Download Print this page

HP Brocade BladeSystem 4/24 User Manual

Dcfm professional plus user manual (53-1001774-01, june 2010).
Hide thumbs
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830

Advertisement

53-1001774-01
®
14 April 2010
DCFM Professional Plus
User Manual
Supporting DCFM 10.4.X

Advertisement

Troubleshooting

   Also See for HP Brocade BladeSystem 4/24

   Related Manuals for HP Brocade BladeSystem 4/24

   Summary of Contents for HP Brocade BladeSystem 4/24

  • Page 1

    53-1001774-01 ® 14 April 2010 DCFM Professional Plus User Manual Supporting DCFM 10.4.X...

  • Page 2: Document History

    Copyright © 2009-2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.

  • Page 3: Table Of Contents

    Contents About This Document In this chapter ......... . .xxv How this document is organized .

  • Page 4: Table Of Contents

    Contents Management server and client ......14 Logging into a server ....... . . 17 Launching a remote client.

  • Page 5: Table Of Contents

    Contents Seed switch requirements......54 Seed switch failover........55 Changing the seed switch .

  • Page 6: Table Of Contents

    Contents Security ..........83 Configuring the server name.

  • Page 7: Table Of Contents

    Contents Overwriting an assigned event filter ......121 Removing an event filter from a call home center ... . .121 Removing an event filter from a device .

  • Page 8: Table Of Contents

    Contents Launching Web Tools ........143 Launching FCR configuration .

  • Page 9: Table Of Contents

    Contents Launching the SMIA configuration tool on Linux and Solaris 169 Launching a remote SMIA configuration tool... . . 170 Home tab ......... 170 Authentication .

  • Page 10: Table Of Contents

    Contents Disabling a port ........207 Filtering port connectivity .

  • Page 11: Table Of Contents

    Contents Fabric binding overview ........237 Enabling fabric binding ......238 Disabling fabric binding.

  • Page 12: Table Of Contents

    Contents Policy actions ........257 Adding an event policy.

  • Page 13: Table Of Contents

    Contents Performance measures ......288 Performance management requirements ....289 Real-time performance data .

  • Page 14: Table Of Contents

    Contents Generating performance reports ......321 Generating zoning reports ....... .322 Chapter 13 Role-Based Access Control In this chapter .

  • Page 15: Table Of Contents

    Contents application ........345 supportSave on adapters .

  • Page 16: Table Of Contents

    Contents QoS configuration ........373 Enhanced Transmission Selection .

  • Page 17: Table Of Contents

    Contents FCIP trunking ......... . .408 Design for redundancy and fault tolerance .

  • Page 18: Table Of Contents

    Contents Deleting FCIP Circuits ........438 Displaying FCIP performance graphs.

  • Page 19: Table Of Contents

    Contents Steps for connecting to an LKM appliance ....467 The NetApp DataFort Management Console ... . . 467 Establishing the trusted link .

  • Page 20: Table Of Contents

    Contents Master keys ..........522 Active master key .

  • Page 21: Table Of Contents

    Contents Finding the logical switch from a physical chassis ..559 Assigning ports to a logical switch ..... 559 Removing ports from a logical switch.

  • Page 22: Table Of Contents

    Contents Configuring LSAN zoning ......590 Creating a new LSAN zone ......591 Adding members to the LSAN zone .

  • Page 23: Table Of Contents

    Contents Configuring IP ping........619 Tracing IP routes........621 Viewing FCIP tunnel performance.

  • Page 24: Table Of Contents

    Contents Database tables and fields .......684 Advanced Call Home ....... . 684 Capability .

  • Page 25: About This Document, How This Document Is Organized

    About This Document In this chapter • How this document is organized ....... . . xxv •...

  • Page 26: Supported Hardware And Software

    About This Document • Chapter 15, “Fibre Channel over Ethernet,”provides information on how to configure an FCoE. • Chapter 17, “FC-FC Routing Service Management,” provides information on how to manage Fibre Channel Routing. • Chapter 18, “Encryption configuration,” provides information on configuring encryption. •...

  • Page 27

    About This Document TABLE 1 Supported Hardware Device Name Terminology used in documentation Brocade 4024 switch Embedded 24-port, 4 Gbps FC Switch Brocade 4100 switch 32-port, 4 Gbps FC Switch Brocade 4900 switch 64-port, 4 Gbps FC Switch Brocade 5000 switch 32-port, 4 Gbps FC Interop Switch Brocade 5100 switch 40-port, 8 Gbps FC Switch...

  • Page 28

    About This Document TABLE 1 Supported Hardware Device Name Terminology used in documentation 12, 14 Brocade DCX with FX8-24 Blades 384-port Backbone Chassis with 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports blade 12, 14 Brocade DCX with FCoE10-24 Blades 384-port Backbone Chassis with 10 Gbps 24-port FCoE blade Brocade DCX-4S 192-port Backbone Chassis...

  • Page 29

    About This Document What’s new in this document The following changes have been made since this document was last released: • Information that was added: • Added View All list • Added Export to Toolbox • Added CNA icons • Added procedure - Clearing previous version of the remote client •...

  • Page 30

    About This Document • Changed procedure - Download firmware • Changed HBA Sever Mapping to Host Port Mapping • Changed procedure - Scheduling technical support information collection • Changed procedure - Starting immediate technical support information collection • Changed procedure - Launching scripts •...

  • Page 31: Document Conventions, Key Terms

    About This Document Document conventions This section describes text formatting conventions and important notice formats used in this document. Text formatting The narrative-text formatting conventions that are used are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text...

  • Page 32: Additional Information

    About This Document Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only. Corporation Referenced Trademarks and Products Linus Torvalds Linux Microsoft Corporation...

  • Page 33

    About This Document Other industry resources For additional resource information, visit the Technical Committee T11 Web site. This Web site provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web site: http://www.fibrechannel.org Getting technical help...

  • Page 34: Document Feedback

    About This Document • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX and DCX-4S—On the bottom right on the port side of the chassis 4. World Wide Name (WWN) Use the wwn command to display the switch WWN. If you cannot use the wwn command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX.

  • Page 35: In This Chapter, User Interface Components

    Chapter Getting Started In this chapter • User interface components ........1 •...

  • Page 36

    FIGURE 1 Main Window 1. Menu Bar. Lists commands you can perform on the SAN. 2. Toolbar. Provides buttons that enable quick access to dialog boxes and functions. 3. SAN tab. Displays the Master Log, Minimap, Connectivity Map (topology), and Product List. For more information, refer to the “SAN tab”.

  • Page 37: Menu Bar, Toolbar

    8. Toolbox. Provides tools for viewing the Connectivity Map as well as exporting the Connectivity Map as an image. Does not display until you discover a fabric. 9. Master Log. Displays all events that have occurred on the SAN. 10. Utilization Legend. (Enterprise edition only) Indicates the percentage ranges represented by the colored, dashed lines on the Connectivity Map.

  • Page 38: View All List

    11. Port Label. Use to set the port label for the devices in the Connectivity Map. 12. Product List Search. Use to search for a device in the product list. 13. Help. Displays the Online Help. SAN tab The SAN tab displays the Master Log, Utilization Legend, Minimap, Connectivity Map (topology), and Product List.

  • Page 39: Port Display Buttons, Product List

    Port Display buttons The Port Display buttons (Figure 4) are located at the top right of the Product List and enable you to configure how ports display. You have the option of viewing connected (or occupied) product ports, unoccupied product ports, or attached ports. Does not display until you discover a fabric. NOTE Occupied/connected ports are those that originate from a device, such as a switch.

  • Page 40: Connectivity Map

    • Domain ID. Displays the Domain ID for the product in the format xx(yy), where xx is the normalized value and yy is the actual value on the wire. • FC Address. Displays the Fibre Channel address of the port. •...

  • Page 41: Toolbox, Master Log

    Toolbox The toolbox (Figure 5) is located at the top right side of the View window and provides tools to export the topology, to zoom in and out of the Connectivity Map, collapse and expand groups, and fit the topology to the window. Does not display until you discover a fabric. FIGURE 5 The Toolbox 1.

  • Page 42: Utilization Legend

    • Count. The number of times the event occurred. • Module Name. The name of the module on which the event occurred. • Message ID. The message ID of the event. • Contributor. The name of the contributor on which the event occurred. •...

  • Page 43: Minimap

    Minimap The Minimap, which displays in the lower right corner of the main window, is useful for getting a bird’s-eye view of the SAN, or to quickly jump to a specific place on the Connectivity Map. To jump to a specific location on the Connectivity Map, click that area on the Minimap. A close-up view of the selected location displays on the Connectivity Map.

  • Page 44: Status Bar

    Status bar The status bar (Figure 8) displays at the bottom of the main window. The status bar provides a variety of information about the SAN and the application. The icons on the status bar change to reflect different information, such as the current status of products, fabrics, and backup. FIGURE 8 Status Bar The icons on your status bar will vary based on the licensed features on your system.

  • Page 45: Icon Legend, Product Icons

    Icon legend Various icons are used to illustrate devices and connections in a SAN. The following tables list icons that display on the Connectivity Map and Product List. Product icons The following table lists the manageable SAN product icons that display on the topology. Fabric OS manageable devices display with blue icons and M-EOS manageable devices display with green icons.

  • Page 46: Group Icons, Port Icons, Product Status Icons

    Group icons The following table lists the manageable SAN product group icons that display on the topology. Icon Description Icon Description Switch Group Host Group Storage Group Unknown Fabric Group Unmanaged Fabric Group Chassis Group Port icons The following table lists the port status icons that display in the Product List. Icon Description Occupied FC Port...

  • Page 47: Event Icons

    Icon Status Device Removed/Missing Down/Failed Routed In Routed Out Unknown/Link Down Event icons The following table lists the event icons that display on the topology and Master Log. For more information about events, refer to “Fault Management” on page 245. Event Icon Description Informational...

  • Page 48: Management Server And Client

    Management server and client The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores SAN-related information; it does not have a user interface. To view SAN information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines.

  • Page 49

    TABLE 2 Ports (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 2638 Database port (Enforced during install) Port used by database Server–Database Remote ODBC– Database 1, 5, 7 4430 XML-RCP port for SSL Server–Switch 1, 7 8080 XML-RCP port/HTTP port Server–Switch 24600...

