch’s public key certificate is stored, or browse to the desired location. 6. Click Next. The Specify Master Key File Name dialog box displays (Figure 208).
Page 544
Creating a new encryption group Enter the name of the file used for backing up the master key, or browse to the desired location. 8. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Page 545
Creating a new encryption group FIGURE 210 Confirm Configuration dialog box 13. Verify the information, then click Next. The Configuration Status dialog box displays (Figure 211). FIGURE 211 Configuration Status dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Page 546
Creating a new encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Creating a new encryption group Understanding configuration status results After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. The CLI commands are detailed in encryption administrator’s guide for your key vault management system. •...
Adding a switch to an encryption group Adding a switch to an encryption group The setup wizard allows you to either create a new encryption group, or add an encryption switch to an existing encryption group. Use the following procedure to add a switch to an encryption group: 1.
Page 549
Adding a switch to an encryption group FIGURE 214 Designate Switch Membership dialog box 4. Select Add this switch to an existing encryption group. 5. Click Next. The Add Switch to Existing Encryption Group dialog box displays (Figure 215). FIGURE 215 Add Switch to Existing Encryption Group dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Page 550
Adding a switch to an encryption group 6. Select the group in which to add the switch, then click Next. The Specify Public Key Certificate (KAC) File Name dialog box displays (Figure 216). FIGURE 216 Specify Public Key Certificate (KAC) File Name dialog box Enter the location where you want to store the public key certificate that is used to authenticate connections to the key vault, or browse to the desired location, then click Next.
Page 551
Adding a switch to an encryption group FIGURE 217 Confirm Configuration dialog box 8. Click Next. The Configuration Status dialog box displays (Figure 218). FIGURE 218 Configuration Status dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Page 552
Adding a switch to an encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Replacing an encryption engine in an encryption group Replacing an encryption engine in an encryption group To replace an encryption engine in an encryption group with another encryption engine within the same DEK Cluster, complete the following steps: 1. Select Configure > Encryption from the menu task bar. The Encryption Center dialog box displays.
Creating high availability (HA) clusters Creating high availability (HA) clusters A high availability (HA) cluster is a group of exactly two encryption engines. One encryption engine can take over encryption and decryption tasks for the other encryption engine, if that member fails or becomes unreachable.
Creating high availability (HA) clusters FIGURE 221 Encryption Group Properties dialog box - HA Clusters tab NOTE If you are creating a new HA cluster, a dialog box displays requesting a name for the new HA cluster. HA Cluster names can have up to 31 characters. Letters, digits, and underscores are allowed. Removing engines from an HA cluster Removing the last engine from an HA cluster also removes the HA cluster.
Creating high availability (HA) clusters Swapping engines in an HA cluster Swapping engines is useful when replacing hardware. Swapping engines is different from removing an engine and adding another because when you swap engines, the configured targets on the former HA cluster member are moved to the new HA cluster member. 1.
Adding encryption targets Adding encryption targets Adding an encryption target maps storage devices and hosts to virtual targets and virtual initiators within the encryption switch. NOTE It is recommended that you configure the host and target in the same zone before configuring them for encryption.
Page 559
Adding encryption targets The list of engines depends on the scope being viewed. • If the Targets dialog box is showing all targets in an encryption group, the list includes all engines in the group. • If the Targets dialog box is showing all targets for a switch, the list includes all encryption engines for the switch.
Page 560
Adding encryption targets FIGURE 226 Select Hosts dialog box Select hosts using either of the following methods: a. Select a maximum of 1024 hosts from the Hosts in Fabric table, then click the right arrow to move the hosts to the Selected Hosts table. (The Port WWN column contains all target information that displays when using the nsshow command.) b.
Page 561
Adding encryption targets FIGURE 227 Name Container dialog box 9. Click Next. The Confirmation dialog box displays (Figure 228). FIGURE 228 Confirmation dialog box 10. Click Next after you have verified the contents. Clicking Next creates the configuration. The Configuration Status dialog box displays (Figure 229).
Page 562
Adding encryption targets NOTE If you can view the VI/VT Port WWNs and VI/VT Node WWNs, the container has been successfully added to the switch. FIGURE 229 Configuration Status dialog box 11. Review any post-configuration instructions or messages, which you can copy to a clipboard or print for later.
Page 563
Adding encryption targets FIGURE 230 Next Steps dialog box 13. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 14. Click Finish to exit the Configure Switch Encryption wizard. 15. Review “Understanding configuration status results” on page 503.
Configuring hosts for encryption targets Configuring hosts for encryption targets Use the Encryption Target Hosts dialog box to edit (add or remove) hosts for an encrypted target. NOTE Hosts are normally selected as part of the Configure Switch Encryption wizard, but you can also edit hosts later using the Encryption Target Hosts dialog box.
Page 565
Configuring hosts for encryption targets FIGURE 232 Encryption Target Hosts dialog box 4. Select one or more hosts in a fabric, then move them to the Selected Hosts table using the right arrow, or manually enter world wide names in the Port WWN and Node WWN text boxes if the hosts are not included in the list.
Adding target disk LUNs for encryption Adding target disk LUNs for encryption You can add a new path to an existing disk LUN or add a new LUN and path by launching the Add New Path wizard. To launch the wizard, complete the following steps: Before You Begin Before you can add a target disk LUN for encryption, you must first configure the Storage Arrays.
Page 567
Adding target disk LUNs for encryption 4. Select the target port from the Target Port table. 5. Click Next. The Select Initiator Port dialog box displays (Figure 235). FIGURE 235 Select Initiator Port dialog box 6. Select the initiator port from the Initiator Port table. Click Next.
Page 568
Adding target disk LUNs for encryption FIGURE 236 Select LUN dialog box 8. Set the Current LUN State as required. If the LUN already has an existing key ID, the Current LUN State field is automatically set to Encrypted. You can accept the automatically assigned state or change this value if desired.
Adding target disk LUNs for encryption FIGURE 237 Correcting an Encryption Mode Mismatch When you correct a policy on a LUN, it is automatically selected for all paths to the selected LUN. When you modify LUN policies, a Modify icon displays to identify the modified LUN entry. 12.
Adding target disk LUNs for encryption SRDF supports the following methods of data replication: • Synchronous Replication provides real-time mirroring of data between the source Symmetrix and the target Symmetrix systems. Data is written simultaneously to the cache of both systems in real time before the application I/O is completed, thus ensuring the highest possible data availability.
Adding target disk LUNs for encryption FIGURE 238 Basic SRDF configuration with Brocade encryption switches Metadata requirements and remote replication When the metadata and key ID are written, the primary metadata on blocks 1–16 is compressed and encrypted. However, there are scenarios whereby these blocks cannot be compressed, and the metadata is not written to the media.
Page 572
Adding target disk LUNs for encryption • The New LUN option is used only if an RKM key vault is configured for the encryption group. • The New LUN option can be used only if replication is enabled for the encryption group. •...
Adding target tape LUNs for encryption Adding target tape LUNs for encryption You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the encryption property on the Crypto LUN. You must add LUNs manually. After you add the LUNs, you must specify the encryption settings.
Page 574
Adding target tape LUNs for encryption FIGURE 240 Encryption Target Tape LUNs dialog box 4. Click Add. The Add Encryption Target Tape LUNs dialog box displays (Figure 241). The dialog box includes a table of all LUNs in the storage device that are visible to hosts. LUNs are identified by the Host world wide name, LUN number, Volume Label Prefix number, and Enable Write Early ACK and Enable Read Ahead status.
Page 575
Adding target tape LUNs for encryption 6. Choose a LUN to be added to an encryption target container using one of the two following methods: • Discover. Click to identify the exposed logical unit number for a specified initiator. If you already know the exposed LUNs for the various initiators accessing the LUN, you can enter the range of LUNs using the alternative method.
Configuring encrypted tape storage in a multi-path environment Configuring encrypted tape storage in a multi-path environment This example assumes one host is accessing one storage device using two paths: • The first path is from Host Port A to Target Port A, using Encryption Engine A for encryption. •...
Tape LUN write early and read ahead Tape LUN write early and read ahead The tape LUN write early and read ahead feature uses tape pipelining and prefetch to speed serial access to tape storage. These features are particularly useful when performing backup and restore operations, especially over long distances.
Page 578
Tape LUN write early and read ahead FIGURE 243 Encryption Target Tape LUNs dialog box - Setting tape LUN read ahead and write early 4. In the Enable Write EarlyAck and Enable Read Ahead columns, when the table is populated, you can set these features as desired for each LUN: •...
Tape LUN statistics Tape LUN statistics This feature enables you to view and clear statistics for tape LUNs. These statistics include the number of compressed blocks, uncompressed blocks, compressed bytes and uncompressed bytes written to a tape LUN. The tape LUN statistics are cumulative and change as the host writes more data on tape. You can clear the statistics to monitor compression ratio of ongoing host I/Os.
Page 580
Tape LUN statistics FIGURE 245 Tape LUN Statistics dialog box 5. To clear the tape LUN statistics for all member LUNs for the container, click Clear. 6. When prompted with a confirmation dialog box, click Yes. To update the tape LUN statistics, click Refresh. Viewing and clearing tape LUN statistics for specific tape LUNs To view or clear statistics for tape LUNs in a container, complete these steps: 1.
Page 581
Tape LUN statistics FIGURE 246 Target Tape LUNs dialog box 4. Select the LUN or LUNs for which to display or clear statistics. 5. Click Statistics. The Tape LUN Statistics dialog box displays (Figure 247). The dialog box displays the statistic results based on the LUN or LUNs you selected.
Page 582
Tape LUN statistics 2. Select a group, switch, or engine from the Encryption Center Devices table that contains the storage device to be configured, then select Group/Switch/Engine > Targets from the menu task bar, or right-click a group, switch, or engine and select Targets. NOTE You can also select a group, switch, or engine from the Encryption Center Devices table, then click the Targets icon.
Re-balancing the encryption engine Re-balancing the encryption engine If you are currently using encryption and running Fabric OS 6.3.x or earlier, you are hosting tape and disk target containers on different encryption switches or blades. Beginning with Fabric OS 6.4, disk and tape target containers can be hosted on the same switch or blade. Hosting both disk and tape target containers on the same switch or blade might result in a drop in throughput, but it can reduce cost by reducing the number of switches or blades needed to support encrypted I/O in environments that use both disk and tape.
Master keys Master keys When an opaque key vault is used, a master key is used to encrypt the data encryption keys. The master key status indicates whether a master key is used and whether it has been backed up. Encryption is not allowed until the master key has been backed up.
Master keys Master key actions NOTE Master keys belong to the group and are managed from Group Properties. Master key actions are as follows: • Backup master key, which is enabled any time a master key exists. You can back up the master key to a file, to a key vault, or to a smart card. You can back up the master key multiple times to any of these media in case you forget the passphrase you originally used to back up the master key, or if multiple administrators each needs a passphrase for recovery.
Master keys FIGURE 250 Backup Destination (to file) dialog box 4. Select File as the Backup Destination. 5. Enter a file name, or browse to the desired location. 6. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Master keys FIGURE 251 Backup Destination (to key vault) dialog box 4. Select Key Vault as the Backup Destination. 5. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 6.
Page 588
Master keys The key is divided among the cards in the card set, up to 10. The quorum of cards required to restore the master key must be less than the total number of cards in the set, and no greater than five.
Master keys Run the additional cards through the reader that are needed for the set. As you read each card, the card ID displays in the Card Serial# field. Be sure to wait for the ID to appear. 8. Enter the mandatory last name and first name of the person to whom the card is assigned. 9.
Master keys 4. Choose the active or alternate master key for restoration, as appropriate. Refer to “Active master key” on page 540 and “Alternate master key” on page 540 if you need more information on active and alternate master keys. 5.
Master keys 6. Enter the key ID of the master key that was backed up to the key vault. Enter the passphrase. The passphrase that was used to back up the master key must be used to restore the master key. 8.
Master keys 6. Insert the recovery card containing a share of the master key that was backed up earlier, and wait for the card serial number to appear. Enter the password that was used to create the card. After five unsuccessful attempts to enter the correct password, the card becomes locked and unusable.
Master keys Viewing Master Key IDs When the master key has been backed up multiple times, you can use this feature to view the associated key IDs. To view master key IDs, follow these steps: 1. Select Configure > Encryption from the menu task bar. The Encryption Center dialog box displays (Figure 153).
Zeroizing an encryption engine Zeroizing an encryption engine Zeroizing is the process of erasing all data encryption keys and other sensitive encryption information in an encryption engine. You can zeroize an encryption engine manually to protect encryption keys. No data is lost because the data encryption keys for the encryption targets are stored in the key vault.
Page 595
Zeroizing an encryption engine A confirmation dialog box describes consequences and actions required to recover. FIGURE 258 Warning message - zeroizing an engine 3. Click Yes to zeroize the encryption engine. • For an encryption blade, after the zeroize operation is successful, a message displays noting that the encryption blade will be powered off and powered on to make it operational again.
Using the Encryption Targets dialog box Using the Encryption Targets dialog box The Encryption Targets dialog box enables you to send outbound data that you want to store as ciphertext to an encryption device. The encryption target acts as a virtual target when receiving data from a host, and as a virtual initiator when writing the encrypted data to storage.
Page 597
Using the Encryption Targets dialog box NOTE If the encryption group is busy when you click Commit, you are given the option to either force the commit, or abort the changes. Click Commit to re-create the redirection zone. Brocade Network Advisor SAN User Manual 53-1002167-01...
Disk device decommissioning Disk device decommissioning A disk device needs to be decommissioned when any of the following occurs: • The storage lease expires for an array, and devices must be returned or exchanged. • Storage is reprovisioned for movement between departments. •...
Disk device decommissioning 5. Click Yes to proceed with decommissioning. If a re-key operation is currently in progress on a selected LUN, a message is displayed that gives you a choice of doing a Forced Decommission, or to Cancel and try later after the re-key operation is complete.
Page 600
Disk device decommissioning FIGURE 261 Universal IDs dialog box Brocade Network Advisor SAN User Manual 53-1002167-01...