  • Page 50

    TABLE 2 Ports (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 55556 Launch in Context (LIC) client hand Client port used to check if a Client shaking port Management application client opened using LIC is running on the same host NOTE: If this port is in use, the application uses the...

  • Page 51: Logging Into A Server, Launching A Remote Client

    Logging into a server You must log into a Server to monitor a SAN. NOTE You must have an established user account on the Server to log in. To log into a server, complete the following steps. 1. Double-click the desktop icon or open the application from the Start menu. The Log In dialog box displays (Figure FIGURE 9...

  • Page 52: Clearing Previous Versions Of The Remote Client, Launching The Configuration Wizard

    4. Select or clear the Save password check box to choose whether you want the application to remember your password the next time you log in. 5. Click Login. 6. Click OK on the Login Banner dialog box. The Management application displays. Clearing previous versions of the remote client The remote client link in the Start menu does not automatically upgrade when you upgrade the Management application.

  • Page 53

    4. Select Internal FTP Server or External FTP Server on the FTP Server screen and click Next. If port 21 is busy, a message displays. Click OK to close the message and continue. Once the Management application is configured make sure port 21 is free and restart the Server to start the FTP service.

  • Page 54

    If you select a specific IP address from the Server IP Configuration screen and the selected IP address changes, you will not be able to connect to the server. To change the IP address, refer to “Configuring an explicit server IP address” on page 93.

  • Page 55

    Complete the following steps on the SMI Agent Configuration screen. FIGURE 13 SMI Agent Configuration screen a. Enable the SMI Agent by selecting the Enable SMI Agent check box. b. Enable the SLP by selecting the Enable SLP check box. Enable the SSL by selecting the Enable SSL check box.

  • Page 56: Changing Your Password, Changing The Database User Password

    Changing your password To change your password, complete the following steps. 1. Double-click the desktop icon or open from the Start menu. The Log In dialog box displays. FIGURE 14 Log In dialog box 2. Enter your user name and password. The defaults are Administrator and password, respectively.

  • Page 57: Viewing Active Sessions, Disconnecting Users

    If the current password and new password are the same, the following message displays: Old and New passwords cannot be same. Use different password and try again. Press any key to continue. If the new password and confirm password do not match, the following message displays: New password and confirm password do not match.

  • Page 58: Viewing Server Properties, Viewing Port Status

    Viewing server properties To view the Management application server properties, complete the following steps. 1. Select Server > Server Properties. The Server Properties dialog box displays (Figure 16). FIGURE 16 Server Properties dialog box 2. Click Close. Viewing port status You can view the port status for the following ports: •...

  • Page 59: License, Managed Port Count Calculation

    The status options are as follows: • Success—The port is listening or bound to the server. • Failed—The port fails to listen or bind to the server. • Disabled (FTP port only)—only displays when the FTP server is external. This is considered a normal status.

  • Page 60: Entering The License Key, Upgrading The Application

    Entering the license key A license key is required to run the application. The key specifies the expiration date of a trial license, as well as the number of ports allowed. NOTE You are not required to enter a license key for a trial license. If you do not enter the license key during installation of Professional Plus or Enterprise editions, you can use the application, including all of its features, for a trial period of 75 days.

  • Page 61: Installing A Patch

    2. Enter the license key (on the Key Certificate) in the License Key field and click Update. 3. Click OK on the message. The Client closes after updating the license successfully. Restart the Server, Client and Server Management Console for the changes to take effect. 4.

  • Page 62: Uninstalling A Patch

    4. Browse to the patch file. The patch zip file uses the following naming convention: Management_Application_Name-Major_Version-Minor_Version-Revision_Number-patch-Patch _Version.zip (for example Management_Application_Name-10-4-0-patch-a.zip). 5. Click Upgrade. If the patch process is interrupted (for example, loss of power), you must restart the patch process. The patch installer performs the following functions: •...

  • Page 63

    5. Go to the location of the first artifact (as shown in the src value under the file tag). 6. Copy the artifact from the extracted folder to the source folder in the Install_Home/patch-backup directory. Repeat step 5 and 6 for all artifacts listed in the restore.xml folder. 8.

  • Page 64: Feature-to-firmware Requirements

    Feature-to-firmware requirements Use the following table to determine whether the Management application features are only available with a specific version of the Fabric OS firmware, M-EOS firmware, or both, as well as if there are specific licensing requirements. Feature Fabric OS M-EOS Access Gateway (AG) AG connected to Fabric OS devices requires...

  • Page 65

    Feature Fabric OS M-EOS Performance Requires Fabric OS 5.0 or later for FC_ports, Requires M-EOS and M-EOSn 9.6.X or later for end-to-end monitors, and marching ants. FC_ports and marching ants. Requires Fabric OS 5.3 or later for GE_ports and FCIP tunnels. Requires Fabric OS 6.2 or later for Top Talkers.

  • Page 66: Accessibility Features For The Management Application, Keyboard Shortcuts

    Accessibility features for the Management application Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. The following list includes the major accessibility features in the Management application: • Keyboard shortcuts •...

  • Page 67: Look And Feel

    Look and Feel You can configure the Management application to mimic your system settings as well as define the size of the font. ‘Look’ refers to the appearance of graphical user interface widgets and ‘feel’ refers to the way the widgets behave.

  • Page 68

    Changing the font size The Options dialog box enables you to change the font size for all components including the Connectivity map of the Management application interface. Font size changes proportionately in relation to the system resolution. For example, if the system resolution is 1024 x 768, the default font size would be 8 and large font size would be 10.

  • Page 69: Fabric Discovery Overview, In This Chapter

    Chapter Discovery In this chapter • Fabric discovery overview ........35 •...

  • Page 70: Fcs Policy And Seed Switches, Discovering Fabrics

    NOTE Professional Plus edition can discover, but not manage the Backbone chassis.Use the device’s Element Manager, which can be launched from the Connectivity Map, to manage the device. This device cannot be used as a Seed switch. FCS policy and seed switches The Management application requires that the seed switch is the primary Fabric Content Service (FCS) switch at the time of discovery.

  • Page 71

    FIGURE 18 Discover Setup dialog box 2. Click Add Fabric to specify the IP addresses of the devices you want to discover. The Address Properties dialog box displays. FIGURE 19 Address Properties dialog box (IP Address tab) 3. Enter a name for the fabric in the Fabric Name field. 4.

  • Page 72

    For M-EOS devices, the Management application accepts IP addresses in IPv4 and IPv6 formats. The IPv4 format is valid when the Operating System has IPv4 mode only or dual stack mode. The IPv6 format is valid when the Operating System has IPv6 mode only or dual stack mode.

  • Page 73

    NOTE When you discovers Virtual Fabric-enabled switch with the SNMP v3 username “admin”, which is the same as the Fabric OS switch user, the Management application automatically creates an SNMP username “admin” in the switch by replacing the sixth username. 10.

  • Page 74: Configuring Snmp Credentials

    NOTE Professional Plus edition can only discover 4 fabrics. 23. Click OK on the Discover Setup dialog box. Configuring SNMP credentials 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Select an IP address from the Available Addresses table. 3.

  • Page 75: Reverting To A Default Snmp Community String, Deleting A Fabric

    12. Enter a context name In the Context Name field. 13. Select the authorization protocol in the Auth Protocol field. 14. Enter the authorization password in the Auth Password field. • If you selected Configure for 256-Port_Director_Name, go to step 17. •...

  • Page 76: Host Discovery, Discovering Hosts By Ip Address Or Hostname

    Host discovery The Management application enables you to discover individual hosts, import a group of Host from a comma separated values (CSV) file, or import all hosts from discovered fabrics. NOTE Host discovery requires HCM Agent 2.0 or later. NOTE SMI and WMI discovery are not supported.

  • Page 77: Importing Hosts From A Csv File

    If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status. To update the status from pending you must close and reopen the Discover Setup dialog box. 10.

  • Page 78: Importing Hosts From A Fabric

    To configure host credentials, refer to “Configuring Brocade HBA credentials” on page 45 or “Configuring virtual machine credentials” on page 46. 8. Click OK on the Add Host Discovery dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status.

  • Page 79: Configuring Brocade Hba Credentials

    If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Addresses table with pending status. To update the status from pending you must close and reopen the Discover Setup dialog box. 9.

  • Page 80: Configuring Virtual Machine Credentials

    Configuring virtual machine credentials To configure credentials for a virtual machine, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Click Add Host. The Add Host Discovery dialog box displays. 3. Discover a host. To discover a host, refer to “Discovering Hosts by IP address or hostname”...

  • Page 81: Editing Host Credentials, Removing A Host From Discovery

    Editing Host credentials To edit Host credentials, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays. 2. Select the Host and click Edit. The Edit Host Discovery dialog box displays. FIGURE 28 Edit Host Discovery dialog box 3.

  • Page 82: Viewing The Discovery State

    4. Click OK on the confirmation message. The deleted host displays in the Previously Discovered Addresses table. 5. Click Close on the Discover Setup dialog box. Viewing the discovery state The Management application enables you to view device status through the Discover Setup dialog box.

  • Page 83: Troubleshooting Discovery, M-eosn Discovery Troubleshooting

    Troubleshooting discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly. 1. Verify IP connectivity by issuing a ping command to the switch. a. Open the command prompt. b. From the Server, type ping Switch_IP_Address 2.

  • Page 84

    TABLE 4 Problem Resolution M-EOS seed switch discovery is not supported Discover the device using SNMP v1. using SNMPv3 on the following devices: To configure SNMP v3 and manage the device, complete the following steps. • 32-Port, 2 Gbps Switch Select Discover >...

  • Page 85: Virtual Fabric Discovery Troubleshooting

    Virtual Fabric discovery troubleshooting The following section state possible issues and the recommended solutions for Virtual Fabric discovery errors. TABLE 5 Problem Resolution At the time of discovery, the seed switch is Virtual Fabric-enabled; however, the user does not have Make sure the user account has Chassis Admin role for the seed switch.

  • Page 86: Fabric Monitoring, Monitoring Discovered Fabrics

    Fabric monitoring NOTE Monitoring is not supported on Hosts. The upper limit to the number of HBA and CNA ports that can be monitored at the same time is 32. The same upper limit applies if switch ports and HBA ports are combined.

  • Page 87: Stop Monitoring Of A Discovered Fabric, Seed Switch

    3. Click Monitor. The monitor function fails if the fabric has user-defined Admin Domains created or if the fabric is merged with another fabric already in the monitored state. 4. Click OK. Stop monitoring of a discovered fabric NOTE Monitoring is not supported on Hosts. When you stop monitoring of a fabric, you stop discovery of and data collection for the specified fabric and all associated devices.

  • Page 88: Seed Switch Requirements

    You can change the seed switch as long as the following conditions are met: • The new seed switch is HTTP-reachable from the Management application. • The new seed switch is a primary FCS. • The new seed switch is running the latest Fabric OS or M-EOS version in the fabric. This operation preserves historical and configuration data, such as performance monitoring and user-customized data for the selected fabric.

  • Page 89: Seed Switch Failover

    • 140-Port Director • 256-Port Director The following M-EOS devices are seed switch-capable; however, they do not obtain fabric member information: • 16-Port, 1 Gbps and 2 Gbps Switch • 32-Port, 1 Gbps and 2 Gbps Switch • 24-Port, 2 Gbps Switch •...

  • Page 90: Changing The Seed Switch

    • Updates to Fabric OS switches (such as, Virtual Fabrics, FCR, Admin Domain, Switch Name and so on) do not occur. • If the M-EOS switch is not seed switch capable and a switch joins the fabric, the IP address displays as ‘0.0.0.0’.

  • Page 91

    4. Select a switch to be the new seed switch from the Change Seed Switch dialog box. You can select only one switch. Only switches that are running the latest Fabric OS version in the fabric are displayed. The current seed switch is not displayed in this list. 5.

  • Page 92

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 93: Data Backup, In This Chapter, What Is Backed Up

    Chapter Application Configuration In this chapter • Data backup........... 59 •...

  • Page 94: Management Server Backup

    Management server backup There are three options for backing up data to the management server: • Configuring backup to a writable CD • Configuring backup to a hard drive • Configuring backup to a network drive The Management Server is backed up to a rewritable (CD-RW) compact disk by default. Make sure you have a CD-RW disk in the CD recorder drive to ensure that backup can occur.

  • Page 95: Configuring Backup To A Writable Cd

    Configuring backup to a writable CD NOTE This is not recommended on a permanent basis. CDs have a limited life, and may only last a month. An error message occurs if your Management application can no longer back up to the disc. To configure the backup function to a writable CD, complete the following steps.

  • Page 96: Configuring Backup To A Hard Drive

    6. Select an interval from the Backup Interval drop-down list to set how often backup occurs. Verify that the CD backup directory is correct (default directory is D:\Backup). It is assumed that drive D is a CD-RW drive. You can change the directory or use the Browse button to select another directory. 8.

  • Page 97: Configuring Backup To A Network Drive

    Browse to the hard drive and directory to which you want to back up your data. 8. Click Apply or OK. The application verifies that the backup device exists and that the server can write to it. If the device does not exist or is not writable, an error message displays that states you have entered an invalid device.

  • Page 98: Enabling Backup, Disabling Backup

    Click Browse to choose the network share and directory to which you want to back up your data, or enter the network share and directory path. NOTE You must specify the directory in a network share format (for example, \\network-name\share-name\directory). Do not use the drive letter format (C:\directory). 8.

  • Page 99: Viewing The Backup Status, Changing The Backup Interval

    Viewing the backup status The Management application enables you to view the backup status at a glance by providing a backup status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the backup function. Icon Description Backup in Progress—displays the following tooltip: “Backup started at hh:mm:ss, in progress...

  • Page 100: Starting Immediate Backup, Reviewing Backup Events

    Starting immediate backup NOTE You must have backup privileges to use the Backup Now function. To start the backup process immediately, complete one of the following procedures: Using the Backup Icon, right-click the Backup icon and select Backup Now. 1. Select Server > Options. The Options dialog box displays.

  • Page 101: Data Restore, Restoring Data

    Data restore NOTE You cannot restore data from a previous version of the Management application. NOTE You cannot restore data from a different edition of the Management application. The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary.

  • Page 102: Restoring Data To A New Server, Display, Resetting Your Display

    Restoring data to a new server If your Management application server fails and you must recover information to a new server, restore the data (Refer to “Restoring data” on page 67 for complete instructions). Display You can reset the display to the default settings. Resetting your display You can reset your system to display the default display settings.

  • Page 103: End Node Display, Displaying End Nodes

    End node display The connectivity map can be configured to display or not display end nodes. This option enables you to set the end node display for all newly discovered fabrics. Note that disabling end node display limits the connectivity map to emphasize switch members only. Displaying end nodes To display end nodes when discovering a new fabric, complete the following steps.

  • Page 104: Ethernet Events, Enabling Ethernet Events

    Ethernet events An Ethernet event occurs when the Ethernet link between the Management Server and the managed device is lost. You can configure the application to enable events when the Ethernet connection is lost. Enabling Ethernet events The Options dialog box enables you to configure the Management application to generate an Ethernet event after a device is offline for a specific period of time.

  • Page 105: Disabling Ethernet Events, Event Storage, Configuring Event Storage

    Disabling Ethernet events To disable Ethernet events, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Ethernet Event in the Category list. 3. Clear the Enable Ethernet Event check box. 4. Click Apply or OK to save your work. Event storage You can configure the number of historical events in the repository as well as how long the events will be retained.

  • Page 106: Flyovers, Configuring Flyovers

    3. Select the Purge Events check box. Events are purged at midnight (12:00 AM). For example, when the maximum number of events allowed limit is reached at 3:00 PM, the system purges the older events at midnight that day. 4. Enter the number of events (1 through 50000) in the repository in the Maximum Historical Event field.

  • Page 107

    5. Select the Product tab (Figure 34) and complete the following steps to select the product properties you want to display on flyover. FIGURE 33 Options dialog box (Flyovers option, Product tab) a. Select each property you want to display in the product flyover from the Available Properties table.

  • Page 108

    6. Select the Connection tab (Figure 34) and complete the following steps to select the information you want to display on flyover. FIGURE 34 Options dialog box (Flyovers option, Connection tab) a. Select the protocol from the Protocol list. The default protocol is Fibre Channel. Depending on which protocol you select, some properties may not be available for all protocols.

  • Page 109: Turning Flyovers On Or Off, Viewing Flyovers

    FCoE • • Name Port# • • Node WWN Port Type • • FCoE Index # Click the right arrow to move the selected properties to the Selected Properties table. d. Use the Move Up and Move Down buttons to reorder the properties in the Selected Properties table.

  • Page 110: Names, Setting Names To Be Unique

    Names You can use Names as a method of providing familiar simple names to products and ports in your SAN. Using your Management application you can: • Set names to be unique or non-unique. • Fix duplicate names. • Associate a name with a product or port WWN currently being discovered. •...

  • Page 111: Setting Names To Be Non-unique, Fixing Duplicate Names

    Setting names to be non-unique You can choose to allow duplicate names in your fabric. To set names to be non-unique, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Names in the Category list. 3.

  • Page 112: Viewing Names, Adding A Name To An Existing Device

    5. Click OK to close the Configure Names dialog box. 6. Click OK on the confirmation message. Viewing names To view names associated with devices by name, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2.

  • Page 113: Adding A Name To A New Device, Applying A Name To A Detached Wwn

    Adding a name to a new device To add a new device and name it, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Enter the WWN of the device in the Detached WWN field. 3.

  • Page 114: Editing Names, Exporting Names

    5. Click OK to close the Configure Names dialog box. 6. Click OK on the confirmation message. Editing names To edit the name associated with a device, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2.

  • Page 115: Importing Names, Searching For A Device By Name

    Importing Names If the name length exceeds the limitations detailed in the following table, you must edit the name (in the CSV file) before import. Names that exceed these limits will not be imported. If you migrated from a previous version, the .properties file is located in the Install_Home\migration\data folder. Device Character limit Fabric OS switch 6.2 or later...

  • Page 116: Searching For A Device By Wwn

    5. Click Search. All devices with the specified name (or partial name) are highlighted in the Display table. You may need to scroll to see all highlighted names. 6. Click OK to close the Configure Names dialog box. Searching for a device by WWN You can search for objects (switch, fabric, product, ports, or N Ports) by WWN (world wide name).

  • Page 117: Security, Configuring The Server Name

    Security You can configure the Server Name, CHAP secret value, and login banner, and modify whether or not to allow clients to save passwords. When the login banner is enabled, each time a client connects to the server, the login banner displays with a legal notice provided by you. The client's users must acknowledge the login banner to proceed, otherwise they are logged out.

  • Page 118: Setting The Chap Secret, Configuring Login Security

    5. Re-enter the password in the Retype Secret field. If the secret does not meet the application requirements or the CHAP Secret and Retype Secret entries do not match, an error message displays. Click OK to re-enter the CHAP Secret and Retype Secret values.

  • Page 119: Configuring The Login Banner Display, Disabling The Login Banner

    Configuring the login banner display To configure the login banner display, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Security Misc in the Category list. 3. Select the Display login banner upon client login check box. 4.

  • Page 120: Software Configuration, Client Export Port

    Software Configuration The Management application allows you to configure the following software settings: • Client export port—A port for communication between the client and server. • Discovery—HTTP or HTTP over SSL when connecting to the switch. • FTP/SCP overview—Internal or external FTP server settings. •...

  • Page 121: Discovery

    3. Enter the client export port number to set a fixed port number for the client in the Client Export Port field. 4. Click Apply or OK to save your work. NOTE Changes to this option take effect after a client restart. 5.

  • Page 122: Ftp/scp Overview

    3. Choose one of the following options: • If you want to connect using HTTP, complete the following steps. a. Select the Connect using HTTP option. a. Enter the connection port number in the Port # field. Continue with step •...

  • Page 123

    Configuring an internal FTP server To configure the internal FTP server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays (Figure 40). FIGURE 40 Options dialog box (FTP/SCP option) 2. Select FTP/SCP in the Category list. 3.