Re-keying all disk LUNs manually Re-keying all disk LUNs manually The encryption management application allows you to perform a manual re-key operation on all encrypted primary disk LUNs and all non-replicated disk LUNs hosted on the encryption node that are in the read-write state. Manual re-keying of all LUNs might take an extended period of time.
Page 602
Re-keying all disk LUNs manually FIGURE 263 Warning message - Re-key all 4. Click Yes. Re-keying operations begin on up to 10 LUNs. If more than 10 LUNs are configured on the switch, the remaining re-key operations are held in the pending state. 5.
Re-keying all disk LUNs manually Viewing the progress of manual re-key operations To monitor the progress of manual re-key operations, complete these steps: 1. Select Configure > Encryption from the menu task bar. The Encryption Center dialog box displays. 1. Select an encryption group from the Encryption Center Devices table, then select Group > Re-Key Sessions from the menu task bar, or right-click an encryption group and select Re-Key Sessions.
Viewing time left for auto re-key Viewing time left for auto re-key You can view the time remaining until auto re-key is no longer active for a disk LUN. The information is expressed as the difference between the next re-key date and the current date and time, and is measured in days, hours, and minutes.
Viewing and editing switch encryption properties Viewing and editing switch encryption properties To view switch encryption properties, complete the following steps: 1. Select Configure > Encryption from the menu task bar. The Encryption Center dialog box displays (Figure 153). The dialog box shows the status of all encryption-related hardware and functions at a glance.
Page 606
Viewing and editing switch encryption properties • Switch Status - the health status of the switch. Possible values are Healthy, Marginal, Down, Unknown, Unmonitored, and Unreachable. • Switch Membership Status - the alert or informational message description which details the health status of the switch.
Viewing and editing switch encryption properties • Backup Key Vault Connection Status - whether the backup key vault link is connected. Possible values are Unknown, Key Vault Not Configured, No Response, Failed authentication, and Connected. • Key Vault User Name – (TEMS only) launches dialog box to identify key vault user information. •...
Viewing and editing switch encryption properties Importing a signed public key certificate from Properties To import a signed public key certificate, complete the following steps. 1. Click Import. The Import Signed Certificate dialog box displays (Figure 267). FIGURE 267 Import Signed Certificate dialog box 2.
Viewing and editing group properties Viewing and editing group properties To view encryption group properties, complete the following steps. 1. Select Configure > Encryption from the menu task bar. The Encryption Center dialog box displays (Figure 153). 2. Select a group from the Encryption Center Devices table, then select Group > Properties from the menu task bar, or right-click a group and select Properties.
Viewing and editing group properties General tab The General tab (Figure 269) is viewed from the Encryption Group Properties dialog box. To access the General tab, select a group from the Encryption Center Devices table, then select Group > Properties from the menu task bar, or right-click a group and select Properties. NOTE You can also select a group from the Encryption Center Devices table, then click the Properties icon.
Viewing and editing group properties • Backup Key Vault Connection Status - the status of the connection to the backup key vault, if a backup is configured. • Primary key vault certificate - the details of the primary vault certificate; for example, version and signature information.
Viewing and editing group properties • OK - the member switch is responding to the group leader switch. • Not Available - the group leader is not a managed switch, so connection statuses are not being collected from the group leader. Members tab Remove button You can click the Remove button to remove a selected switch or group from the encryption group table.
Viewing and editing group properties FIGURE 271 Removal of switch warning A warning message displays when you attempt to remove an encryption group (Figure 272). Click Yes to proceed. FIGURE 272 Removal of an encryption group warning Security tab The Security tab displays the status of the master key for the encryption group and whether smart cards are required.
Page 614
Viewing and editing group properties The Security tab (Figure 273) is viewed from the Encryption Group Properties dialog box. To access the Security tab, select a group from the Encryption Center Devices table, then select Group > Security from the menu task bar, or right-click a group and select Security. The Properties dialog box displays with the Security tab selected.
Viewing and editing group properties HA Clusters tab The HA Clusters tab allows you to create and delete HA clusters, add encryption engines to and remove encryption engines from HA clusters, and failback an engine. The HA Clusters tab (Figure 274) is viewed from the Encryption Group Properties dialog box.
Viewing and editing group properties NOTE The Link Keys tab appears only if the key vault type is NetApp LKM. The Link Keys tab (Figure 275) is viewed from the Encryption Group Properties dialog box. To access the Link Keys tab, select an LKM group from the Encryption Center Devices table, then select Group >...
Page 617
Viewing and editing group properties • To add a tape pool, click Add, then complete the Add Tape Pool dialog box. • To remove a tape pool, simply select one or more tape pools listed in the table, then click Remove.
Page 618
Viewing and editing group properties All encryption engines in the encryption group share the tape pool definitions. Tapes can be encrypted by an encryption engine where the container for the tape target LUN is hosted. The tape media is mounted on the tape target LUN. Tape pool definitions are not needed to read a tape.
Viewing and editing group properties 4. Select the Encryption Mode. Options include Clear Text, DF-Compatible Encryption, and Native Encryption. • DF-Compatible Encryption is valid only when LKM is the key vault. • The Key Lifespan (days) field is editable only if the tape pool is encrypted. •...
Page 620
Viewing and editing group properties FIGURE 279 Encryption Group Properties Dialog Box - Engine Operations Tab NOTE You cannot replace an encryption engine if it is part of an HA Cluster. For information about HA Clusters, refer to “HA Clusters tab” on page 571.
Encryption-related acronyms in log messages Encryption-related acronyms in log messages Fabric OS log messages related to encryption components and features may have acronyms embedded that require interpretation. Table 35 lists some of those acronyms. TABLE 35 Encryption acronyms Acronym Name Encryption Engine Encryption Group High Availability Cluster...
Page 622
Encryption-related acronyms in log messages Brocade Network Advisor SAN User Manual 53-1002167-01...
Zoning overview • QoS zones Assign high or low priority to designated traffic flows. Quality of Service (QoS) zones are normal zones with additional QoS attributes that you select when you create the zone. • Traffic Isolation zones (TI zones) Isolate inter-switch traffic to a specific, dedicated path through the fabric.
Zoning overview • You want to analyze the impact of changes to storage access before applying the changes. For example, if you deploy a new server and want to ensure that the zoning changes result in only the new server gaining access to specific storage devices and nothing else. See “Comparing zone databases”...
Zoning overview Administrator zoning privileges NOTE This section applies to the Enterprise and Professional Plus editions only. You can set read-only or read/write access for the following zoning components: • LSAN Zoning • Zoning Activation (and deactivation) • Zoning Offline •...
Zone database size Note the following items about setting zoning privileges: • If no privilege level is set for any of the components, zoning is disabled at the Management application main menu and the Zoning dialog box cannot be opened. •...
Zoning configuration 5. Create the zones. For specific instructions, refer to “Creating a new zone” on page 584. 6. Add members to each zone. For specific instructions, refer to “Adding members to a zone” on page 586 and “Creating a new member in an LSAN zone”...
Zoning configuration For offline zone databases only, complete the following steps to save the zone configuration into the switch from the offline zone database: a. Select Save to Switch from the Zone DB Operation list. b. Click Yes on the confirmation message. The selected zone database is saved to the fabric without enabling a specific zone configuration.
Zoning configuration Adding members to a zone Use this procedure to add a member to a zone when the member is listed in the Potential Members list of the Zone DB tab. Enterprise and Professional Plus versions: For instructions to add a member to a zone when the member is not listed in the Potential Members list, refer to the procedure “Creating a new member in a zone”...
Zoning configuration 9. Click OK or Apply to save your changes. A message displays informing you that any zones or zone configurations you have changed will be saved in the zone database, and warning you to make sure no other user is making changes to the same areas.
Zoning configuration Customizing the zone member display The following procedure applies to the zone display in the standard Zoning dialog box and also to the LSAN Zoning dialog box. 1. Select Configure > Zoning > Fabric. For LSAN zoning, select Configure > Zoning > LSAN Zoning (Device sharing). The Zoning or LSAN Zoning dialog box displays, based on the Configure >...
Zoning configuration 6. Make sure the appropriate fabric is named on the Zoning Policies dialog box. Perform one of the following actions based on the task you want to complete: • To enable the default zone, click Enable, and then click OK. •...
Zoning configuration Creating a zone alias An alias is a logical group of port index numbers and WWNs. Specifying groups of ports or devices as an alias makes zone configuration easier, by enabling you to configure zones using an alias rather than inputting a long string of individual members.
Zoning configuration 6. Add members to the alias by completing the following steps. a. Select an option from the Type list to choose how to display the objects in the Potential Members list. b. Show all discovered fabrics in the Potential Members list by right-clicking in the Potential Members list and selecting Expand All.
Zoning configuration 4. Click Export. The Export Alias dialog box displays. 5. Browse to the location to which you want to export the zone alias data. 6. Enter a name for the export file in the File Name field. Click Export Alias. 8.
Zoning configuration Add zones to the zone configuration. For step-by-step instructions, refer to “Adding zones to a zone configuration” on page 593. 8. Click OK or Apply to save your changes. A message displays informing you that any zones or zone configurations you have changed will be saved in the zone database, and warning you to make sure no other user is making changes to the same areas.
Zoning configuration 5. Select one or more zones to add to the zone configurations in the Zones list. (Press SHIFT or CTRL and click each zone name to select more than one zone.) 6. Click the right arrow between the Zones list and Zone Configurations list to add the zones to the zone configurations.
Page 639
Zoning configuration • The selected fabric is no longer discovered. • In McDATA Open Mode (InteropMode 3), the seed switch is a Fabric OS switch and either no EOS switch is in the fabric or none of the EOS switches are manageable. 1.
Zoning configuration Click OK to activate the zone configuration. If you are activating a zone configuration from the offline zone database, a message might display informing you of name conflicts between items in the offline zone database and the existing online zone database. Click Yes to overwrite the items in the online zone database, or No to cancel the activation.
Zoning configuration 6. Click OK or Apply to save your changes. A message displays informing you that any zones or zone configurations you have changed will be saved in the zone database, and warning you to make sure no other user is making changes to the same areas.
Zoning configuration Refreshing a zone database 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a zone database from the Zone DB list. 4.
Page 643
Zoning configuration FIGURE 280 Compare/Merge Zone DBs dialog box 3. Select a database from the Reference Zone DB field. 4. Select a database from the Editable Zone DB field. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases.
Zoning configuration Select the Differences check box to display only the differences between the selected databases. 8. Select the Sync Scroll Enable check box to synchronize scrolling between the selected databases. 9. Merge zone configurations by completing the followings steps. a.
Zoning configuration 5. Click OK to save your work and close the Zoning dialog box. Exporting an offline zone database NOTE You cannot export an online zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2.
LSAN zoning 4. Click OK to save your work and close the Zoning dialog box. LSAN zoning LSAN zoning is available only for backbone fabrics and any directly connected edge fabrics. A backbone fabric is a fabric that contains an FC router. All discovered backbone fabrics have the prefix LSAN_ in their fabric name, which is listed in the Zoning Scope list.
LSAN zoning 10. Click OK to continue. All LSAN zones are activated on the selected fabrics and saved to the Zone DB. 11. Click OK to close the dialog box. Creating a new LSAN zone 1. Select a backbone fabric from the Connectivity Map or Product List. 2.
LSAN zoning Adding members to the LSAN zone Use this procedure to add a member to an LSAN zone when the member is listed in the Potential Members list of the Zone DB tab. 1. Select a backbone fabric from the Connectivity Map or Product List. 2.
LSAN zoning Creating a new member in an LSAN zone Use this procedure to add a member to an LSAN zone when the member is not listed in the Potential Members list of the Zone DB tab. For instructions to add a member to a zone when the member is listed in the Potential Members list, refer to the procedure “Adding members to the LSAN zone”...
Traffic isolation zoning 11. Click OK to close the dialog box. Activating LSAN zones 1. Select a backbone fabric from the Connectivity Map or Product List. 2. Select Configure > Zoning > LSAN Zoning (Device Sharing). The Zone DB tab of the Zoning dialog box displays. 3.
Traffic isolation zoning Enhanced TI zones In Fabric OS 6.4.0 or higher, ports can be in multiple TI zones. Zones with overlapping port members are called enhanced TI zones (ETIZ). Enhanced TI zones are supported only on the following platforms: •...
Traffic isolation zoning Configuring traffic isolation zoning The following procedure provides an overview of the steps you must perform to configure traffic isolation zoning. Note that for any zoning-related procedure, changes to a zone database are not saved until you click OK or Apply on the Zoning dialog box.
Traffic isolation zoning 6. Enter a name for the zone. For zone name requirements and limitations, refer to “Zoning naming conventions” page 581. Press Enter. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors, and asking whether you want to proceed.
Traffic isolation zoning 8. Click the right arrow between the Potential Members list and Zones list to add the selected ports to the zone. A message may display informing you that one or some of the selected potential members cannot be zoned. Click OK to close the message box. Reconsider your selections and make corrections as appropriate.
Traffic isolation zoning 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Right-click the traffic isolation zone you want to disable in the Zones list and clear the Configured Enabled check box.
Zoning administration • Ensure that there are multiple paths between switches. Disabling failover locks the specified route so that only TI zone traffic can use it. ATTENTION If failover is disabled, use care when planning your TI zones so that non-TI zone devices are not isolated.
Page 657
Zoning administration To compare two zone databases, complete the following steps. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select Compare from the Zone DB Operation list. The Compare/Merge Zone DBs dialog box displays, as shown in Figure 281.
Page 658
Zoning administration FIGURE 281 Compare/Merge Zone DBs dialog box 3. Select a database from the Reference Zone DB field. 4. Select a database from the Editable Zone DB field. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases.
Zoning administration Select the Differences check box to display only the differences between the selected databases. 8. Select the Sync Scroll Enable check box to synchronize scrolling between the selected databases. 9. Click Previous or Next to navigate line-by-line in the Editable Zone DB area. 10.
Zoning administration 3. Enter the maximum number of zone database changes that can be made for that fabric before a zone configuration is activated. To set a limit, enter a positive integer. To allow unlimited changes, enter 0. 4. Repeat step 2 step 3 for each fabric on which you want to set limits.
Zoning administration Deleting a zone alias 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select Alias from the Type list. 4. Right-click the zone alias you want to delete and select Delete. 5.
Zoning administration Deleting an offline zone database For pure EOS fabrics in McDATA Fabric Mode (InteropMode 2) or McDATA Open Mode (InteropMode 3) and for mixed Fabric OS and M-EOS fabrics in McDATA Open Mode, you cannot delete the last available offline zone database, because only offline zoning is supported for these fabrics.
Zoning administration Removing all user names from a zone database Use this procedure to remove all user names from the selected offline zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning databases for the selected entity.
Zoning administration 6. Click OK or Apply to save your changes. A message displays informing you that any zones or zone configurations you have changed will be saved in the zone database, and warning you to make sure no other user is making changes to the same areas.
Zoning administration 5. (Optional) Type a new name for the zone configuration. If you key in a new name, press Enter to save the name. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors, and asking whether you want to proceed.
Zoning administration 4. Select the zone member in the Zones list that you want to find in the Potential Members list. Press SHIFT or CTRL and click each zone to select more than one zone. 5. Click Find < between the Potential Members list and the Zones list. •...
Zoning administration 5. Click Find < between the Zones list and the Zone Configurations list. • If the zone is found, it is highlighted in the Zones list. • If the zone is not found, a message displays informing you of this. Click OK to close the message box.
Zoning administration Removing a member from a zone Use the following procedure to remove one or more members from a zone or zones. Note that the member is not deleted; it is only removed from the zone. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays.
Zoning administration 5. Perform one of the following actions: • Right-click the name of the zone you want to remove in the Zone Configurations list and select Remove. • To remove multiple zones, select the zones to be removed from the zone configuration, and click the left arrow between the Zones list and the Zone Configurations list.
Zoning administration Renaming a zone 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select an FC fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity.
Zoning administration Click OK or Apply to save your changes. A message displays informing you that any zones or zone configurations you have changed will be saved in the zone database, and warning you to make sure no other user is making changes to the same areas.
Zoning administration Replacing an offline device by WWN The Management application enables you to replace an offline device by WWN from all zones and zone aliases in the selected zone DB. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2.
Page 673
Zoning administration 5. Select Name (default is WWN) in the corresponding Replace Using list. 6. Select the name of the offline device in the corresponding Replace Using list. If the selected name has multiple device or device port WWNs assigned (names are set to non-unique in Management application), the Device or Device Port WWN of Non-unique Name dialog box displays.
Page 674
Zoning administration Brocade Network Advisor SAN User Manual 53-1002167-01...
FCIP services licensing FCIP services licensing Most of the FCIP extension services described in this chapter require the High Performance . FICON emulation features require additional licenses. Extension over FCIP/FC license The following features and licensing apply to the 8 Gbps Extension platforms. •...
FCIP platforms and supported features FCIP platforms and supported features The following Fabric OS platforms that support FCIP: • The 8 Gbps extension switch. • The 8 Gbps Extension blade (384-port Backbone Chassis, 192-port Backbone Chassis). • The 4 Gbps Extension blade (384-port Backbone Chassis, 192-port Backbone Chassis, Director Chassis).
FCIP trunking The way FCIP tunnels and virtual ports map to the physical GbE ports depends on the switch or blade model. The 8 Gbps Extension Switch and 8 Gbps Extension Blade tunnels are not tied to a specific GbE port, and may be assigned to any virtual port within the allowed range. The 4 Gbps Extension Blade requires tunnels to be mapped to specific GbE ports and specific virtual ports.
FCIP trunking IP Router IP Router 10.0.1.1 10.0.0.1 FCIP Circuits FCIP Circuits 10.0.0.2 10.0.1.2 10.0.0.3 10.0.1.3 10.0.0.4 10.0.1.4 FCIP Tunnel 10.0.0.5 10.0.1.5 FIGURE 282 FCIP tunnel and FCIP circuits Design for redundancy and fault tolerance Multiple FCIP tunnels can be defined between pairs of 8 Gbps extension switches and 8 Gbps extension Blades, but doing so defeats the concept of a multiple circuit FCIP tunnel.
FCIP trunking • In a scenario where a FCIP tunnel has multiple circuits of different metrics the data will flow over the lower metric circuits unless a failover condition occurs, as described in “FCIP circuit failover capabilities”. • The maximum bandwidth for a single circuit is 1 Gbps. However, a maximum of 10 Gbps per circuit is allowed between 10 GbE ports on 8 Gbps Extension Blades when both blades are running Fabric OS 7.0 or greater.
Adaptive Rate Limiting • Circuits 0 and 1 are created with a metric of 0. Circuit 0 is created with a maximum transmission rate of 1 Gbps, and Circuit 1 is created with a maximum transmission rate of 500 Mbps. Together, Circuits 0 and 1 provide an available bandwidth of 1.5 Gbps. •...
Page 682
QoS SID/DID priorities over an FCIP trunk • F class - F class is the highest priority, and is assigned bandwidth as needed at the expense of lower priorities, if necessary. • QoS high - The QoS high priority gets at least 50% of the available bandwidth. •...
QoS SID/DID priorities over an FCIP trunk Configuring QoS Priorities For 8 Gbps platforms only, you can change QoS priorities from the default settings using the following steps: 1. Select Configure > FCIP Tunnels. The FCIP Tunnels dialog box is displayed. All discovered fabrics with extension switches are listed under devices, and all existing FCIP tunnels are displayed.
IPsec and IKE implementation over FCIP IPsec and IKE implementation over FCIP Internet Protocol security (IPsec) uses cryptographic security to ensure private, secure communications over Internet Protocol networks. IPsec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. It helps secure your SAN against network-based attacks from untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network, data corruption, and data and user credential theft.
IPsec and IKE implementation over FCIP The following limitations apply to using IPsec: • IPsec-specific statistics are not supported. • To change the configuration of a secure tunnel, you must delete the tunnel and recreate it. • There is no RAS message support for IPsec. •...
QOS, DSCP, and VLANs QOS, DSCP, and VLANs Quality of Service (QoS) refers to policies for handling differences in data traffic. These policies are based on data characteristics and delivery requirements. For example, ordinary data traffic is tolerant of delays and dropped packets, but voice and video data are not. QoS policies provide a framework for accommodating these differences in data as it passes through a network.
FICON emulation features Consider the constraints described in Table 41 when configuring tunnels to use OSTP. TABLE 41 OSTP constraints FCIP Fastwrite Tape Acceleration Each GbE port supports up to 2048 simultaneous Each GbE port supports up to 2048 simultaneous accelerated exchanges, which means a total of 2048 accelerated exchanges, which means a total of 2048 simultaneous exchanges combined for Fastwrite and...
FICON emulation features FICON pacing mechanism may interpret delays as an indication of a large data transfer that could monopolize a shared resource, and react by throttling the I/O. IBM z/OS Global Mirror (z Gm) emulation provides local responses to remote hosts, eliminating distance related delays. A FICON XRC Emulation License is required to enable IBM z/OS Global Mirror (z Gm) Emulation.
FCIP configuration guidelines FCIP configuration guidelines FCIP configuration always involves two or more extension switches. The following should take place first before you configure a working FCIP connection from the Management application: • The WAN link should be provisioned and tested for integrity. •...
Page 691
Configuring an FCIP tunnel 1. Select Configure > FCIP Tunnels. The FCIP Tunnels dialog box is displayed (Figure 287). All discovered fabrics with extension switches are listed under devices. FIGURE 287 FCIP Tunnels dialog box (fabric selected from Product tree) 2.
Page 692
Configuring an FCIP tunnel FIGURE 288 Add FCIP Tunnel dialog box 4. Click Select Switch Two under Switch Two Settings to display discovered extension switches, and select the switch that you want to connect to switch one. The switch name and fabric are displayed in the Switch and Fabric fields. 5.
Adding an FCIP circuit Adding an FCIP circuit When adding a new FCIP tunnel, you can add an FCIP circuit by selecting the Add button to the right of the Circuits properties table on the Add FCIP Tunnel dialog box (Figure 288 on page 648).
Page 694
Adding an FCIP circuit 4. Select the IP Address for each port. This implementation of IPv6 uses unicast addresses for the interfaces with FCIP circuits. The unicast address must follow the RFC 4291 IPv6 standard and use the IANA assigned IPv6 Global Unicast address space (2000::/3). 5.
Adding an FCIP circuit 10. If the physical connection exists, click Verify IP Connectivity to test the connection between switch one and switch two. The IP connectivity of the connection is tested with the ping utility. 11. Select Advanced Settings and continue if you want to do any of the following: •...
Configuring FCIP tunnel advanced settings Circuit configuration failure When a tunnel cannot be created because the process for adding a new circuit configuration fails, a FCIP Tunnel/Circuit Configurations dialog box displays. Using this dialog box, you can perform the following tasks: •...
Configuring FCIP tunnel advanced settings FIGURE 291 Selecting a compression mode 3. Select the desired compression mode. A Standard option provides hardware compression and is available on all platforms. The 8 Gbps Extension Switch and the 8 Gbps Extension Blade provide three additional options for compression.
Configuring FCIP tunnel advanced settings 4. Click OK. Enabling Tperf test mode To enable Tperf test mode, do the following: 1. Select Advanced Settings on the Add FCIP Tunnel dialog box to display the Advanced Settings dialog box. 2. From the Transmission tab, select the TPerf Test Mode check box. 3.
Page 699
Configuring FCIP tunnel advanced settings FIGURE 292 Advanced Settings Security Tab for the 8 Gbps extension Switch and Blade 3. As an option, click Ensure connecting peer switches have known WWNs. This provides an added measure of security. 4. Enter the WWN for the remote switch. 5.
Configuring FCIP tunnel advanced settings You can activate the Enable backward compatibility feature on 8 Gbps platforms if IPSec is enabled. This allows multiple 1 Gbps circuits to be created using 10 Gbps ports even if the switch at one end of the tunnel is using Fabric OS 7.0 and the switch at the other end is using Fabric OS earlier than v7.0.
Viewing FCIP connection properties 4. Select Populate Default Values at the top of the dialog box to set all operational parameters for FICON emulation to default values. This option is not be enabled if existing values are configured for the tunnel. 5.
Viewing General FCIP properties FIGURE 294 FCIP connection properties Viewing General FCIP properties Use the following steps to view general FCIP properties for a switch or blade. 1. Right click an extension blade or switch from the Fabric Tree structure or on the Connectivity Map, and select Properties.
Page 703
Viewing General FCIP properties FIGURE 295 General FCIP properties tab (Extension switch or blade) Use the following steps to view the properties of a chassis where an extension blade is installed. 1. Right click the chassis in the Switch group in Fabric Tree structure or on the Connectivity Map where the extension blade is installed, and select Properties.
Viewing FCIP FC port properties FIGURE 296 General FCIP properties tab (blade chassis) Viewing FCIP FC port properties Take the following steps to view FCIP FC port properties. 1. Right click an extension blade or switch from the Fabric Tree structure or on the Connectivity Map, and select Properties.
Viewing FCIP Ethernet port properties FIGURE 297 FC ports properties Viewing FCIP Ethernet port properties Take the following steps to view Ethernet port properties. 1. Right click an extension blade or switch from the Fabric Tree structure or on the Connectivity Map, and select Properties.
Editing FCIP tunnels FIGURE 298 GigE ports properties Editing FCIP tunnels NOTE You cannot edit an active tunnel; disable the tunnel before making changes. 1. From the FCIP Tunnels dialog box, select the tunnel you want to edit. 2. Select Edit. The Edit FCIP Tunnel dialog box displays (Figure 299).
Editing FCIP circuits FIGURE 299 Edit FCIP Tunnel dialog box 3. Fields and parameters are as described in “Configuring an FCIP tunnel”. You can edit all editable fields and parameters. Editing FCIP circuits FCIP circuit settings may be edited from the Edit FCIP Circuit dialog box. The procedure for launching this dialog box for the 4 Gbps Extension Switch and Blade is different than the procedure for the 8 Gbps Extension Switch and the 8 Gbps Extension Blade.
Disabling FCIP tunnels The Edit FCIP Circuit dialog box displays. For the 8 Gbps Extension Switch and the 8 Gbps Extension Blade: 1. Select Edit. The Edit FCIP Tunnel dialog box displays. 2. Select a circuit that you want to edit from the Circuits properties table at the bottom of the dialog box and select Edit.
Enabling FCIP tunnels Enabling FCIP tunnels 1. From the FCIP Tunnels dialog box, select the tunnel you want to enable. 2. Select Enable. 3. Click OK to enable the tunnel. Deleting FCIP tunnels 1. From the FCIP Tunnels dialog box, select the tunnel you want to delete. 2.
Deleting FCIP Circuits 6. Click OK to enable the circuit(s). Deleting FCIP Circuits 1. From the FCIP Tunnels dialog box, select the tunnel that contains the circuit. 2. Select Edit. The Edit FCIP Tunnel dialog box displays. 3. Select the circuit that you want to delete from the Circuit properties table at the bottom of the dialog box.
Displaying tunnel properties from the FCIP tunnels dialog box Displaying tunnel properties from the FCIP tunnels dialog box Tunnel properties can be displayed from the FCIP Tunnels dialog box. 1. Select a tunnel from the FCIP tunnels dialog box. 2. Select the Tunnel tab. Tunnel properties are displayed.
Displaying FCIP circuit properties from the FCIP tunnels dialog box Displaying FCIP circuit properties from the FCIP tunnels dialog box Tunnel properties can be displayed from the FCIP Tunnels dialog box using the following procedure. 1. Select a tunnel from the FCIP tunnels dialog box. 2.