  • Page 124

    Configuring an external FTP server To configure the external FTP server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select FTP/SCP in the Category list. 3. Select the Use External FTP Server and/or SCP Server option. 4.

  • Page 125

    9. Click Test to test the FTP server. A “Server running successfully” or an error message displays. If you receive an error message, make sure your credentials are correct, the server is running, the remote directory path exists, and you have the correct access permission; then try again. 10.

  • Page 126: Ip Configuration

    IP Configuration You can configure IP Configuration settings. Configuring IP Configuration settings NOTE The server binds using IPv6 address by default if your Operating System is IPv6-enabled (dual mode or IPv6 only). The server binds using IPv4 address by default if your Operating System is IPv4-enabled.

  • Page 127

    3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step • Select a specific IP address. Continue with step • Select localhost. Continue with step When Server IP Configuration is set to All, you can select any available IP address as the Return Address.

  • Page 128

    FIGURE 42 Server IP Configuration screen a. Select an address from the Server IP Configuration list. b. Select an address from the Switch - Server IP Configuration Preferred Address list. If DNS is not configured for your network, do not select the “hostname” option from either the Server IP Configuration or Switch - Server IP Configuration Preferred Address list.

  • Page 129

    Configuring the application to use dual network cards Issues with Client-to-Server connectivity can be due to different reasons. Some examples are: • The computer running the Server has more than one network interface card (NIC) installed. • The computer running the Server is behind a firewall that performs network address translation.

  • Page 130: Memory Allocation

    Memory allocation You can configure memory allocation for the client and server to improve performance. You can trigger switch polling when a state changes or you can poll at intervals when no state change occurs. NOTE SAN size is a consideration in selection of polling periods. Configuring memory allocation settings To configure memory allocation settings, complete the following steps.

  • Page 131

    3. Enter the memory allocation (MB) for the client in the Client Memory Allocation field. If you enter an invalid value, an error message displays with the minimum value (512 MB) allowed. Click OK and edit the value again. 4. Enter the memory allocation (MB) for the server in the Server Memory Allocation field. If your server has a minimum of 2 Gb RAM, change the default server memory value to 1024 MB.

  • Page 132

    Configuring asset polling Asset polling allows you set the length of time between state change polling. To maximize the efficiency of the polling feature (balance the amount of possible information with any possible performance impact), base your settings on the size of the SAN. To configure asset polling, complete the following steps.

  • Page 133: Server Port

    Server port You can configure the server port settings so that you can assign a web server port number and set the server port to be SSL-enabled. Configuring the server port To configure server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays (Figure 44).

  • Page 134: Support Mode

    6. Click Apply or OK to save your work. NOTE Changes to this option take effect after application restart. Click OK on the “changes take effect after application restart” message. Support mode You can configure support settings to allow enhanced diagnostics. Configuring support mode settings To configure support mode settings, complete the following steps.

  • Page 135: Fabric Tracking

    3. Select the Log client support data - Log Level list, and select the type of log data you want to configure. Log level options include: All, Fatal, Error, Warn, Info, Debug, Trace, and Off. Default is Info. The log level options return to the default value (Info) when the client or server is restarted. 4.

  • Page 136: Enabling Fabric Tracking, Disabling Fabric Tracking

    Enabling fabric tracking 1. Enable fabric tracking by choosing one of the following options: • Select a fabric on the Product List or Connectivity Map and select Monitor > Track Fabric Changes. • Right-click a fabric on the Product List or Connectivity Map and select Track Fabric Changes.

  • Page 137: Accepting Changes For A Fabric, Accepting Changes For A Device

    Accepting changes for a fabric 1. Accept the changes to a fabric by choosing one of the following options: • Select a fabric on the Product List or Connectivity Map and select Monitor > Accept Changes. • Right-click a fabric on the Product List or Connectivity Map and select Accept Changes. The Accept Changes Summary dialog box displays.

  • Page 138

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 139

    Chapter Call Home In this chapter • About call home ..........106 •...

  • Page 140: About Call Home

    About call home NOTE Call Home is supported on Windows systems for all modem and E-mail call home centers and is supported on Linux and Solaris for the E-mail call home centers. Call Home notification allows you to configure the Management application Server to automatically send an e-mail or dial-in to a support center to report system problems on specified devices (switches, routers, and directors).

  • Page 141: System Requirements

    • Adds an entry to the Master Log file and screen display. • Generates a XML report (only available with EMC call centers) with the switch details which is sent with the E-mail. • Generates an HTML report for E-mail-based Call Home centers. For more information about Call Home events, refer to “Call Home Event Tables”...

  • Page 142: Showing A Call Home Center

    Showing a call home center To show a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays (Figure 46). FIGURE 46 Call Home dialog box 2. Click Show/Hide Centers (beneath the Call Home Centers table). The Centers dialog box displays with a predefined list of call home centers (Figure 47).

  • Page 143: Hiding A Call Home Center, Editing A Call Home Center

    Hiding a call home center NOTE Before you can hide a call home center, you must remove all assigned products. To hide a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.

  • Page 144

    FIGURE 48 Configure Call Home Center dialog box (Brocade International or IBM option) 4. Make sure the call home center type you selected displays in the Call Home Centers list. 5. Select Enable to enable this call home center. 6. Set the time interval at which to check the call home center by selecting the Set the heartbeat interval at ___ days (1-28) check box and entering the interval in the field.

  • Page 145: Editing The Brocade North America Call Home Center

    Editing the Brocade North America call home center Modem call home centers are only available for Brocade. To edit this call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.

  • Page 146: Editing An E-mail Call Home Center

    Editing an E-mail call home center E-mail call home centers are available for Brocade, IBM, and SUN. To edit one of these call home centers, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.

  • Page 147: Editing The Emc Call Home Center

    14. Enter a password in the SMTP Server Settings - Password field. This is a required field when the SMTP server authentication is enabled. 15. Enter the e-mail address for replies in the E-mail Notification Settings - Reply Address field. 16.

  • Page 148: Editing The Hp Lan Call Home Center

    Enter the phone number or extension of the local server in the Local Server - Modem # field. 8. Enter the identification number of the local server in the Local Server - Cabinet Serial # field. 9. Enter the site name for the local server in the Local Server - Site Name field. 10.

  • Page 149: Enabling A Call Home Center, Enabling Support Save

    8. Click Send Test to test the address. The selected call home center must be enabled to test the IP address. A faked event is generated and sent to the selected call home center. You must contact the call home center to verify that the event was received and in the correct format. NOTE The HP LAN Call Home alert displays the directory separation characters with a double backslash (\\) instead of a single backslash (\).

  • Page 150: Testing The Call Home Center Connection, Disabling A Call Home Center

    Testing the call home center connection Once you add and enable a call home center, you should verify that call home is functional. To verify call home center functionality, complete the following steps. 1. Select Monitor > Event Notification > Call Home. 2.

  • Page 151: Viewing Call Home Status

    Viewing Call Home status You can view call home status from the main Management application window or from the Call Home Notification dialog box. The Management application enables you to view the call home status at a glance by providing a call home status icon on the Status Bar.

  • Page 152: Assigning A Device To The Call Home Center

    Assigning a device to the call home center Discovered devices (switches, routers, and directors) are not assigned to a corresponding call home center automatically. You must manually assign each device to a call home center before you use call home. To assign a device or multiple devices to a call home center, complete the following steps.

  • Page 153: Removing All Devices And Filters From A Call Home Center, Defining An Event Filter

    Removing all devices and filters from a call home center To remove all devices and filters from a call home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.

  • Page 154: Assigning An Event Filter To A Call Home Center

    Assigning an event filter to a call home center Event filters allow call home center users to log in to a Management server and assign specific event filters to the devices. This limits the number of unnecessary or ‘acknowledge’ events and improves the performance and effectiveness of the call home center.

  • Page 155: Overwriting An Assigned Event Filter, Removing An Event Filter From A Call Home Center

    Overwriting an assigned event filter A device can only have one event filter at a time; therefore, when a new filter is applied to a device that already has a filter, you must confirm the new filter assignment. To overwrite an event filter, complete the following steps. 1.

  • Page 156: Removing An Event Filter From A Device

    Removing an event filter from a device To remove an event filter from a device, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Choose one of the following options in the Call Home Centers table: •...

  • Page 157: About View Management, In This Chapter

    Chapter View management In this chapter • About view management ........123 •...

  • Page 158: Creating A Customized View

    Creating a customized view You may want to customize the Product List and Connectivity Map to simplify management of large SANs by limiting the topology size or Product List columns. For each customized view, you can specify the fabrics and hosts that display on the Connectivity Map as well as the columns and device groupings that display on the Product List.

  • Page 159: Editing A Customized View

    4. Click the Hosts tab and in the Available Host table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table. FIGURE 54 Create View dialog box - Hosts Tab 5.

  • Page 160: Deleting A Customized View

    2. Use the left arrow button to remove fabrics and hosts from the Selected Fabrics and Hosts table. 3. Click the Fabrics tab, and in the Available Fabrics table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table.

  • Page 161: Copying A View, About Topology Layout

    Copying a view 1. Use one of the following methods to open the Copy View dialog box: • Select View > Manage View > Copy View > View_Name. • Select Copy View from the View All list. Does not display until you discover a fabric. The Copy View dialog box title displays the name of the view you are copying.

  • Page 162: Customizing The Layout Of Devices On The Topology

    Port Label. Select to configure which port labels display. NOTE Changes apply to the selected fabric or the fabric to which the selected item belongs. Name. Displays the name as the port label. If the port has not been given a name, the port’s WWN displays.

  • Page 163: Customizing The Layout Of Connections On The Topology, Changing A Group's Background Color

    • Vertical. Displays the device icons vertically. • Horizontal. Displays the device icons horizontally. • Most Connected at Center. Displays the node that has the most connections at the center of the topology. • Directional. Displays the internal nodes in a position where they mirror the external groups to which they are connected.

  • Page 164: Reverting To The Default Background Color

    2. Select the Custom option and click Change. The Choose a background color dialog box displays (Figure 59). FIGURE 59 Map Display dialog box 3. Select or specify a color and preview it in the Preview pane. • To pick a color from a swatch, select the Swatches tab. Select a color from the display. •...