Displaying switch properties from the FCIP Tunnels dialog box Displaying switch properties from the FCIP Tunnels dialog box Switch properties are displayed on the FCIP Tunnels dialog box when you select a switch (Figure 303). FIGURE 303 Switch properties on the FCIP Tunnels dialog box Document Title xx-xxxxxxx-01...
Displaying fabric properties from the FCIP Tunnels dialog box Displaying fabric properties from the FCIP Tunnels dialog box Fabric properties are displayed on the FCIP Tunnels dialog box when you select a fabric. (Figure 304). FIGURE 304 Fabric properties on the FCIP Tunnels dialog box Troubleshooting FCIP Ethernet connections 1.
Fabric binding overview Enabling fabric binding Fabric Binding is enabled through the Fabric Binding dialog box. After you have enabled Fabric Binding, use the Fabric Membership List/Add Detached Switch to add switches that you want to allow into the fabric. NOTE In a pure Fabric OS environment, Fabric Binding is only supported on Fabric OS 5.2 or later.
Fabric binding overview Disabling fabric binding Fabric Binding cannot be disabled while High Integrity Fabric is active if the switch is offline. This disables fabric binding and High Integrity Fabric on the switch, but not the rest of the fabric. Disabled switches segment from the fabric.
Fabric binding overview Adding detached devices to the fabric binding membership list To add a switch that does not have a physical connection and is not discovered to the fabric, complete the following steps. 1. Select Configure > Fabric Binding. The Fabric Binding dialog box displays.
High integrity fabrics High integrity fabrics The High Integrity Fabric (HIF) mode option automatically enables features and operating parameters that are necessary in multiswitch Enterprise Fabric environments. When HIF is enabled, each switch in the fabric automatically enforces a number of security-related features including Fabric Binding, Switch Binding, Insistent Domain IDs, and Domain Register for State Change Notifications (RSCNs).
High integrity fabrics High integrity fabric requirements The term high integrity fabric (HIF) refers to a set of strict, consistent, fabric-wide policies. There are several specific configuration requirements for high integrity fabrics: • Insistent domain ID (IDID) must be enabled in the participating switches. •...
High integrity fabrics 2. Select the fabric on which you want to activate HIF from the Fabric Name list. The HIF status displays in the High Integrity Fabric field. 3. Click Activate. For Pure Fabric OS fabrics, HIF activates the Switch Connection Control (SCC) policy, sets Insistent Domain ID, and sets the Fabric Wide Consistency Policy (FWCP) for SCC in strict mode.
Page 722
High integrity fabrics Brocade Network Advisor SAN User Manual 53-1002167-01...
Thresholds Thresholds You can create thresholds, which you can then assign to available objects in the tree. Port Fencing threshold types include the following: • C3 Discard Frames (Fabric OS only) • Invalid CRCs (Fabric OS only) • Invalid Words (Fabric OS only) •...
Thresholds Protocol error threshold Use Protocol Error thresholds to block a port when one of the following protocol errors meet the threshold: • ISL Bouncing–ISL has repeatedly become unavailable due to link down events. • ISL Segmentation (M-EOS only)–ISL has repeatedly become segmented. •...
Adding thresholds Adding thresholds The Management application allows you to create Invalid CRCs, Invalid words, Link, Link Reset, Protocol Error, Security, and Sync Loss thresholds. Adding a C3 Discard Frames threshold NOTE This threshold is only available for Fabric OS devices running 6.3 or later. To add an C3 Discard Frames threshold, complete the following steps.
Page 728
Adding thresholds 4. Enter a name for the threshold in the Name field. 5. Select one of the following options: • Default—Uses device defaults. Go to step • Custom—Uses your selections. Continue with step 6. Enter the number of C3 discarded frames allowed for the threshold in the Threshold errors field.
Adding thresholds Adding an Invalid CRCs threshold NOTE This threshold is only available for Fabric OS devices. To add an Invalid CRCs threshold, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2.
Adding thresholds Adding an Invalid Words threshold NOTE This threshold is only available for Fabric OS devices. To add an Invalid Words threshold, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2.
Adding thresholds Adding a Link threshold NOTE This threshold is only available for M-EOS devices. To add Link thresholds, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2. Select Link from the Violation Type list. 3.
Adding thresholds Adding a Link Reset threshold NOTE This threshold is only available for Fabric OS devices. Use this threshold to block a port when a Link Reset violation meets the Fabric OS switch threshold. To add a Link Reset threshold, complete the following steps. 1.
Adding thresholds 8. Click OK to add the Link Resets threshold to the table and close the Add Link Reset Threshold dialog box. To assign this threshold to fabrics, switches, or switch ports, refer to “Assigning thresholds” page 693. 9. Click OK on the Port Fencing dialog box. Adding a Protocol Error threshold To add a Protocol Error threshold, complete the following steps.
Adding thresholds Select the time period for the threshold from the errors per list. The following choices are available: • None—the port is blocked as soon as the specified number of protocol errors allowed is met. • Second—the port is blocked as soon as the specified number of protocol errors allowed is reached within a second.
Page 735
Adding thresholds 2. Select State Change (Fabric OS only) from the Violation Type list. 3. Click Add. The Add State Change Threshold dialog box displays. 4. Enter a name for the threshold in the Name field. 5. Select one of the following options: •...
Adding thresholds Adding a Security threshold NOTE This threshold is only available for M-EOS devices. To add a Security threshold, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2. Select Security from the Violation Type list. 3.
Adding thresholds Assigning thresholds You can assign thresholds to any active object in the Ports table. You can only assign one threshold to an object at a time. If you assign a threshold to a switch, director, or fabric object, or to the All Fabrics object, the threshold is assigned to all subordinate objects (which do not have a directly assigned threshold) in the tree.
Adding thresholds Avoiding port fencing inheritance When you directly assign a threshold to an object, the threshold is inherited by all subordinate objects in the tree (unless they already have directly assigned thresholds). You cannot remove an inherited threshold from a subordinate object. However, the Management application allows you to effectively avoid inheritance for individual subordinate objects while maintaining inheritance for other subordinate objects.
Adding thresholds FIGURE 316 Edit C3 Discard Frames Threshold dialog box 4. Change the name for the threshold in the Name field, if necessary. 5. Select one of the following options: • Default—Uses device defaults. Go to step • Custom—Uses your selections. Continue with step 6.
Adding thresholds 4. Change the name for the threshold in the Name field, if necessary. 5. Select one of the following options: • Default—Uses device defaults. Go to step • Custom—Uses your selections. Continue with step 6. Change the number of port events allowed for the threshold in the Threshold field, if necessary.
Adding thresholds 8. Click OK on the Edit Invalid Words Threshold dialog box. If the threshold has already been assigned to ports, an “Are you sure you want to make the requested changes to this threshold on “X” ports?” message displays. Click OK to close. To assign this threshold to fabrics, switches, or switch ports, refer to “Assigning thresholds”...
Adding thresholds Editing a Link Reset threshold NOTE This threshold is only available for Fabric OS devices. To edit a Link Reset threshold, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2.
Adding thresholds Editing a Protocol Error threshold To edit a Protocol Error threshold, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2. Select Protocol Error from the Violation Type list. 3.
Adding thresholds Editing a State Change threshold NOTE This threshold is only available for Fabric OS devices running 6.3 or later. To edit an State Change threshold, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays (Figure 307).
Adding thresholds 6. Edit the number of state changes allowed for the threshold in the Threshold errors field, if necessary. Change the time period for the threshold from the errors per list, if necessary. The following choices are available: • None—the port is blocked as soon as the specified number of invalid CRCs allowed is met.
Adding thresholds 5. Change the number of port events allowed for the threshold from the Threshold errors list, if necessary. 6. Change the time period for the threshold from the violations per list, if necessary. Click OK on the Edit Security Threshold dialog box. If the threshold has already been assigned to ports, an “Are you sure you want to make the requested changes to this threshold on “X”...
Removing thresholds Viewing all thresholds on a specific device To view all thresholds assigned to a specific switch, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2. Right-click anywhere in the Ports table and select Expand. 3.
Removing thresholds A directly assigned icon ( ) displays next to each object with an assigned threshold which does not inherit a threshold from higher in the tree. NOTE If you remove a threshold from All Fabrics, it removes the threshold from individual Fabrics, switches, and switch ports in all Fabrics except for a Chassis group.
Configuring an Allow/Prohibit Matrix FIGURE 326 Cascaded configuration, three domains, but only two in a path Configuring an Allow/Prohibit Matrix The Allow/Prohibit Matrix is a FICON port attribute that can be used to prohibit communication between specific ports. Prohibits are not recommended on E_Ports (inter switch links). The Allow/Prohibit Matrix can be manipulated by host-based management programs using FICON CUP, or from a Management program to create policies and determine paths for data and command flows.
Configuring an Allow/Prohibit Matrix manually FIGURE 327 Active Configuration 4. Prohibit a connection between two ports by clicking the intersection point between the ports. A prohibit icon ( ) displays at the intersection point. If you know the port addresses of the ports for which you want to prohibit or allow communication and do not want to search the matrix for the exact port intersection point, use the procedure “Configuring an Allow/Prohibit...
Page 752
Configuring an Allow/Prohibit Matrix manually 3. Choose one of the following options: • Double-click a configuration file. • Select a configuration file and click the right arrow. A matrix displays. The switch ports are displayed on both the vertical axis and horizontal axis.
Saving or Copying Allow/Prohibit Matrix configurations to another device Saving or Copying Allow/Prohibit Matrix configurations to another device When copying or saving a configuration from a small switch (source switch with fewer ports; for example, 64 ports) to a larger switch (destination switch with a larger number of ports; for example, 256 ports) only the port address range of the smaller switch will be affected on the larger switch.
Page 754
Saving or Copying Allow/Prohibit Matrix configurations to another device FIGURE 329 Save As/Duplicate dialog box 4. Enter a name for the configuration. 5. Enter a description for the configuration. 6. Select the check box for the switch to which you want to save the configuration in the Select Switch table.
Activating an Allow/Prohibit Matrix configuration FIGURE 330 Save As/Duplicate dialog box 4. Enter a name for the configuration. 5. Enter a description for the configuration. 6. Select the check box for the device to which you want to save the configuration in the Select Switch table.
Deleting an Allow/Prohibit Matrix configuration FIGURE 331 Activate Matrix Confirmation message 4. Select the Active=Saved check box to save the active configuration as the startup configuration (IPL). 5. Click OK to confirm. If you select the Active=Saved check box, the text [=Active] is appended to the IPL file in the Configure Allow/Prohibit Matrix dialog box.
Changing the Allow/Prohibit Matrix display Changing the Allow/Prohibit Matrix display You can modify the display using the Window Arrangement list above the matrix display or the Clear all port names option below the display. NOTE If you receive a 'FICON not supported on switch' error, refer to FICON troubleshooting for a list of possible causes.
Cascaded FICON fabric Cascaded FICON fabric NOTE You must have FICON Management privileges to configure a fabric for cascaded FICON. The Management application enables you to easily configure a fabric for cascaded FICON. Note that configuring a fabric for cascaded FICON may be disruptive to current I/O operations in the fabric, as it needs to disable and enable the switches in the fabric.
Page 759
Cascaded FICON fabric 3. Select the FMS Mode check box to manage the fabric by a host-based management program using FICON CUP protocol. If you select FMS Mode, each switch is checked for a CUP license. Any switches that do not have a CUP license are listed, with a reminder that a CUP license is necessary to communicate with the fabric management server.
Cascaded FICON fabric merge Cascaded FICON fabric merge The Management application provides a wizard to help you merge two fabrics for cascaded FICON. Note that merging two cascaded FICON fabrics may be disruptive to current I/O operations in both fabrics, as it needs to disable and enable the switches in both fabrics. The merge process will not make any configuration changes on the primary (production) fabric that are disruptive.
Cascaded FICON fabric merge • (Optional) Configures long distance settings on selected ports of primary and secondary fabrics (requires Extended Fabric license). NOTE If the distance between the merged fabrics is 10 km or greater, you must configure the connection as a long distance connection. The cascaded FICON fabrics merge wizard performs the following operations to avoid AD, ACL, and zone database merge conflicts between the two fabrics: •...
Page 762
Cascaded FICON fabric merge 4. Click Next. The Set up merge options screen displays. 5. Select FMS Mode to manage the fabric by a host-based management program using FICON CUP protocol. Note that you cannot enable FMS Mode on switches running Fabric OS 7.0 or later unless they have an active CUP license.
Cascaded FICON fabric merge 11. Read and review the information on the Configure merge screen. If you understand and agree, click Next to confirm the information. A Summary screen displays. 12. Read the information, and click Finish to dismiss the wizard. Resolving merge conflicts You can resolve the following types of switch configuration conflicts: •...
Port Groups a. Select the device you want to resolve the domain ID for in the Available Switches table and click the right arrow button. b. Select a new domain ID for the device from the Domain ID list. Repeat steps a and b for each device in the Available Switches table. d.
Page 765
Port Groups FIGURE 332 Port Groups dialog box 2. Click New. 3. Enter a name for the port group in the Name field. 4. Enter a description for the port group in the Description field. 5. Select one or more ports to add to the group in the Group Type - FC Ports table. A port group must have at least one port in the Membership List.
Port Groups Viewing port groups Port groups are user-specific, you can only view and manage port groups that you create. To view port groups, complete the following steps. 1. Select Configure > Port Groups. The Port Groups dialog box only displays port groups defined by you. If a fabric becomes un-monitored, any port groups associated with that fabric do not display in the Port Groups table.
Swapping blades 8. Click the left arrow button. The selected ports are removed from the Membership List. 9. Click Update. 10. Click OK. Deleting a port group To delete a port group, complete the following steps. 1. Select Configure > Port Groups. The Port Groups dialog box displays.
Page 768
Swapping blades To swap blades, complete the following steps. 1. Select a chassis that contains at least two of the same type of blades. 2. Select Configure > Switch > Swap Blades. The Swap Blades dialog box displays. 3. Select the blade you want to replace from the first Swap Blades list. Once you select a blade, the second list automatically filters out the selected blade and any blade types that do not match the selected blade.