  • Page 165: Changing The Product Label, Changing The Port Label, Changing The Port Display

    Changing the product label 1. Select a product in the Connectivity Map or Product List. 2. Select View > Product Label, then select one of the following options: • Name (Product). Displays the product name as the product label. • WWN.

  • Page 166: Grouping On The Topology, Collapsing Groups, Expanding Groups, Viewing Connections, Configuring Custom Connections

    Grouping on the topology To simplify management, devices display in groups. Groups are shown with background shading and are labeled appropriately. You can expand and collapse groups to easily view a large topology. Collapsing groups To collapse a single group on the topology, do one of the following: •...

  • Page 167: Saving A Custom Connection Configuration, Deleting A Custom Connection Configuration

    4. Click the right arrow to move them to the Selected Zones list. 5. Click OK. Saving a custom connection configuration NOTE Active zones must be available on the fabric. To save a new custom connection configuration, complete the following steps. 1.

  • Page 168: Customizing The Main Window, Zooming In And Out Of The Connectivity Map

    Customizing the main window You can customize the main window to display only the data you need by displaying different levels of detail on the Connectivity Map (topology) or Product List. Zooming in and out of the connectivity map You can zoom in or out of the Connectivity Map to see products and ports. Zooming In To zoom in on the Connectivity Map, use one of the following methods: •...

  • Page 169: Showing Levels Of Detail On The Connectivity Map, Exporting The Topology

    Showing levels of detail on the connectivity map You can configure different levels of detail on the Connectivity Map, making Management easier. View Fabrics To view only fabrics, without seeing groups, products or ports: Select View > Show> Fabrics Only. View Groups To view only groups and fabrics, without seeing products or ports: Select View >...

  • Page 170: Customizing Application Tables

    Customizing application tables You can customize any table in the Management application (for example, the Master Log or the Product List) in the following ways: • Display only specific columns • Display columns in a specific order • Resize the columns to fit the contents •...

  • Page 171

    2. Choose from the following options: • Select the check box to display a column. Select the column name and click Show. • Clear the check box to hide a column. Select the column name and click Hide. • Click Select All to select all check boxes. •...

  • Page 172

    Copying table information You can copy the entire table or a specific row to another application (such as, Notepad, Excel, Word, and so on). 1. Choose from one of the following options: • Right-click anywhere in the table and select Table > Copy Table. •...

  • Page 173: Searching For A Device In The Connectivity Map

    Expanding and collapsing tables You can expand a table to display all information or collapse it to show only the top level. To expand the entire table, right-click anywhere in the table and select Expand All or Table > Expand All. To collapse the entire table, right-click anywhere in the table and select Collapse All or Table >...

  • Page 174

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 175: About Third-party Tools, In This Chapter

    Chapter Third-party tools In this chapter • About third-party tools ......... . 141 •...

  • Page 176: Starting Third-party Tools From The Application, Launching A Telnet Session

    Starting third-party tools from the application You can open third-party tools from the Tools menu or a device’s shortcut menu. Remember that you cannot open a tool that is not installed on your computer. You must install the tool on your computer and add the tool to the Tools menu or the device’s shortcut menu.

  • Page 177: Launching An Element Manager, Launching Web Tools

    Launching an Element Manager Element Managers are used to manage Fibre Channel switches and directors. You can open a device’s Element Manager directly from the application. To launch a device’s Element Manager, complete the following steps. On the Connectivity Map, double-click the device you want to manage. The Element Manager displays.

  • Page 178: Launching Fcr Configuration

    1. Select a Fabric OS device. 2. Select Configure > Element Manager > Hardware. Web Tools displays. 1. Select a Fabric OS device. 2. Click the Element Manager icon on the toolbar. Web Tools displays. Launching FCR configuration Use FCR Configuration to launch the FC Routing module, which enables you to share devices between fabrics without merging the fabrics.

  • Page 179: Launching Hcm Agent

    Launching HCM Agent Use Brocade HCM Agent to enable and manage Brocade HBAs. You can open HCM Agent directly from the application. For more information about HCM Agent, refer to the Brocade HCM Agent Administrator’s Guide. For more information about Brocade HBAs, refer to the documentation for the specific device.

  • Page 180: Adding A Tool

    Adding a tool You can specify third-party tools so they appear on the Setup Tools dialog box. From there, you can add them to the Tools menu and then open the tools directly from the Management application. To add a tool, complete the following steps. 1.

  • Page 181: Entering The Server Ip Address Of A Tool, Adding An Option To The Tools Menu

    Entering the server IP address of a tool If the third-party tool is a web-based application, you must enter the IP address of the applications server as a parameter to be able to open the application. To enter the server IP address, complete the following steps. 1.

  • Page 182: Changing An Option On The Tools Menu, Removing An Option From The Tools Menu

    The new tool displays in the Tool Menu Items table. NOTE You must click Add before clicking OK; otherwise, the new menu option is not created. 8. Click OK to save your work and close the Setup Tools dialog box. The tool you configured now displays on the Tools menu.

  • Page 183: Adding An Option To A Device's Shortcut Menu

    If the tool is not being utilized, no confirmation message displays. 5. Click Update to remove the tool. 6. Click OK to save your work and close the Setup Tools dialog box. Adding an option to a device’s shortcut menu You can add an option to a device’s shortcut menu.

  • Page 184: Changing An Option On A Device's Shortcut Menu

    Changing an option on a device’s shortcut menu You can change the parameters for a tool that displays on a device’s shortcut menu. To edit an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays.

  • Page 185: Removing An Option From A Device's Shortcut Menu

    Removing an option from a device’s shortcut menu You can remove a tool that displays on a device’s shortcut menu. To remove an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2.

  • Page 186: Vmware Vcenter Plug-in, Registering A Vcenter Server

    VMware vCenter plug-in NOTE You must have host management privileges to access the Plug-in for VMware vCenter dialog box. The VMware vCenter plug-in is a web application hosted on the Management server. This web application sends dynamic HTML content to the vSphere or VI client and the client renders the HTML content.

  • Page 187: Editing A Vcenter Server, Deleting A Vcenter Server

    Editing a vCenter server 1. Select Tools > Plug-in for VMware vCenter. The Plug-in for VMware vCenter dialog box displays. 2. Click Edit. The Edit vCenter Server dialog box displays. The Host field is not editable in the Edit vCenter Server dialog box.

  • Page 188

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 189: Server Management Console Overview, In This Chapter, Launching The Smc On Windows

    Chapter Server Management Console In this chapter • Server management console overview ......155 •...

  • Page 190: Launching The Smc On Linux And Solaris, Services, Monitoring And Managing Management Application Services

    Launching the SMC on Linux and Solaris Perform the following steps to launch the server management console on Linux and Solaris systems. 1. On the Management application server, go to the following directory: Install_Directory/bin 2. Type the following at the command line: ./smc sh smc Services...

  • Page 191: Stopping All Services, Stopping The Cimom Services

    Stopping all services To stop all services, complete the following steps. 1. Launch the Server Management Console. 2. Click the Services tab. 3. Click Stop to stop all services. Note that clicking Restart stops and then restarts all services. 4. Click Close to close the Server Management Console. Stopping the CIMOM services To stop the CIMOM (Common Information Model Object Manager) services, complete the following steps.

  • Page 192: Starting All Services, Restarting All Services, Changing Server Port Numbers

    Starting all services NOTE The Start button restarts running services in addition to starting stopped services which causes client-server disconnect. To start all services, complete the following steps. 1. Launch the Server Management Console. 2. Click the Services tab. 3. Click Start to start all services. NOTE If the server is configured to use an external FTP server, the Server Management Console does not attempt to start the built-in FTP service.

  • Page 193: Authentication, Configuring A Radius Server

    Authentication The Authentication function enables you to configure an authentication server and establish authentication policies. Authentication is configured to the local database by default. If you configure primary authentication to a Radius server, an LDAP server, or switch authentication, you can also configure secondary authentication to the local server.

  • Page 194: Configuring An Ldap Server

    8. Enter the timeout timer value (in seconds) that specifies the amount of time to wait between retries when the server is busy in the Timeout (Sec) field. 9. Enter the number of attempts to be made to reach a server before assuming it is unreachable in the Attempts field.

  • Page 195: Configuring Switch Authentication

    12. Click Apply to save the configuration. Configuring switch authentication Switch authentication enables you to authenticate a user account against the switch database and the Management application server. You can configure up to three switches and specify the fall back order if one or more of the switches is not available. NOTE Switch authentication is only supported on Fabric OS devices.

  • Page 196: Configuring Windows Authentication, Configuring Nis Authentication

    Configuring Windows authentication Windows authentication enables you to authenticate a user account against the Windows user accounts and the Management application server when running on Windows hosts. The following list details the supported Windows authentication types and the associated platforms: •...

  • Page 197: Configuring Unix Password File Authentication, Configuring Local Database Authentication

    Configuring UNIX password file authentication UNIX password file (etc/password) authentication enables you to authenticate a user account against the UNIX user account and the Management application server when running on UNIX platforms. To configure UNIX password file authentication, complete the following steps. 1.

  • Page 198: Displaying The Client Authentication Audit Trail, Restoring The Database

    Displaying the client authentication audit trail All responses to authentication requests coming from clients are logged to an audit trail log file. This file is automatically backed up on the first day of every month. 1. Select the Authentication tab. 2.

  • Page 199

    FIGURE 65 Restore tab 4. Click Browse to select the path (defined in the Output Directory field on the Options dialog box - Backup pane) to the database backup location. 5. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console.

  • Page 200: Capturing Technical Support Information

    Capturing technical support information The Technical Support Information tab of the SMC allows you to capture technical support information for the Management application as well as the configuration files for all switches in discovered fabrics. This information is saved in a zip file in a location that you specify. To capture technical support information, complete the following steps.

  • Page 201: Upgrading Hcm On The Management Server

    Upgrading HCM on the Management server The HCM Upgrade tab enables you to upgrade the Management application to include a new version of HCM. To upgrade HCM, complete the following steps. 1. Select the HCM Upgrade tab (Figure 67). FIGURE 67 HCM Upgrade tab 2.

  • Page 202: Smi Agent Configuration, Launching The Smia Configuration Tool On Windows

    SMI Agent configuration The SMIA Configuration Tool enables you to configure SMI Agent settings, such as security, CIMOM, and certificate management. This tool is automatically installed with the Management application as part of the Server Management Console. This SMIA Configuration Tool consists of the following tabs: •...

  • Page 203: Launching The Smia Configuration Tool On Linux And Solaris

    FIGURE 69 SMIA Configuration Tool dialog box Launching the SMIA configuration tool on Linux and Solaris NOTE All Management application services must be running before you can log into the SMIA Configuration Tool. To start the Management application services, click Start on the Server Management Console dialog box.

  • Page 204: Launching A Remote Smia Configuration Tool, Home Tab

    Launching a remote SMIA configuration tool To launch a remote SMIA configuration tool, complete the following steps. 1. Open a web browser and enter the IP address of the Management application server in the Address bar. If the web server port number does not use the default (443 if is SSL Enabled; otherwise, the default is 80), you must enter the web server port number in addition to the IP address.

  • Page 205

    Accessing Management application features To access Management application features such as, discovery, role-based access control, application configuration and display options, server properties, as well as the application name, build, and copyright, complete the following steps. 1. Click the Home tab, if necessary. 2.

  • Page 206

    1. Click the Authentication tab. FIGURE 70 Authentication tab 2. Select the Enable Client Mutual Authentication check box, as needed. If the check box is checked, CIM client mutual authentication is enabled. If the check box is clear (default), client mutual authentication is disabled. 3.

  • Page 207

    Configuring CIMOM server authentication CIMOM server authentication is the authentication mechanism between the CIM client and the CIMOM Server. You can configure the CIMOM server to allow the CIM client to query the CIMOM server without providing credentials; however, the CIMOM server requires the Management application credentials to connect to the Management application server to retrieve the required data.

  • Page 208: Cimom Configuration

    CIMOM configuration NOTE You must have Security Read and Write privileges to make changes on the CIMOM tab. The CIMOM tab enables you to configure the CIMOM server port, the Bind Network Address, and the CIMOM log. Configuring the SMI Agent port number To configure the SMI Agent port number, complete the following steps.

  • Page 209

    4. Click Apply. NOTE Changes on this tab take effect after the next CIMOM server restart. If you disabled SSL, a confirmation message displays. Click Yes to continue. 5. Click Close to close the SMIA Configuration Tool dialog box. Configuring the Bind Network Address NOTE You must have Security Read and Write privileges to make changes on the CIMOM tab.

  • Page 210: Certificate Management

    • Finer—select to only log message data used to provide detailed trace information. • Finest—select to only log message data used to provide highly detailed trace information. • All—select to log support data for all messages. 3. Click Apply. NOTE Changes on this tab take effect after the next CIMOM server restart.

  • Page 211

    2. Select the Client or Indication from the Authentication list. The appropriate certificates display in the Certificates list. 3. Enter the full path or browse to the certificate you want to import (for example, C:\Certificates\cimom-indication-auth2.cer). You can only import certificate files with the CER extension (.cer). 4.

  • Page 212: Deleting A Certificate

    5. Browse to the directory where you want to export the certificate. 6. Edit the certificate name in the File Name field, if necessary. Click Save. 8. Click Close to close the SMIA Configuration Tool dialog box. Deleting a certificate NOTE You must have Security Read and Write privileges to view or make changes to the Certificate Management tab.

  • Page 213: Viewing The Configuration Summary

    Viewing the configuration summary To view summary information about the Server configuration and the current configuration, complete the following steps. 1. Click the Summary tab. FIGURE 73 Summary tab 2. Review the summary. NOTE When the CIMOM server is stopped, the server configuration information does not display on the Summary tab.

  • Page 214

    Field/Component Description Bind Network Address Displays the Bind Network address for the Server Configuration and the Current Configuration. Log Level Displays the log level for the Server Configuration and the Current Configuration. Options include the following: • 10000—Off • 1000—Severe •...

  • Page 215: Configuration Repository Management, In This Chapter, Saving Switch Configurations

    Chapter Device Configuration In this chapter • Configuration repository management ......181 • Device properties.

  • Page 216

    FIGURE 74 Save switch configurations 2. Select the switches for which you want to save configuration files from Available Switches. 3. Click the right arrow to move the selected switches to Selected Switches. 4. Click OK. Configuration files from the selected switches are saved to the repository. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 217: Restoring A Switch Configuration For A Selected Device

    Restoring a switch configuration for a selected device The Restore Switch Configuration dialog box enables you to download a previously saved switch configuration to a selected device. To restore a switch configuration, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Restore.

  • Page 218: Backing Up A Switch Configuration

    Backing up a switch configuration NOTE The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all fabrics discovered.

  • Page 219

    3. Set the Schedule parameters. These include the following: The desired Frequency for backup operations (daily, weekly, monthly). The Day you want back up to run. If Frequency is Daily, the Day list is grayed out. If Frequency is Weekly, choices are days of the week (Sunday through Saturday). If Frequency is Monthly, choices are days of the month (1 through 31).

  • Page 220: Restoring A Configuration From The Repository

    Restoring a configuration from the repository 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2. Select the configuration you want to restore, and click Restore. The configuration is downloaded to the device.

  • Page 221: Viewing Configuration File Content

    Viewing configuration file content You can view switch configuration file content in a text file. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2.

  • Page 222: Searching The Configuration File Content, Deleting A Configuration, Exporting A Configuration, Importing A Configuration

    Searching the configuration file content To search the configuration file content, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2.

  • Page 223: Keeping A Copy Past The Defined Age Limit, Replicating Configurations, Replicating Security Configurations, Device Properties

    3. Use the file chooser to select the file from which you want to import the configuration, and click Import. Keeping a copy past the defined age limit 1. Right click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository.

  • Page 224

    • FC Ports • GigE Ports • IP Ports • iSCSI Ports • • Remote Ports • • Virtual Sessions Ports • Virtual FCoE Ports Depending on the device type, some of the properties listed in the following table may not be available for all products.

  • Page 225

    TABLE 11 Device properties Field/Component Description IKE Policy # The IKE policy number. Also includes the following information: • Authentication Algorithm • Encryption Algorithm • Diffie-Hellman • SA Life IP Address The device’s IP address. IPSec Policy # The IPSec policy number. Also includes the following information: •...

  • Page 226: Adding A Property Label

    TABLE 11 Device properties Field/Component Description Slot # The slot number of the trunk. Source IP Address The IP address of the of the FCIP tunnel source device. Speed (Gb/s) The speed of the port in gigabytes per second. State The device’s state, for example, online or offline.

  • Page 227: Editing A Property Label

    Click OK. The new property displays above the one you selected. Editing a property label You can edit any label that you create on the Properties dialog box. To edit any field you create, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays.

  • Page 228: Deleting A Property Label, Editing A Property Field, Enhanced Group Management

    Deleting a property label You can delete any label that you created on any of the tabs from the Properties dialog box. To delete a label, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays. 2.

  • Page 229: Firmware Management, Displaying The Firmware Repository

    Firmware management A firmware file repository (Windows systems only) is maintained on the server in the following location: C:\Program Files\Install_Directory\data\ftproot\6.1.1\n.n.n\n.n.n\ The firmware repository is used by the internal FTP server that is delivered with the Management application software, and may be used by an external FTP server if it is installed on the same platform as the Management application software.

  • Page 230: Importing A Firmware File And Release Notes

    FIGURE 75 Firmware repository 3. View information about a specific firmware file by selecting the firmware file in the Firmware Repository. The Firmware Name, Release Date, and Import Date are displayed. You may also view the Release Notes, if the release notes were imported. Importing a firmware file and release notes Firmware files and release notes can be imported into the Firmware Repository.

  • Page 231: Deleting A Firmware File, Download Firmware

    4. Type in the location of the firmware file and release notes, or use Browse to select the location. The Management application supports .zip and .gz compression file types for firmware files. 5. Click OK. You return to the Repository tab. The file is listed in the Firmware Repository when the import is complete and successful.

  • Page 232

    FIGURE 77 Firmware download 3. Select one or more switches from Available Switches. 4. Click the right arrow to move the switches to Selected Switches. 5. Select a specific version from the Firmware to Download column, or use Select Latest to automatically select the latest version.

  • Page 233: Host Port Mapping, Creating A New Host

    Host port mapping HBAs and Hosts discovered through a fabric can be easily identified in the topology by their product icons. For a list of products and their icons, refer to “Product icons” on page 11. Once identified in the topology, you can create Hosts and assign the HBAs to them and import an externally created Host port mapping file (.CSV) to the Management application.

  • Page 234: Renaming An Hba Host, Deleting An Hba Host, Viewing Host Properties

    Renaming an HBA Host To rename a Host, complete the following steps. 1. Right-click an HBA icon and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Click the Host you want to rename in the Hosts table, wait a moment, and then click it again. The Host displays in edit mode.

  • Page 235: Importing Hba-to-host Mapping

    1. Right-click an HBA icon and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Select the Host to which you want to assign HBAs in the Hosts table or click New Host to create a new Host. 3.

  • Page 236: Removing An Hba From A Host, Exporting Host Port Mapping

    To import Host port mapping, complete the following steps. 1. Right-click an HBA icon and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Click Import. The Import dialog box displays. 3. Browse to the file (CSV format only) you want to import. 4.

  • Page 237

    5005076717011E7D, Server1 50050767170A5AAF, Server1 To export a Host port, complete the following steps. 1. Open the Host Port Mapping dialog box by performing one of the following actions: Select an HBA port icon in the topology view, then select Discover > Host Port Mapping. Right-click any HBA port icon in the topology view and select Host Port Mapping.

  • Page 238: Ports, Viewing Port Connectivity

    Ports You can enable and disable ports, as well as view port details, properties, type, status, and connectivity. Viewing port connectivity The connected switch and switch port information displays for all ports. To view port connectivity, choose one of the following steps: •...