VLAN Manager Configuration requirements for VLAN Manager Before you can manage VLANs with VLAN Manager, you must complete the following tasks: • Make sure that the discovery process has been run. Discovery captures configuration information from Brocade products and places that information in the Management application database.
VLAN Manager Displaying VLANs in the VLAN View The VLAN View tab displays all the VLANs discovered on the network and lists them by VLAN IDs. To view the VLANs in the VLAN View tab, complete the following steps. 1. Click the VLAN View tab in the VLAN Manager dialog box to display all the port VLANs. 2.
VLAN Manager Displaying VLANs by products The Product View tab of the VLAN Manager dialog box presents the products that have been discovered on the network and the VLANs that have been assigned to them. NOTE Only products assigned to Management application areas of responsibility (AORs) are listed under the VLANs in the Product View tab.
Port VLANs Port VLANs VLAN Manager facilitates the creation, modification, and deletion of port VLANs on products that are known to the Management application. It also aids in the bulk deployment of these VLANs. For example, VLAN 3 may be configured on four products. If the VLAN definition for VLAN 3 is modified, the new definition can be deployed to all four products at one time.
Page 774
Port VLANs 3. Enter a VLAN ID in the Configure VLANs field. You can enter more than one ID, separating individual IDs with a comma (for example, 10, 45, 79, 30). You can also enter ranges of VLAN IDs (for example, 41-51). 4.
Port VLANs FIGURE 335 Select Classifier Groups dialog box Adding or modifying dual-mode ports You can configure an interface in a VLAN as a dual-mode port by assigning it as a tagged port to one VLAN and as an untagged port to another VLAN. You can add a dual-mode port to any VLAN except the default VLAN, VLAN 1.
Port VLANs Adding VLAN Properties The Add VLAN dialog box has two tabs: VLAN View and Product View. The VLAN properties vary for IOS and DCB products. When an IOS VLAN is selected, the Name, QoS, and Router Interface fields display.
Port VLANs If you want to add a virtual routing interface to the VLAN, enter the virtual routing interface number in this parameter. You can add an IP address to the virtual routing interface once the VLAN is deployed. From the Product View tab, you can configure one virtual routing interface per VLAN, for each product.
Port VLANs Deleting port VLANs from products Deleting a port VLAN removes all the interfaces on a product from that VLAN. A port VLAN can be deleted in both the VLAN and Product views. Deleting a port VLAN in the VLAN view 1.
Port VLANs Deploying VLAN configurations The Deploy VLANs dialog box allows you to deploy a VLAN configuration to target products. FIGURE 337 STP/RSTP Configuration dialog box - Deployment Properties pane 1. Select a deployment option: • Click the Deploy now option if you want to deploy the VLAN definition. •...
Spanning Tree Protocol Configuration 9. Click Start on the Deployment Status dialog box to save the changes to the selected products. 10. Click Close to close the Deployment Status dialog box. Spanning Tree Protocol Configuration Spanning Tree Protocol (STP) is a Layer 2 protocol that ensures a loop-free topology for any bridged local area network (LAN).
Page 781
Spanning Tree Protocol Configuration FIGURE 338 STP/RSTP Configuration dialog box 3. Select the target switch, VLAN, or port from the Target Context list. 4. Specify the following information: • Select STP or RSTP from the Spanning Tree list. • Select the Enable check box if you want to enable the protocol you selected. •...
Spanning Tree Protocol Configuration Deploying STP configuration on a port VLAN The Deploy VLAN dialog box allows you to deploy an STP configuration to target products. The Selected Targets Summary list FIGURE 339 STP/RSTP Configuration dialog box - Deployment Properties pane 6.
Spanning Tree Protocol Configuration Configuring MSTP on a port VLAN You can configure MSTP attributes from the VLAN View tab or the Product View tab. 1. Perform one of the following tasks to select the VLAN on which MSTP will be configured: •...
Page 784
Spanning Tree Protocol Configuration • Enter the interval after which the port will be enabled in the Re-enable Port Interval text box. The value range is 10 through 1000000 and the default is 300. • Click the Re-enable Port State check box to enable the time out mechanism for the port. •...
VLAN Routing Deleting an MSTP instance 1. Select MSTP from the Spanning Tree list. The VLAN - STP Configuration dialog box displays the Available MSTP Instances list. 2. Select an MSTP instance from the Available MSTP Instances list, or enter the MSTP instance number.
Page 786
VLAN Routing The Virtual Port - IP Configuration dialog box displays, as shown in Figure 341. If IP addresses have been configured for the switch virtual interface, they are listed in the Selected IP Addresses list in the dialog box. FIGURE 341 Virtual Port - IP Configuration dialog box 3.
Page 787
VLAN Routing 4. Enter the following information: • Primary or Secondary options (DCB products only)—Indicates whether the IP address is the primary or secondary IP address of the VLAN. • Type—Select the type of IP address you want to assign to the VLAN. Choose CIDR or IP/Subnet.
Page 788
VLAN Routing Brocade Network Advisor SAN User Manual 53-1002167-01...
Editing a deployment configuration Editing a deployment configuration 1. Select Configure > Deployment. The Deployment dialog box displays, as shown in Figure 343. FIGURE 343 Deployment dialog box 2. Select a deployment configuration in the Saved or Scheduled tab. 3. Click Edit. A dialog box specific to the type of deployment displays.
Duplicating a deployment configuration Duplicating a deployment configuration 1. Select Configure > Deployment. The Deployment dialog box displays. 2. Select a deployment configuration in the Saved or Scheduled tab. NOTE VLAN configurations cannot be duplicated. 3. Click Duplicate. A dialog box specific to the type of deployment displays. This is the same dialog box that was used when the original deployment was created.
Viewing deployment logs Viewing deployment logs 1. Select Configure > Deployment. The Deployment dialog box displays. 2. Click the Log tab. A list of deployment configurations that are executed and the status of each displays. Generating a deployment report 1. Select Configure > Deployment. The Deployment dialog box displays.
FC troubleshooting Tracing FC routes The Management application enables you to select a source port and a destination port and displays the detailed routing information from the source port or area on the local switch to the destination port or area on another switch. NOTE Trace route cannot be performed on offline devices.
FC troubleshooting 4. Click the right arrow button. 5. Click OK. The Trace Route Summary dialog box displays. This dialog box includes the following information: • Trace Route Summary. This table shows a brief summary of the trace including the following: Port WWN ...
Page 796
FC troubleshooting • Select the source and destination ports from a list by selecting the Select two device ports option and completing the following steps. a. Right-click a fabric in the Available Device Ports table and select Expand All. b. Select the ports (source and destination) for which you want to confirm device sharing from the Available Device Ports table.
FC troubleshooting Confirming Fabric Device Sharing NOTE Fabric device sharing is only available with Trial or Licensed version. NOTE Fabric device sharing is only available on pure Fabric OS fabrics. To confirm that two or more fabrics have been configured to share devices, complete the following steps.
Page 798
FC troubleshooting 3. Click the right arrow button. 4. Click Start. The Management application performs the following operations to enable diagnostic mode on the selected ports: 1. Disable the source port. 2. Disable the destination port. 3. Enable the diagnostic mode on source E port. 4.
Page 799
FC troubleshooting TABLE 43 Status Detail messages Operation/Test Possible message Disable the source or destination Disabled the port slot_number/port_number of the switch port switch_IP_address. Failed to disable the port slot_number/port_number of the switch switch_IP_address. Reason: CAL_error_message Enable the diagnostic mode on Enabled diagnostic mode on port slot_number/port_number of the source or destination E ports switch switch_IP_address.
FCIP troubleshooting FCIP troubleshooting NOTE FCIP troubleshooting is only available for Fabric OS devices. You can perform the following operations using FCIP troubleshooting: • Ping. Use to confirm that the configured FCIP tunnels are working correctly. • Trace Route. Use to view the route information from a source port on the local device to a destination port on another device and determine where connectivity is broken.
Page 801
FCIP troubleshooting TABLE 44 FCIP IP Ping Response Details Field or Component Description Packet Lost percentage The number of packets lost expressed as a percentage of the packets sent. This will be 0%, 25%, 50%, 75% or 100% for 0, 1, 2, 3, or all 4 packets lost.
FCIP troubleshooting Tracing IP routes The Management application enables you to select an source and a target and displays the detailed routing information from the source port or area on the local switch to the destination port or area on another switch. Trace route cannot be performed on the offline devices or virtual devices.
FCIP troubleshooting Click Close on the IP Traceroute Result dialog box. 8. Click Cancel on the IP Traceroute dialog box. Viewing FCIP tunnel performance NOTE IP Performance is only supported on the 4 Gbps Router, Extension Switch and Encryption Blade running Fabric OS 5.2 or later.
Application Configuration Wizard troubleshooting Field/Component Description DELAY The average round trip time to send a packet of data and receive the acknowledgement. PMTU The largest packet size that can be transmitted over the end-to- end path without fragmentation. This value is measured in bytes and includes the IP header and (Path Maximum payload.
Browser troubleshooting Browser troubleshooting The following section states a possible issue and the recommended solution for browser errors. Problem Resolution The Cancel button does not work on the Report Mozilla Firefox Browser does not support window close script. via E-mail dialog box when you use the Mozilla Click the browser Close button to cancel.
FICON troubleshooting FICON troubleshooting The following section states a possible issue and the possible cause for FICON errors. Problem Causes FICON not supported on switch error. FICON Unsupported Configurations: • FICON is not supported on base switches. • FICON is not supported on a logical switch which has an XISL configured. •...
Launch Client troubleshooting Launch Client troubleshooting The following section states a possible issue and the recommended solution if you are unable to launch the remote client. Problem Resolution Remote client does not upgrade from versions The remote client does not automatically upgrade when you select the remote client prior to 11.0.
Page 808
Launch Client troubleshooting Problem Resolution Unable to log into the Client (the application Use one the following procedures to configure the IP address in the host file. does not launch when you use a valid user Windows operating systems name and password and exceptions are thrown Log in using the 'Administrator' privilege.
Names troubleshooting Names troubleshooting The following section states a possible issue and the recommended solution for names errors. Problem Resolution Duplicate name error. If you configured the Management application to only allow unique names and you try to use a name that already exists in the fabric. You can enter a different name for the device or search for the duplicate name using one of the following procedures: •...
Performance troubleshooting Performance troubleshooting The following section states a possible issue and the recommended solution for Performance errors. Problem Resolution An error message with the following text Make sure that the following prerequisites for Performance Monitoring Data collection are displays: met.
Page 811
Performance troubleshooting Problem Resolution An error message with the following text To collect data, the SNMP credentials in the Management application and switch displays: must match. Real Time statistics collection has failed. SNMP v1 or v3: The community strings entered in the Address Properties dialog box - Please see master log for details.
Page 812
Performance troubleshooting Problem Resolution An error message with the following text To collect GigE port and FCIP statistics, you must enable the FCIP-MIB capability. displays: Verification and Troubleshooting Real Time statistics collection has failed. To verify that FCIP-MIB capability is enabled, use the following command from the Please see master log for details.
Page 813
Performance troubleshooting Problem Resolution An error message with the following text To collect data on Virtual Fabric-enabled switches, the Fabric OS user must have displays: access to all Virtual Fabrics. The SNMPv3 user name must be the same as the Fabric Real Time statistics collection has failed.
Port Fencing troubleshooting Port Fencing troubleshooting The following section states a possible issue and the recommended solution for Port Fencing errors. Problem Resolution In a pure M-EOS fabric, fabric level policy Re-assign the threshold to the fabric. For step-by-step instructions, refer to “Assigning information (for example, Port Fencing Link thresholds”...
Server Management Console troubleshooting Server Management Console troubleshooting The following section states a possible issue and the recommended solution for server management console errors. Problem Resolution Unable to launch the The Windows Vista,Windows 7,or Windows 2008 R2 system enables the User Access Control (UAC) option by SMC on a Windows default.
Supportsave troubleshooting Problem Resolution Unable to launch the SMC on Disable using the Group Policy by completing the following steps. a Windows Vista or Windows 7 You can perform this procedure on you local machine using Local Group Policy editor or for many system computers at the same time using the Active Directory-based Group Policy Object (GPO) editor.
View All list troubleshooting View All list troubleshooting The following section states a possible issue and the recommended solution for View All list errors. Problem Resolution View All list does not display. The View All list does not display until you discover a fabric. To discover a fabric, refer to “Discovering fabrics”...
Page 818
Zoning troubleshooting Brocade Network Advisor SAN User Manual 53-1002167-01...
SAN performance overview • Provide aging scheme. The granularity varies depending on the configuration on the Server Management Console, Performance Data Aging tab. Option 1—2 years data with the following samples • 5 minutes granularity for last 1 day (288 samples) •...
Page 821
SAN performance overview • Compression Ratio — available for FCIP tunnels only. • Latency — available for FCIP tunnels only. • Link Retransmits — available for FCIP tunnels only. • Timeout Retransmits — available for FCIP tunnels only. • Fast Retransmits — available for FCIP tunnels only. •...
SAN performance overview SAN Performance management requirements To collect performance data, make sure the following requirements have been met: • Make sure the snmp access control list for the device is empty or the Management application server IP is in the access control list. Example of default access control list FCRRouter:admin>...
Page 823
SAN performance overview Trap port: 162 Trap recipient Severity level: 4 Community 6: FibreChannel (ro) Trap recipient: 1001:0:0:0:0:0:0:172 Trap port: 162 Trap recipient Severity level: 4 To set the SNMP v1 credentials on the device, use the snmpconfig --set snmpv1 command.
Page 824
SAN performance overview Priv Protocol: noPriv To set the SNMP v3 credentials on the device, use the snmpconfig --set snmpv3 command. FM_4100_21:admin> snmpconfig --set snmpv3 SNMPv3 user configuration(SNMP users not configured in Fabric OS user database will have physical AD and admin role as the default): User (rw): [snmpadmin1] admin Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 1 New Auth Passwd:...
Page 825
SAN performance overview 4. Click the Manual option to view SNMP credentials. 5. Click the SNMP tab. 6. Select the v1 or v3 from the SNMP Version list. Make sure SNMP credentials match those on the device. 8. Click OK on the AddFabric Discovery dialog box. 9.
SAN real-time performance data • To collect performance on a Virtual Fabric enabled device, use the userconfig --show command to make sure the Fabric OS user has access to all the Virtual Fabrics. Make sure that the SNMPv3 user name is same as the Fabric OS user name. Otherwise, the data is not collected for virtual switches with a non-default VF ID.
SAN real-time performance data Generating a real-time performance graph You can monitor a device’s performance through a performance graph that displays transmit and receive data. The graphs can be sorted by the column headers. You can create multiple real-time performance graph instances. NOTE To make sure that statistic collection for a switch does not fail, you must configure SNMP credentials for the switch.
SAN real-time performance data 6. Click the right arrow to move the selected ports to the Selected table. Click OK. The Real Time Performance Graphs dialog box displays. Filtering real-time performance data To filter real-time performance data from the Real Time Performance Graphs dialog box, complete the following steps.
SAN real-time performance data 14. Select the Display tabular data only check box to only show text with no graphs or icons. The Source and Destination icons and the Graph column do not display 15. Click Apply. The selected graph automatically displays in the Real Time Performance Graphs dialog box. 16.
SAN Historical performance data SAN Historical performance data Performance should be enabled constantly to receive the necessary historical data required for a meaningful report. The following options and features are available for obtaining historical performance data: • Collect historical performance data from the entire SAN or from a selected . NOTE Virtual Fabric logical ISL ports are not included in performance collection.
SAN Historical performance data Enabling historical performance collection for selected fabrics To enable historical performance collection for selected fabrics, complete the following steps. 1. Select Monitor > Performance > Historical Data Collection > Enable Selected. The Historical Data Collection dialog box displays. FIGURE 345 Historical Data Collection dialog box 2.
SAN Historical performance data Generating a historical performance graph To generate a historical performance graph for a device, complete the following steps. 1. Select the device for which you want to generate a performance graph. 2. Choose one of the following options: •...
Page 833
SAN Historical performance data d. Select the granularity at which you want to gather performance data from the Granularity list. The granularity varies depending on the configuration on the Server Management Console, Performance Data Aging tab. Option 1—2 years data with the following samples •...
Page 834
SAN Historical performance data Filtering data by ports To filter data for a historical performance graph by ports, complete the following steps. 1. Select the type of ports from the Show list. FIGURE 347 Custom Port Selector dialog box 2. Right-click a device in the Available table and select Expand All. 3.
SAN Historical performance data Saving a historical performance graph configuration To save a historical performance graph configuration, complete the following steps. 1. Select the device for which you want to generate a performance graph. 2. Choose one of the following options: •...
SAN Historical performance data Exporting historical performance data To export historical performance data, complete the following steps. 1. Generate a performance graph. To generate a performance graph, refer to “Generating a historical performance graph” page 788. 2. Right-click anywhere in the graph table and select Export Table. The Save table to a tab delimited file dialog box displays.
SAN End-to-end monitoring SAN End-to-end monitoring NOTE End-to-end monitoring requires a Fabric OS device. NOTE End-to-end monitoring on an Access Gateway device requires Fabric OS 7.0 or later with an Advanced Performance Monitor license. Performance enables you to provision end-to-end monitors of selected target and initiator pairs. These monitors are persisted in the database and are enabled on one of the F_ports on the connected device (the Management application server determines the port).
Page 838
SAN End-to-end monitoring FIGURE 349 Set End-to-End Monitors dialog box 2. Select the fabric for which you want to configure end-to-end monitoring from the Fabric list. 3. Select an initiator port from the Select an initiator port table. 4. Select a target port from the Select a target port table. 5.
SAN End-to-end monitoring Displaying end-to-end monitor pairs in a real-time graph To display an end-to-end monitor pair in a graph, complete the following steps. 1. Select Monitor > Performance > End-to-End Monitors. The Set End-to-End Monitor dialog box displays. 2. Select one or more end-to-end monitor pairs you want to view from the Monitored Pairs table. You can select up to 32 monitored pairs.
SAN Top Talker monitoring Deleting an end-to-end monitor pair To delete an end-to-end monitor pair, complete the following steps. 1. Select Monitor > Performance > End-to-End Monitors. The Set End-to-End Monitor dialog box displays. 2. Select the end-to-end monitor pair you want to delete from the Monitored Pairs table. 3.
Page 841
SAN Top Talker monitoring To configure a fabric mode Top Talker monitor, complete the following steps. 1. Select the device or fabric on which you want to monitor Top Talker data. NOTE On the 8 Gbps 8-FC port, 10 GbE 24-CEE port Switch, Top Talkers is only supported on the 8 Gbps FC Ports.
SAN Top Talker monitoring • • Source Switch/Port • • Destination Destination Port • Destination Switch/Port 8. Click Destination to launch the Port Properties dialog box for the Destination port. 9. Click Source to to launch the Port Properties dialog box for the Source port. 10.
SAN Top Talker monitoring 9. Click Apply. The top 20 conversations display in the Current Top Talkers table. The Top Talkers Summary table displays all Top Talkers that occurred since the Top Talkers dialog box was opened (displays a maximum of 360). When the maximum is reached, the oldest Top Talker drops as a new one occurs.
Bottleneck detection Bottleneck detection A bottleneck is a port in the fabric where frames cannot get through as fast as they should. In other words, a bottleneck is a port where the offered load is greater than the achieved egress throughput.
Bottleneck detection • Bottleneck detection is supported on 4 Gbps, 8 Gbps, and 16 Gbps platforms. • Bottleneck detection is supported in Access Gateway mode. • Bottleneck detection is supported whether Virtual Fabrics is enabled or disabled. In VF mode, bottleneck detection is supported on all fabrics, including the base fabric.
Page 846
Bottleneck detection If you add additional switches, including logical switches, to the fabric, bottleneck detection is not automatically applied, so be sure to enable bottleneck detection on those switches as well. NOTE It is recommended that you enable bottleneck detection on every switch in the fabric. Enabling bottleneck detection enables both latency and congestion detection.
Bottleneck detection Configuring bottleneck alert parameters After you enable bottleneck detection, you can change the alert parameters on all eligible ports, switches, and fabrics. The alert parameters include whether alerts are sent and the threshold, time, and quiet time options. NOTE Best practice is to enable alerts and use the default values: Congestion...
Bottleneck detection Inheriting alert parameters from a switch When you enable bottleneck detection on a switch, all eligible ports on that switch inherit the same bottleneck parameters as the switch. You can then change the parameters for specific ports or exclude specific ports from bottleneck detection.
Bottleneck detection Displaying bottleneck statistics You can display a graph of bottleneck statistics for up to 32 ports at one time. You can display a graph showing the history of bottleneck conditions, for up to the last 150 minutes. 1. Select Monitor > Performance > Bottleneck Graph. The Bottleneck Graph Port Selector dialog box displays with bottlenecked ports shown in the Available list.
Thresholds and event notification Disabling bottleneck detection Use this procedure to exclude specific ports from bottleneck detection or to disable bottleneck detection on entire switches or fabrics. It is not recommended to disable bottleneck detection on a port except under special circumstances.
Page 851
Thresholds and event notification FIGURE 352 Threshold example To create a threshold policy, complete the following steps. 1. Select Monitor > Performance > Configure Thresholds. The Set Threshold Policies dialog box displays. FIGURE 353 Set Threshold Policies dialog box 2. Click Add. The New Threshold Policy dialog box displays.
Page 852
Thresholds and event notification FIGURE 354 New Threshold Policy dialog box 3. Enter a name for the policy (100 characters maximum) in the Name field. 4. Select a policy type from the Policy Type list. You can only define policies for E and F/FL ports. 5.
Thresholds and event notification 13. Make the threshold changes by selecting one of the following options: • To only add new thresholds, select the Keep currently set thresholds and only add new thresholds check box. • To overwrite all existing thresholds on all fabrics and devices, select the Overwrite all thresholds currently set on all switches check box.
Thresholds and event notification The threshold policy displays in the Available Threshold Policies table with a modified icon ). To assign a threshold policy to a fabric or device, refer to “Assigning a threshold policy” page 811. 12. Click OK on the Set Threshold Policies dialog box. The Confirm Threshold Changes dialog box displays.
Thresholds and event notification Assigning a threshold policy To assign a threshold policy to a fabric or device, complete the following steps. 1. Select Monitor > Performance > Configure Thresholds. The Set Threshold Policies dialog box displays. 2. Select one or more threshold policies you want to assign to a fabric or device in the Available Threshold Policies table.
SAN Connection utilization 4. Click Yes on the confirmation message. 5. Click OK on the Set Threshold Policies dialog box. The Confirm Threshold Changes dialog box displays. 6. Make the threshold changes by selecting one of the following options: • To only add new thresholds, select the Keep currently set thresholds and only add new thresholds check box.
SAN Connection utilization The colors and their meanings are outlined in the following table. Line Color Utilization Defaults Red line 80% to 100% utilization Yellow line 40% to 80% utilization Blue line 1% to 40% utilization Gray line 0% to 1% utilization Black line Utilization disabled Enabling connection utilization...
SAN Connection utilization Disabling connection utilization NOTE Fabrics where performance data collection is not enabled display connections as thin black lines. To turn off the connection utilization, choose one of the following options: • Select Monitor > Performance > View Utilization (or CTRL + U). •...
Frame Monitor Frame types The frame type can be a standard type (for example, a SCSI read command filter that counts the number of SCSI read commands that have been transmitted by the port) or a user-defined frame type customized for your particular use. Pre-defined frame types Pre-defined frame types include the following: •...
Creating a custom frame monitor Frame Monitoring requirements To configure Frame Monitoring, the following requirements must be met: • The switch must be running Fabric OS 7.0.0 or later. • Frame Monitoring requires the Advanced Performance Monitoring license and the Fabric Watch license.
Page 862
Creating a custom frame monitor 2. Select the Switch option. The Products / Monitors list displays the switches that support Frame Monitoring. 3. Enter the monitor data in the Configure Monitor area. 4. Select one or more switches in the Products / Monitors list, and click the right arrow button to assign the frame monitor to those switches.
Editing a frame monitor 11. Click Start. The frame monitor configuration is applied to the switches. 12. Click Close after configuration is complete (indicated by “Completed” in the Progress column). Editing a frame monitor 1. Select Monitor > Fabric Watch > Frame Monitor. The Frame Monitor dialog box displays.
Finding frame monitor assignments 6. Click the right arrow button to move the frame monitor to the selected ports. The Monitor Details list displays the monitors that are assigned to a selected port. If no monitors are assigned, or if more than one port is selected, the Monitor Details list does not display.
Removing a frame monitor from a switch 8. Click Start. The frame monitor configuration is applied to the ports. 9. Click Close after configuration is complete (indicated by “Completed” in the Progress column). Removing a frame monitor from a switch When you remove a frame monitor from a switch, the frame monitor is automatically removed from all assigned ports in the switch.
Page 866
Removing a frame monitor from a switch Brocade Network Advisor IP User Manual 53-1002168-01...
Policy Monitor overview Fabric policy monitors Enables you to set the following policy monitors on fabrics. • Check zoning status—Enables you to determine if zoning is enabled or disabled on the fabric. Zoning plays a key role in the management of device communication. When you enforce zoning, devices not in the same zone cannot communicate.
Policy Monitor overview SAN Switch policy monitors Enables you to set the following policy monitors on SAN switches. • Check if the product is configured to send events to this server—Enables you to determine if the Management application server is registered as an SNMP recipient and Syslog recipient. If the Management application server fails to register as a listener for SNMP, Syslog, and other events, the Management application server cannot notify you of changes to the fabric or device.
Policy Monitor overview • Check if the product is configured to send Upload Failure Data Capture to an FTP server— Enables you to determine if Upload Failure Data Capture is enabled on the selected switches, that the configured FTP Server is accessible, and that you have write permission to the directory.
Viewing existing policy monitors Management policy monitor Enables you to set a policy monitor on the Management application. Check to see if the server backup is enabled and working—Enables you to determine if back up is enabled for the Management application server and if the backup output directory is accessible and writable.
Adding a policy monitor • Next Run—The time the policy will run again. • Last Run—The time the policy ran last. • Result—The result of last Policy Monitor run. There are three possible results: Success, Partially Failed, Failed, and Not Applicable. 3.
Page 873
Adding a policy monitor 6. Choose one of the following options: • To use the default frequency (one time, runs at current system time plus fifteen minutes), go to step • To configure the frequency, click the ellipsis button and choose one of the following options to configure the frequency at which deployment runs for the policy monitor: To configure deployment to run only once, refer to “Configuring a one-time policy...
Page 874
Adding a policy monitor 8. To set policy monitors for switches, select the SAN Switch Checks tab and complete the following steps. FIGURE 363 Add Policy Monitor dialog box, SAN Switch Checks tab a. Select the Check if the product is configured to send events to this server check box to determine if the Management application server is registered as an SNMP recipient and Syslog recipient.
Page 875
Adding a policy monitor 9. To set policy monitors for hosts, select the Host Checks tab and complete the following steps. FIGURE 364 Add Policy Monitor dialog box, Hosts Checks tab a. Select the Check for redundant connections to attached fabrics check box to determine if there are at least the minimum number of configured physical connections between the host and the attached fabric.
Page 876
Adding a policy monitor 10. To set policy monitors for the Management application, complete the following steps. FIGURE 365 Add Policy Monitor dialog box, Management Checks tab a. Select the Management Checks tab. b. Select the Check to see if the server backup is enabled and working check box to determine the following configurations: •...
Editing a policy monitor Editing a policy monitor To edit an existing policy monitor, complete the following steps. 1. Select Monitor > Policy Monitor. The Policy Monitor dialog box displays. 2. Select the policy you want to edit in the Monitors table and click Edit. The Edit Policy Monitor dialog box displays.