  • Page 239

    TABLE 13 Port connectivity properties Field Description Buffer Limited Whether buffers are limited. Buffers Needed/Allocated The ratio of buffers needed relative to the number of buffers allocated. Calculated Status The operational status. There are four possible operation status values: • Up - Operation is normal.

  • Page 240

    TABLE 13 Port connectivity properties Field Description Device Type The device type; for example, target or initiator. FC4 Type The active FC4 type; for example, SCSI. FC Address The Fibre Channel address. Each FC port has both an address identifier and a world wide name (WWN). Flag Whether a flag is on or off.

  • Page 241: Refreshing The Port Connectivity View, Enabling A Port, Disabling A Port

    TABLE 13 Port connectivity properties Field Description Switch Routing Policy Whether a routing policy, for example, port-based routing policy, is enabled. Switch Secure Mode Whether switch secure mode is enabled. Switch Status The operational status. There are four possible operation status values: •...

  • Page 242: Filtering Port Connectivity

    Filtering port connectivity To filter results from the port connectivity view, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box The Filter dialog box displays (Figure 80). FIGURE 80 Filter dialog box 2. Click a blank cell in the Field column to select the property from which to filter the results. 3.

  • Page 243: Viewing Port Details

    Resetting the filter Reset immediately clears all existing definitions. You cannot cancel the reset. To reset the Filter dialog box, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box. The Filter dialog box displays. 2.

  • Page 244: Viewing Ports And Port Properties

    Viewing ports and port properties To view ports on the Connectivity Map, right-click a product icon and select Show Ports. NOTE Show Ports is not applicable when the map display layout is set to Free Form (default). NOTE This feature is only available for connected products. On bridges and CNT products, only utilized Fibre Channel ports display;...

  • Page 245

    Depending on the port type, some of the following properties (Table 14) may not be available for all products. TABLE 14 Port properties Field Description # Virtual Session Ports The number of virtual session ports associated with the GE port. Additional Port Info Additional error information relating to the selected port.

  • Page 246

    TABLE 14 Port properties Field Description MAC Address The Media Access Control address assigned to a network adapters or network interface cards (NICs). Manufacturer Plant The name of the manufacturer plant. Modify button Click to launch the Element Manager. Model The model number of the device.

  • Page 247: Port Types, Showing Connected Ports

    TABLE 14 Port properties Field Description Vendor The product vendor. Virtual FCoE Port Count The number of FC ports on the device. Port types On the Connectivity Map, right-click a switch icon and select Show Ports. The port types display showing which ports are connected to which products.

  • Page 248: Viewing Port Connection Properties

    Viewing port connection properties You can view the information about products and ports on both sides of the connection. 1. Right-click the connection between two end devices on the Connectivity Map and select Properties. Double-click the connection between two devices on the Connectivity Map. The Connection Properties dialog box displays.

  • Page 249

    TABLE 16 Port connection properties Field Description 2-IP Address The IP address of the second switch. 2-Trunk Whether there is a trunk on the second switch. 2-Speed (Gbps) The speed of the second switch. Selected Connection Properties table The connected device port information. Area ID (hex)/Port Index (hex) The area identifier, in hexadecimal, of the switch-to-product connection.

  • Page 250: Determining Inactive Iscsi Devices, Determining Port Status

    TABLE 16 Port connection properties Field Description Protocol The network protocol, for example, Fibre Channel. RA TOV The resource allocation time out value, in milliseconds, of the connected switch. This variable works with the E D TOV variable to determine switch actions when presented with an error condition. Sequence # The sequence number of the switch.

  • Page 251: Viewing Port Optics

    Viewing port optics To view port optics, complete the following steps. 1. Right-click the switch for which you want to view port optic information on the Connectivity Map and select Port Optics (SFP). The Port Optics (SFP) dialog box displays(Figure 83).

  • Page 252

    • Vendor PN—The part number of the SFP. • Vendor Rev—The revision number of the SFP. • Serial #—The serial number of the SFP. • Data Code—The data code. • Media Form Factor—The type of media for the transceiver; for example, single mode. •...

  • Page 253: Port Auto Disable, Viewing The Port Auto Disable Status

    Port Auto Disable The Port Auto Disable dialog box allows you to enable and disable the port auto disable flag on individual FC_ports or on all ports on a selected device, as well as unblock currently blocked ports. NOTE The device must be running Fabric OS 6.3 or later. Viewing the port auto disable status NOTE The device must be running Fabric OS 6.3 or later.

  • Page 254: Enabling Port Auto Disable On Individual Ports

    • Port Type—Displays the port type. • Port Number—Displays the port number. • Port WWN—Displays the port world wide name. • Port Name—Displays the port name. • User Port #—Displays the user port number. • PID—Displays the port identifier. • Connected Port #—Displays the connected port number.

  • Page 255: Disabling Port Auto Disable On Individual Ports

    Disabling port auto disable on individual ports NOTE The device must be running Fabric OS 6.3 or later. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to disable port auto disable (PAD) from the Fabric list. 3.

  • Page 256: Storage Port Mapping Configuration, Creating A Storage Array

    Storage port mapping configuration The Management application enables you to see multiple ports on your storage devices in a SAN. It also displays the relationship between multiple ports and represents them as attached to a storage array (device) in the Device Tree, Topology, and Fabric views. Occasionally, there are cases where the Management application cannot see the relationship between ports attached to the same storage device.

  • Page 257: Adding Storage Ports To A Storage Array, Unassigning A Storage Port From A Storage Array

    4. Add storage ports to the new storage array. NOTE You must add at least one storage ports to the new storage array to save the new array in the system. For step-by-step instructions about adding ports to an array, refer to “Adding storage ports to a storage array”...

  • Page 258: Reassigning Mapped Storage Ports, Editing Storage Array Properties

    3. Click the left arrow button. The selected storage port is removed from the Storage Array list and added to the Storage Ports table. 4. Click OK to save your work and close the Storage Port Mapping dialog box. Reassigning mapped storage ports To reassign a storage port, complete the following steps.

  • Page 259: Deleting A Storage Array, Viewing Storage Port Properties

    4. Click OK on the Properties dialog box to save the storage array properties. 5. Click OK to save your work and close the Storage Port Mapping dialog box. Deleting a storage array To delete a storage array, complete the following steps. 1.

  • Page 260: Viewing Storage Array Properties, Importing Storage Port Mapping

    Viewing storage array properties To view storage array properties, complete the following steps. 1. Open the Storage Port Mapping dialog box by performing one of the following actions: Select a storage port icon in the topology view, then select Discover > Storage Port Mapping.

  • Page 261

    4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure (first entry must be the storage node name (WWN) and second entry must be the storage array name), well formed WWNs, and counts number of errors If more than 5 errors occur, import automatically cancels.

  • Page 262: Exporting Storage Port Mapping

    Exporting storage port mapping The Storage Port Mapping dialog box enables you to export a storage port array. The export file uses the CSV format. The first row contains the headers (Storage Node Name (WWNN), Storage Array Name) for the file. Example Storage Node Name (WWNN), Storage Array Name 20000004CFBD7100,New Storage Array...

  • Page 263: Device Technical Support, Scheduling Technical Support Information Collection

    Device Technical Support You can use Technical Support to collect supportSave data (such as, RASLOG, TRACE and so on) and switch events from Fabric OS devices. You can gather technical data for M-EOS devices using the device’s Element Manager. To gather technical support information for the Management application server, refer to “Capturing technical support information”...

  • Page 264: Starting Immediate Technical Support Information Collection

    Starting immediate technical support information collection NOTE The switch must be running Fabric OS 5.2.X or later to collect technical support data. NOTE The HBA must be a managed Brocade HBA. NOTE You must have the SupportSave privilege to perform this task. To capture technical support and event information for specified devices, complete the following steps.

  • Page 265: Viewing Technical Support Information, E-mailing Technical Support Information

    Viewing technical support information To view technical support information, complete the following steps. 1. Select Monitor > Technical Support > View Repository. The Repository dialog box displays. 2. Choose from one of the following options: • Select the Switches tab to view technical support information on switches. •...

  • Page 266: Copying Technical Support Information To An External Ftp Server

    Copying technical support information to an external FTP server To copy the Support Save data located in the built-in FTP server to an external FTP server, complete the following steps. 1. Select Monitor > Technical Support > View Repository. The Repository dialog box displays. 2.

  • Page 267: Upload Failure Data Capture, Enabling Upload Failure Data Capture

    Upload Failure data capture You can use Upload Failure Data Capture to enable, disable, and purge failure data capture files as well as configure the FTP Host for the switch. NOTE Upload Failure Data Capture is only supported on Fabric OS devices. Enabling upload failure data capture 1.

  • Page 268: Disabling Upload Failure Data Capture, Purging Upload Failure Data Capture Files

    Disabling upload failure data capture NOTE Upload Failure Data Capture is only supported on Fabric OS devices. 1. Select Monitor > Technical Support > Upload Failure Data Capture. The Upload Failure Data Capture dialog box displays. 2. Select one or more devices on which you want to disable automatic trace dump from the Available Switches with Upload Failure Data Capture Enabled table.

  • Page 269: Configuring The Upload Failure Data Capture Ftp Server

    Configuring the upload failure data capture FTP server NOTE Upload Failure Data Capture is only supported on Fabric OS devices. NOTE Some external FTP software (such as, Filezilla and Xlight) are not supported. 1. Select Monitor > Technical Support > Upload Failure Data Capture. The Upload Failure Data Capture dialog box displays.

  • Page 270: Viewing The Upload Failure Data Capture Repository

    Viewing the upload failure data capture repository NOTE Upload Failure Data Capture is only supported on Fabric OS devices. 1. Select Monitor > Technical Support > View Repository. The Repository dialog box displays. 2. Select the trace dump file you want to view from the Available Support and Upload Failure Data Capture Files table.

  • Page 271: Fabric Binding Overview, In This Chapter

    Chapter Fabric Binding In this chapter • Fabric binding overview......... 237 •...

  • Page 272: Enabling Fabric Binding

    Enabling fabric binding Fabric Binding is enabled through the Fabric Binding dialog box. After you have enabled Fabric Binding, use the Fabric Membership List/Add Detached Switch to add switches that you want to allow into the fabric. NOTE In a pure Fabric OS environment, Fabric Binding is only supported on Fabric OS 5.2 or later. In a mixed Fabric OS and M-EOS environment, Fabric Binding is only supported on Fabric OS 6.0 or later and M-EOS manageable switches and fabrics.