Page 878
Editing a policy monitor 6. Choose one of the following options: • To use the default frequency (one time, runs at current system time plus fifteen minutes), go to step • To configure the frequency, click the ellipsis button and choose one of the following options to configure the frequency at which deployment runs for the policy monitor: To configure deployment to run only once, refer to “Configuring a one-time policy...
Page 879
Editing a policy monitor Enter the minimum number of connections allowed between a switch pair in the Minimum Connections field. The default recommended is 2. d. Select the Check if the product is configured to send Upload Failure Data Capture to an FTP server check box to determine the following configurations: •...
Deleting a policy monitor Deleting a policy monitor To delete an existing policy monitor, complete the following steps. 1. Select Monitor > Policy Monitor. The Policy Monitor dialog box displays. 2. Select the policy you want to delete in the Monitors table. 3.
Page 881
Running a policy monitor 4. Review the report details. • Fabric Checks—Displays the Fabric Name and Status of the policy check for the following options: Fabric - Check zoning is Enabled Fabric - Check that all zones belong to at least one zone config ...
Viewing a policy monitor report Viewing a policy monitor report To view an existing (must have been run at least once) policy monitor report, complete the following steps. 1. Select Monitor > Policy Monitor. The Policy Monitor dialog box displays. 2.
Policy monitor scheduling • SAN Switch Checks—Displays the switch name and switch IP address and Status of the policy check for the following options: SAN Switch - Check if the product is configured to send events to this server SAN Switch - Check if the product is configured to send Upload Failure Data Capture to ...
Page 884
Policy monitor scheduling Configuring an hourly policy monitor schedule To configure an hourly schedule, complete the following steps. 1. Select Hourly from the Frequency list. 2. Select the minute past the hour you want deployment to run from the Minutes past the hour list.
Page 885
Policy monitor scheduling Configuring a monthly policy monitor schedule To configure a monthly schedule, complete the following steps. 1. Select Monthly from the Frequency list. 2. Select the time of day you want deployment to run from the Time (hh:mm) lists. Where the hour value is from 0 through 12, the minute value is from 00 through 59, and the day or night value is AM or PM.
Page 886
Policy monitor scheduling Brocade Network Advisor SAN User Manual 53-1002167-01...
Event notification Event notification The Management application records the SAN and IP events in the Master Log. You can configure the application to send event notifications to e-mail addresses at certain time intervals. This is a convenient way to keep track of events that occur on the SAN and IP networks. You can also configure products to “call home”...
Defining filters 8. Enter the length of time the application should wait between notifications in the Summary Interval field and list. Notifications are combined into a single e-mail and sent at each interval setting. An interval setting of zero causes notifications to be sent immediately. ATTENTION Setting too short an interval can cause the recipient’s e-mail inbox to fill very quickly.
Page 890
Defining filters FIGURE 370 Define Filter - Basic tab dialog box 4. Select which product type you are defining (SAN, IP, or Host) and click the appropriate tab. 5. Click the Event Description check box and enter a description of the event in the field. 6.
Defining filters Setting up advanced event filtering To set up advanced event filtering on the selected events for a user, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select a user in the Users table and click Edit. The Edit User dialog box displays.
Defining filters d. Click the right arrow button to move the event type to the Additional Filters - Include these Events list. e. To add additional filters, repeat step a through step 8. To exclude events from the event filter, complete the following steps. NOTE You can configure a maximum of ten filters to be included.
SNMP traps SNMP traps Simple network management protocol (SNMP) provides a means to monitor and control network products and to manage configurations, statistics, performance, and security through authentication and privacy protocols. The Management application allows you to configure SNMP traps. The SNMP configuration tasks are described in the following sections.
Page 894
SNMP traps FIGURE 372 SNMP Trap Recipients dialog box 2. Click Add from the Action list. 3. Enter the IP address of the SNMP trap receiver (the recipient server) in the Recipient IP Address field. This is a mandatory field. IPv4 addresses are accepted, but a Domain Name System (DNS) name is not accepted.
SNMP traps Removing a trap recipient from one or more switches 1. Select Monitor > SNMP Setup > Product Trap Recipients. The SNMP Trap Recipients dialog box, shown in Figure 372, displays. 2. Click Remove from the Action list. 3. Enter the IP address of the SNMP trap port (the recipient server) in the Recipient IP Address field.
Page 896
SNMP traps FIGURE 373 SNMP Trap Forwarding dialog box The SNMP Trap Forwarding dialog box allows you to perform the following tasks: • Add a trap destination. • Edit a selected trap destination. • Duplicate a selected trap destination. • Delete a selected trap destination.
Page 897
SNMP traps FIGURE 374 Add Trap Destination dialog box 4. Enter a general description of the trap destination in the Description field. 5. Enter the IP address of the trap destination in the IP Address field. This is a mandatory field. IPv4 and IPv6 addresses are accepted but a DNS name is not accepted.
Page 898
SNMP traps Adding a new trap filter The Add Trap Filter dialog box allows you to configure trap filters for forwarding SNMP traps. You can add trap filters on SAN products, IP products, or Hosts. 1. Select Monitor > SNMP Setup > Trap Forwarding. The SNMP Trap Forwarding dialog box displays.
SNMP traps • Warning • Notice • Info • Debug Traps with the selected severity and those with higher severity levels are forwarded. For example, by default, Critical severity is selected. Therefore, traps with Critical, Alert, and Emergency severity levels are forwarded. To have all traps forwarded, select Debug, the lowest severity level.
Page 900
SNMP traps FIGURE 376 Event Reception dialog box - Trap Credentials dialog box The Management application can receive SNMP v1 traps from Brocade SAN switches and directors that have any SNMP community strings. It can receive SNMP v3 traps and informs from these SAN products.
SNMP traps FIGURE 377 SNMP v3 Credentials dialog box 4. Type the user name in the User Name field. For configurations that do not have authentication or privacy, the Management application uses the user name to match for authentication. 5. Select an authentication protocol from the Auth Protocol list. You can select -None-, HMAC-MD5, or HMAC_SHA.
SNMP traps FIGURE 378 SNMP v1/v2 Community String dialog box 4. Enter a unique community string in the Community String field, which will be used to match for authentication in SNMP v1 and v2c configurations. This field is case-sensitive. 5. Re-enter the string in the Confirm Community String field. 6.
SNMP traps 4. Save the file. The Management application recompiles all the MIB files. If compilation is successful, the traps can now be registered in the Event Reception dialog box. NOTE If there are compilation errors, you can view the errors in the server log <install dir>\logs\server\server.log (Windows) or <install dir>/logs/server/server.log (UNIX).
Page 905
SNMP traps FIGURE 379 Trap Configuration tab of the Event Reception dialog box 3. Expand a folder for a MIB to display the traps in the MIB. If the list is too long, use the Search tool to find a MIB or trap. 4.
Page 906
SNMP traps 6. When you have finished, click OK to accept your entries. The status of the trap changes to Registered - Customized and the trap appears in the Event Log. Unregistering a registered trap You can unregister only the traps that you have registered. You cannot unregister traps that come with the Management application by default.
Syslogs 5. If the trap has been customized, a button labeled Default is availab.e. Click Default to revert the previous changes to its default. Syslogs Use the Options dialog box to automatically register the Management application server as the syslog recipient on all managed SAN and IP products. The syslog listening port number is 514 by default.
Syslogs Removing a syslog recipient 1. Select Monitor > Syslog Configuration > Product Trap Recipients. The Syslog Recipients dialog box displays. 2. Select Remove from the Action list. 3. Enter the IP address of the syslog port (the recipient server) in the Recipient IP Address field. 4.
Syslogs Adding a syslog filter You can add a syslog filter on SAN products, IP products, or Hosts. 1. Select Monitor > Syslog Configuration > Syslog Forwarding. The Syslog Forwarding dialog box displays. 2. Click the Enable syslog forwarding check box. 3.
Event action definitions Event action definitions To reduce the amount of events being logged in the Management application database, the Event Actions dialog box allows you to control what events the Management application monitors, on which products they are to be monitored, how often they are to be monitored, and what to do when the monitored events are generated.
Page 912
Event action definitions FIGURE 385 Add Events dialog box - Events pane 5. Select one of the following event types from the Show list: • Traps (default) • Application Events • Pseudo Events • Custom Events Depending on what event type you select, a box listing the available events or pseudo events displays.
Event action definitions 11. Select Configure varbind filters to configure filters on varbind values (see “Configuring varbind filters” on page 869 for more information). If you do not want to configure varbind filters, click Next. The Sources pane of the Add Event Action dialog box is displayed. You can use the search tool to search for sources.
Event action definitions • in – Matches collection • not_in – Does not match collection • ~ – Arbitrary Unicode regular expression 5. Enter the value of the varbind. The value you enter must conform to the data type required by the varbind.
Page 915
Event action definitions 5. Select the event senders you want from the Available Sources list, then click the right arrow button to move them in the Selected Sources box. NOTE The selected source count cannot exceed 100. 6. If you selected a product group or port group as event senders, select one of the following group members: NOTE The Selected Product/Port Group members treated as parameter is not available if you...
Event action definitions Configuring event action policies The Policy pane of the Add Event Action dialog box, shown in Figure 388, allows you to define the frequency of the event, enter a message for an event that will be displayed in the event log, and specify the event severity.
Page 917
Event action definitions Click Time bound (act at the end of the duration specified) if you want the Management application to perform the specified action once the specified number of occurrences has occurred and the specified duration has elapsed. For example, if you want the action to be applied when 10 link down traps occur during a one-minute duration, the Management application waits until 10 link down traps occur and one minute has elapsed before the defined action is applied.
Event action definitions Editing event actions The Edit Event Action Group - Actions dialog box, shown in Figure 389, defines what action the Management application takes when the criteria are met. FIGURE 389 Action Group - Actions pane of the Edit Event Action dialog box 1.
Page 919
Event action definitions The Broadcast Message dialog box displays. a. Select a severity level from the list. b. Type a message in the Message Content field. Click OK. 5. The Special Events Handling check box is enabled by default. Leave it enabled if you want the event action to be added to the Special Event Handling event action category.
Event action definitions 9. From the Target list, select the product (the target source) to which the payload will be deployed: • Event Sender: Deploy the payload to the product that sent the event. If the event was sent by a non-Brocade product, the event action will not be deployed to that product. •...
Page 921
Event action definitions Acknowledging special events When the Management application receives and processes events selected as special events, the following status bar icon displays. 1. Click the special events icon to launch the Special Events dialog box, shown in Figure 390.
Event action definitions Configuring event action e-mail settings The Action Group - E-mail Settings pane of the Add Event Action dialog box, shown in Figure 391, allows you to select e-mail recipients from a list, add new e-mail recipients, and compose e-mail messages.
Event action definitions 6. Click Finish. The Summary pane of the Edit Event Action dialog box displays an overview of the e-mail configuration you are creating. Review your entries and take one of the following actions: • Click Finish to approve the configuration. •...
Event action definitions Deleting an event action definition Perform the following steps to delete an event action definition. 1. Select Monitor > Event Processing > Event Actions. The Event Actions dialog box displays. 2. Select the definition that you want to delete from the Event Actions list. 3.
Page 925
Event action definitions 3. Click the Import Snort® Rule button. The Import Snort® Rule File dialog box displays, as shown in Figure 393. FIGURE 393 Import Snort® Rule File dialog box 4. Enter the complete path of the Snort rule file located on the Syslog server. 5.
Pseudo events Pseudo events A pseudo event is a combination of different SNMP traps that you decide would constitute a single event. For example, there are two separate SNMP traps for link up and link down occurrences. You might decide that these two occurrences should be just one event. Displaying pseudo event definitions Perform the following steps to display the properties of a pseudo event.
Pseudo events Setting pseudo event policies The Policy pane of the Add Pseudo Event dialog box is displayed in Figure 395. FIGURE 395 Policy pane of the Add Pseudo Event dialog box 1. Click the Escalation button to create an escalation policy, and then enter the duration of time that the Management application waits before performing the specified action.
Pseudo events Refer to “Creating an event action with a pseudo event on the flapping policy” on page 890 for complete instructions. 4. Enter a description in the Message field. This description is displayed in the event log for this pseudo event.The event log displays the exact text you enter in this field;...
Pseudo events 1. From the Available Traps list, select the trap for the down state of a product or interface. 2. You can change the text associated with the selected trap by doing any of the following: • Click one of the following buttons: MIB Information, if you want the default SNMP name for the traps to be displayed.
Pseudo events Editing a pseudo event definition Use caution when you modify pseudo events. Saving changes to a pseudo event definition resets the run-time information for that pseudo event. 1. Select Monitor > Event Processing > Pseudo Events. The Pseudo Events dialog box, shown in Figure 394, displays.
Pseudo events 6. Click Next. The Events pane of the Add Pseudo Event dialog box displays. Select a critical event, such as LinkDown, and click the right arrow button to move it to the Selected Down Trap list. 8. Select a remediation event, such as LinkUp, and click the right arrow button to move it to the Selected Up Trap list.
Pseudo events 13. Select the Management application user to whom the e-mail message will be sent from the Available Recipients list, and click the right arrow button to move the recipient to the Selected Recipients list. NOTE Make sure the user you select has an e-mail address defined in a user account. 14.
Pseudo events 6. Click Next. The Events pane of the Add Pseudo Event Events dialog box displays. Select a critical event, such as LinkDown, and click the right arrow button to move it to the Selected Down Trap list. 8. Select a remediation event, such as LinkUp, and click the right arrow button to move it to the Selected Up Trap list.
Pseudo events 12. Click Next to advance to the Summary pane. 13. Click Finish. For more information about adding an event action, refer to “Event action definitions” on page 867. Adding a pseudo event on the flapping policy The flapping policy checks to see if the event consistently transitions between two opposite states during a specified length of time.
Page 935
Pseudo events 5. Select the Pseudo Events event type from the Show list. The available pseudo events display. 6. Select the pseudo event you created in step 1 through step 10, and click Next. The Sources pane of the Add Event Action dialog box displays. Select the source that you will use to monitor this event from the Selected Sources list.
Event custom reports 14. Select the Apply as a Logging Policy check box to indicate whether or not you want the event occurrence to be logged in the Management application database: • Select Log to log the occurrence in the Management application database. •...
Event custom reports Defining report settings Complete the following steps to define report settings. You must first enter a name and title on the Identification tab before you can run the result settings. 1. Select Reports > Event Custom Reports. The Event Custom Reports dialog box displays.
Event custom reports 6. Data for all attributes is sorted in ascending order and is sorted in the sequence that the attributes appear in the Sort By Columns list. In the Selected Columns list, select which attribute will be used to sort the generated report. Then click the right arrow button to move your selection to the Sort by Columns list.
Event custom reports Click the Do not share this definition button if you do not want to share this definition with other Management application users. If you select this button, no Management application users will see this definition on the Report Definitions tab of the Event Custom Reports dialog box when they log in.
Event custom reports Select the Acknowledge check box if you want messages that have been acknowledged to be included in the report. 8. Select the severity from the Available Severity list, and click the right arrow button to move your selection to the Selected Severity list.
Event custom reports 5. Choose between relative time (the default) and absolute time. • Click Relative Time if you want to filter traffic based on when the report is generated, and then select a relative time from the Range list. Relative time is calculated based on the date and time the report is generated.
Event custom reports Editing a report definition For your definitions, you can modify the definition and save the changes you have made. For a shared definition from another user, you can modify the definition, then run that definition to obtain the desired report;...
Event custom report schedules Event custom report schedules Click the Schedules tab, shown in Figure 403, to display its contents. The Schedules list shows the definitions that have been scheduled to automatically run at a specified date and time. FIGURE 403 Schedules tab of the Event Custom Report dialog box From the Schedules tab of the Event Custom Reports dialog box, you can perform the following tasks:...
Event custom report schedules Adding an event report schedule The Add Schedule dialog box, shown in Figure 404, allows you to select an existing report definition and configure the parameters for when the report is run and to whom the report is sent. 1.
Page 946
Event custom report schedules • Weekly—If you selected Weekly as the schedule type, Day of the week appears. Select the day of the week when the report will be generated. • Monthly—If you selected Monthly as the schedule type, Day of the month appears. Select the day of the month when the report will be generated.
Event logs Event logs You can view all events that take place through the Master Log at the bottom of the main window. You can also view a specific log by selecting an option from the Monitor menu’s Logs submenu. The logs are described in the following list: •...
Event logs Copying part of a log entry You can copy data from logs to other applications. Use this to analyze or store the data using another tool. To copy part of a log, complete the following steps. 1. Select Monitor > Logs > <Log_Type>. The <Log_Type>...
Event logs Exporting the entire log You can export the log data to a tab delimited text file. To export a log, complete the following steps. 1. Select Monitor > Logs > <Log_Type>. The <Log_Type> Log dialog box displays the kind of log you selected. 2.
Event logs 5. Enter your e-mail address in the From field. 6. Click OK. Displaying event details from the Master Log You can view detailed information for an event. To display event details from the Master Log, complete the following steps. 1.
Event logs Copying part of the Master Log You can copy data from logs to other applications. Use this to analyze or store the data using another tool. To copy part of the Master Log, complete the following steps. 1. Select the rows you want to copy in the Master Log. •...
Event logs 5. Click Save. All data and column headings are exported to the text file. 6. Click Close to close the dialog box. Filtering events in the Master Log You can filter the events that display in the Master Log on the main window. By default, all event types display in the Selected Events table.
Page 953
Event logs Brocade Network Advisor SAN User Manual 53-1002167-01...
Page 954
Event logs Brocade Network Advisor SAN User Manual 53-1002167-01...
Server and client support save 4. Select the Include Database check box to include the database in the support save and choose one of the following options. • Select the Partial (Excludes historical performance data and events) option to exclude historical performance data and events from the database capture.
Server and client support save 6. Click OK on the SupportSave dialog box. Click OK on the message. The application generates separate master logs to show the status of the Server Support save collection. Capturing Client support save data To capture client support save files, complete the following steps. 1.
Device technical support 3. Define a capture location by typing <path> in the CLI. If the path has sh clientsupportsave spaces, enclose it in double quotes. By default, the capture location is /root /Management_Application_Name_Folder/Server IP/support. 4. Use an archive tool to create a ZIP file of the support save. Device technical support You can use Technical Support to collect supportSave data (such as, RASLOG, TRACE and so on) and switch events from Fabric OS devices.
Device technical support 11. Click OK on the confirmation message. Technical supportSave dats for SAN devices is saved to the following directory: Install_Home\data\ftproot\technicalsupport\ Technical supportSave uses the following naming convention for the SAN device support save files: Supportinfo-Day-mm-dd-yyyy-hh-mm-ss\Switch_Type-Switch_IP_Address- Switch_WWN. Data collection may take 20-30 minutes for each selected switch. This estimate my increase depending on the number of switches selected.
Device technical support 5. Click OK on the Technical SupportSave dialog box. Data collection may take 20-30 minutes for each selected switch. This estimate my increase depending on the number of switches selected. The Technical SupportSave Status dialog box displays with the following details. Field Description Product Name...
Device technical support To view the technical support repository, complete the following steps. 1. Select Monitor > Technical Support > View Repository. The Technical Support Repository dialog box displays. 2. Review the techncial support repository details: Field/Component Description Available SupportSave and Select the support data file you want to view.
Device technical support E-mailing technical support information To e-mail technical support information, complete the following steps. 1. Select Monitor > Technical Support > View Repository. The Technical Support Repository dialog box displays. 2. Select the file you want to e-mail in the table. 3.
Upload failure data capture 3. Click Delete. 4. Click OK on the Technical Support Repository dialog box. Upload failure data capture You can use upload failure data capture to enable, disable, and purge failure data capture files as well as configure the FTP Host for the switch. NOTE Upload failure data capture is only supported on Fabric OS devices.
Upload failure data capture Disabling upload failure data capture NOTE Upload Failure Data Capture is only supported on Fabric OS devices. 1. Select Monitor > Technical Support > Upload Failure Data Capture. The Upload Failure Data Capture dialog box displays. 2.
Upload failure data capture 4. Choose one of the following options: • Select the Use Management_Application option to use the Management application FTP server. • Select the Custom option and complete the following steps to configure a FTP server for the selected device.
Page 966
Upload failure data capture Brocade Network Advisor SAN User Manual 53-1002167-01...
Generating SAN reports Generating SAN reports To generate reports, complete the following steps. 1. Select Reports > Generate. The Generate Reports dialog box displays. 2. Select the types of reports you want to generate. • Fabric Ports • Fabric Summary 3.
Exporting SAN reports Icon Description Actual Size—Click to display the report at its actual size. Fit to Page—Click to resize the report to display entirely in the view. Fit to Width—Click to resize the report to fit in the view by width. Zoom In—Click to zoom in on the report.
Printing SAN reports Printing SAN reports You can print reports through an internet browser. 1. Select Reports > View. The View Reports dialog box displays. 2. Select the report you want to print in the left pane of the dialog box. If you do not see the report you want to view, generate it first by following the instructions in “Generating SAN reports”...
Generating SAN performance reports Generating SAN performance reports NOTE Performance reports require a SAN Trial or Licensed version. To generate a historical performance report for a device, complete the following steps. 1. Select the device for which you want to generate a performance report. 2.
Generating SAN zoning reports Click Apply. The selected report automatically displays in the View Reports dialog box. NOTE Hyperlinks in reports are active only as long as the source data is available. To print the selected report, refer to “Printing SAN reports” on page 926.
Page 973
Generating SAN zoning reports For more information about zoning, refer to “Zoning” on page 579. FIGURE 406 Brocade Network Advisor SAN User Manual 53-1002167-01...
Page 974
Generating SAN zoning reports Brocade Network Advisor SAN User Manual 53-1002167-01...
SAN main menus Menu Command Command Options License. Select to view or change your License information. About Management_Application_Name. Select to view the application information, such as the company information and release number. SAN main menus The menu bar is located at the top of the main window. The following table outlines the many functions available on each menu.
Page 977
SAN main menus Menu Command Command Options View Menu Show Main Tab. Select to choose which tab to display. Dashboard. Select to show the dashboard. SAN. Select to show the SAN tab. IP. Select to show the IP tab. Show Panels. Select to select which panels to display. All Panels.
Page 978
SAN main menus Menu Command Command Options Map Display. Select to customize a group's layout to make it easier to view the SAN and manage its devices. Domain ID/Port #. Select to set the display domain IDs and port numbers in decimal or hex format. Decimal.
Page 979
SAN main menus Menu Command Command Options Discover Menu Fabrics. Select to discover fabrics. Host Adapters . Select to discover hosts. VM Manager. Select to discover VM managers. Host Port Mapping. (Trial and Licensed version Only) Select to manually map HBA ports to a host. Storage Port Mapping.
Page 980
SAN main menus Menu Command Command Options Deployment. Select to manage deployment. Encryption. Select to configure encryption for your SAN. Fabric Binding. (Trial and Licensed version Only) Select to configure whether switches can merge with a selected fabric, which provides security from accidental fabric merges and potential fabric disruption when fabrics become segmented because they cannot merge.
Page 981
SAN main menus Menu Command Command Options Port Auto Disable. Select to configure port auto disable flag on individual FC_ports or all ports on a selected device, as well as unblock currently blocked ports. Security. Select to manage security. L2 ACL. Select to configure Layer 2 Access Control Lists on products and ports.
Page 982
SAN main menus Menu Command Command Options Monitor Menu. Performance. Select to monitor SAN devices. View Utilization. (Trial and Licensed version Only) Select to display connection utilization. View Bottlenecks. (Trial and Licensed version Only) Select to display bottlenecks. HIstorical Data Collection. (Trial and Licensed version Only) Select how to monitor historical data by choosing one of the following options: •...
Page 983
SAN main menus Menu Command Command Options Fabric Watch. Select to manage fabric watch. Configure. Select to launch Fabric Watch. Port Fencing. (Trial and Licensed version Only) Select to configure port fencing to protect your SAN from repeated operational or security problems experienced by ports. Frame Monitor.
Page 984
SAN main menus Menu Command Command Options Events. Select to display all events triggered on the selected device. Logs. Select to display logs. Audit. Select to display a history of user actions performed through the application (except login/logout). Fabric. Select to display the events related to the selected fabric.
SAN shortcut menus Menu Command Command Options Help Menu Contents. Select to open the Online Help. Find. Select to search the Online Help. License. Select to view or change your License information. About Management_Application_Name. Select to view the application information, such as the company information and release number.
Page 986
SAN shortcut menus Component Menu/Submenu Commands Comments View > Port List Node List Track Fabric Changes check box Trial and Licensed version Only Accept Changes Trial and Licensed version Only Trace Route Connected End Devices > Include Virtual Devices check box Hide All Show All Custom...
Page 987
SAN shortcut menus Component Menu/Submenu Commands Comments Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table Export Row Export Table Search...
Page 988
SAN shortcut menus Component Menu/Submenu Commands Comments FCoE (DCB-capable switch) Allow / Prohibit Matrix Enterprise Edition Only Only available for Fabric OS devices. Only enabled when the Fabric OS device is FICON-capable and has the Enhanced Group Management license. Technical Support > Product/Host SupportSave Upload Failure Data Capture View Repository...
Page 989
SAN shortcut menus Component Menu/Submenu Commands Comments Accept Change Trial and Licensed version Only Only enabled in tracked FC Fabrics. Only enabled when a plus or minus icon is present. Show Ports check box Show Connections Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports...
Page 990
SAN shortcut menus Component Menu/Submenu Commands Comments Accept Change Show Ports Show Connections Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table...
Page 991
SAN shortcut menus Component Menu/Submenu Commands Comments Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table Export Row Export Table Search...
Page 992
SAN shortcut menus Component Menu/Submenu Commands Comments Performance > Clear Counters Top Talkers Real-Time Graph Historical Graph Historical Report Bottleneck Graph Fabric Watch > Configure Port Fencing Frame Monitor Performance Thresholds Technical Support > Product / Host SupportSave Upload Failure Data Capture** View Repository Events Port Connectivity...
Page 993
SAN shortcut menus Component Menu/Submenu Commands Comments Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Properties HBA, iSCSI Host, and HBA Enclosure Element Manager Launches Element Manager for Fabric OS HBAs discovered using JSON agent.
Page 994
SAN shortcut menus Component Menu/Submenu Commands Comments Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Expand All Only available from Product List. Collapse All Only available from Product List. Properties Storage, iSCSI Storage, and Storage Enclosure...
Page 995
SAN shortcut menus Component Menu/Submenu Commands Comments Origin Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table Export Row Export Table...
Page 996
SAN shortcut menus Component Menu/Submenu Commands Comments Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Collapse All Only available from Product List.
Page 997
SAN shortcut menus Component Menu/Submenu Commands Comments Performance > Only available for occupied, managed ports. Disabled when all ports are offline. Real Time Graphs FC Security Protocol Only available for Managed JSON HBA Ports. Only available when you have the Security Privilege.
Page 998
SAN shortcut menus Component Menu/Submenu Commands Comments Giga-Bit Ethernet Port Performance > Real-Time Graph Modify Launches Element Manager. IP Troubleshooting > Ping Trace Route Performance (Trial and Licensed version Only) Port Display > Only available from Product List. Occupied Product Ports UnOccupied Product Ports Attached Ports Switch to Switch Connections...
Page 999
SAN shortcut menus Component Menu/Submenu Commands Comments Table > Only available from Product List. Copy 'Device_Name Group' Copy Row Copy Table Export Row Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize Properties White Area of the Connectivity Map Accept All Changes Zoom Zoom In...
Page 1000
SAN shortcut menus Component Menu/Submenu Commands Comments Product List Table > Some form of this shortcut menu is available for all tables in the Management interface. Copy 'Component' Copy Table Export Table Search Select All Size All Columns To Fit Expand All Collapse All Customize...