  • Page 273: Disabling Fabric Binding, Adding Switches To The Fabric Binding Membership List

    Disabling fabric binding Fabric Binding cannot be disabled while High Integrity Fabric is active if the switch is offline. This disables fabric binding and High Integrity Fabric on the switch, but not the rest of the fabric. Disabled switches segment from the fabric. Fabric Binding is disabled through the Fabric Binding dialog box.

  • Page 274: Adding Detached Devices To The Fabric Binding Membership List, Removing Switches From Fabric Binding Membership

    Adding detached devices to the fabric binding membership list To add a switch that does not have a physical connection and is not discovered to the fabric, complete the following steps. 1. Select Configure > Fabric Binding. The Fabric Binding dialog box displays. 2.

  • Page 275: High Integrity Fabrics

    High integrity fabrics The High Integrity Fabric (HIF) mode option automatically enables features and operating parameters that are necessary in multiswitch Enterprise Fabric environments. When HIF is enabled, each switch in the fabric automatically enforces a number of security-related features including Fabric Binding, Switch Binding, Insistent Domain IDs, and Domain Register for State Change Notifications (RSCNs).

  • Page 276: High Integrity Fabric Requirements, Activating High Integrity Fabrics

    High integrity fabric requirements The term high integrity fabric (HIF) refers to a set of strict, consistent, fabric-wide policies. There are several specific configuration requirements for high integrity fabrics: • Insistent domain ID (IDID) must be enabled in the participating switches. •...

  • Page 277: Deactivating High Integrity Fabrics

    2. Select the fabric on which you want to activate HIF from the Fabric Name list. The HIF status displays in the High Integrity Fabric field. 3. Click Activate. For Pure Fabric OS fabrics, HIF activates the Switch Connection Control (SCC) policy, sets Insistent Domain ID, and sets the Fabric Wide Consistency Policy (FWCP) for SCC in strict mode.

  • Page 278

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 279: Fault Management Overview, In This Chapter

    Chapter Fault Management In this chapter • Fault management overview........245 •...

  • Page 280: Event Logs, Viewing Event Logs

    Event logs The Management application provides a variety of logs through which you can monitor the SAN. You can view all events that take place in the SAN through the Master Log at the bottom of the main window. You can also view a specific log by selecting an option from the Monitor menu’s Logs submenu.

  • Page 281: Copying Part Of A Log Entry, Copying An Entire Log Entry

    Copying part of a log entry You can copy data from logs to other applications. Use this to analyze or store the data using another tool. To copy part of a log, complete the following steps. 1. Select Monitor > Logs > Log_Type. The Log_Type Logs dialog box displays the kind of log you selected.

  • Page 282: Exporting The Entire Log, E-mailing All Event Details From The Master Log

    Exporting the entire log You can export the log data to a tab delimited text file. To export a log, complete the following steps. 1. Select Monitor > Logs > Log_Type. The Log_Type Log dialog box displays the kind of log you selected. 2.

  • Page 283: E-mailing A Range Of Event Details From The Master Log

    5. Enter your e-mail address in the From field. 6. Click OK. E-mailing a range of event details from the Master Log NOTE You must configure e-mail notification before you can e-mail event details from the Master Log. To configure e-mail notification, refer to “Configuring e-mail notification”...

  • Page 284: Copying Part Of The Master Log, Copying The Entire Master Log

    TABLE 18 Event details Event Field Description Virtual Fabric ID The virtual fabric identifier. Message ID The message text. Recommended Action The recommended action. Contributors The contributor to this event. Time (Host) The time this event occurred and the host on which it occurred. 4.

  • Page 285: Exporting The Master Log, Filtering Events In The Master Log

    Exporting the Master Log You can export the Master Log to a tab delimited text file. Use this to analyze or store the data using another tool. To export the Master Log, complete the following steps. 1. Right-click an entry in the Master Log. 2.

  • Page 286: Setting Up Advanced Event Filtering For The Master Log

    2. Select from the following to include or exclude event types. • To include an event type in the filter, select the event from the Available Events table and click the right arrow. • To exclude an event type from the filter, select the event from the Selected Events table and click the left arrow.

  • Page 287

    b. Select the event column for the event from the Event Column list. All event columns are listed in alphabetical order. Enter all or part of the event type value in the Value Contains text box. d. Click the right arrow button to move the event type to the Additional Filters - Include these Events table.

  • Page 288

    Click the right arrow button to move the event type to the Additional Filters - Filter out these Events table. NOTE You can configure a maximum of 10 filters to be excluded. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 289: Removing An Advanced Event Filter, Event Policies, Policy Types

    6. Click OK. The Define Filter dialog box displays. Click OK to close Define Filter dialog box. Removing an advanced event filter To remove an advanced event filter, complete the following steps. 1. Click the Filter hyper link in the Master Log. The Define Filter dialog box displays.

  • Page 290: Policy Triggers

    • Authentication Event — occurs when an authentication event has been triggered. • Call Home Event — occurs when a call home event has been triggered. • Config Management Event — occurs when a configuration management event has been triggered •...

  • Page 291: Policy Actions, Adding An Event Policy

    Policy actions You can automate tasks that you perform on the SAN by configuring multiple actions to be performed when an associated trigger is fired. The following actions are available: • Broadcast Message — Displays a message to all open Clients. •...

  • Page 292: Adding An Port Offline Policy

    9. Enter all or part of the message ID associated with SNMP traps and Syslog messages in the Message ID field. If the entry matches or is part of the message ID, the policy is triggered. 10. Define the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 1024 characters.

  • Page 293: Adding A Pm Threshold Crossed Policy

    6. Define the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 1024 characters. Multiple values must be separated by a semi-colon. When multiple values are entered, as long as at least one value matches the IP address, Node WWN, or Name in the event and all other conditions are met, an action is triggered.

  • Page 294: Adding A Security Violation Policy

    9. Select the duration type (Seconds or Minutes) from the Duration list. The maximum duration is 30 minutes. 10. Select the check box in the Actions list for each action you want to occur when this policy is triggered. For a list of the available actions, refer to “Policy actions”...

  • Page 295: Defining The Broadcast Message Action

    11. Click OK on the Add Event Policy dialog box. 12. Select the Active check box for the policy you want to activate. 13. Click OK on the Event Policies dialog box. Defining the broadcast message action You can define the content of the broadcast message that occurs when a policy is triggered. You can only edit actions from the Add Event Policy, Duplicate Event Policy, or Edit Event Policy dialog boxes.

  • Page 296: Defining The Launch Script Action

    Defining the launch script action NOTE Launch scripts with a user interface are not supported. You can define the path to the script that is launched when a policy is triggered. When the script launches, the Management application does not verify the existence of the script. The script must have the following characteristics: •...

  • Page 297: Defining The Send E-mail Action

    Defining the send e-mail action You can define the content of the e-mail message that occurs when a policy is triggered. You can only edit actions from the Add Event Policy, Duplicate Event Policy, or Edit Event Policy dialog boxes. For step-by-step instructions on adding or editing an event policy, refer to “Adding an event policy”...

  • Page 298: Configuring Support Data Capture Action, Activating A Policy, Deactivating A Policy

    Configuring support data capture action You can configure the Management application to start supportSave capture on Fabric OS devices when a policy is triggered. You can only edit actions from the Add Event Policy, Duplicate Event Policy, or Edit Event Policy dialog boxes. For step-by-step instructions on adding or editing an event policy, refer to “Adding an event policy”...

  • Page 299: Deleting A Policy, Duplicating An Event Policy

    Deleting a policy 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to delete. Press Ctrl and then click to select more than one policy. 3. Click Delete. 4. Click OK on the Event Policies dialog box. Duplicating an event policy To duplicate an event policy, complete the following steps.

  • Page 300: Duplicating An Port Offline Policy

    10. Edit the trigger in the IP Address, Node WWN, and Name list. The trigger is limited to 1024 characters. Multiple values must be separated by a semi-colon. When multiple values are entered, as long as at least one value matches the IP address, Node WWN, or Name in the event and all other conditions are met, an action is triggered.

  • Page 301: Duplicating A Pm Threshold Crossed Policy

    8. Select the duration type (Seconds or Minutes) from the Duration list. The maximum duration is 30 minutes. 9. Select the check box in the Actions list for each action you want to occur when this policy is triggered. For a list of the available actions, refer to “Policy actions”...

  • Page 302: Duplicating A Security Violation Policy

    11. Select the Active check box to activate the duplicated policy. 12. Click OK on the Event Policies dialog box. Duplicating a security violation policy To duplicate a security violation policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays.

  • Page 303: Editing An Event Policy

    Editing an event policy To edit an event policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays.

  • Page 304: Editing An Port Offline Policy

    Editing an Port offline policy To edit an Port offline policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays.

  • Page 305: Editing A Pm Threshold Crossed Policy

    Editing a PM threshold crossed policy To edit a PM threshold crossed policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3.

  • Page 306: Editing A Security Violation Policy, Viewing Events

    Editing a security violation policy To edit a security violation policy, complete the following steps. 1. Select Monitor > Event Policies. The Event Policies dialog box displays. 2. Select the policy you want to edit in the Policies table. 3. Click Edit. The Edit Event Policy dialog box displays.

  • Page 307: Event Notification, Configuring E-mail Notification

    Event notification The Management application records the SAN events in the Master Log. You can configure the application to send event notifications to e-mail addresses at certain time intervals. This is a convenient way to keep track of events that occur on the SAN. You can also configure products to “call home”...

  • Page 308: Setting Up Advanced Event Filtering For A User

    8. Enter the length of time the application should wait between notifications in the Summary Interval field and list. Notifications are combined into a single e-mail and sent at each interval setting. An interval setting of zero causes notifications to be sent immediately. ATTENTION Setting too short an interval can cause the recipient’s e-mail inbox to fill very quickly.

  • Page 309

    FIGURE 93 Advanced Event Filtering dialog box - Include Events tab a. Select the event type you want to include from the Event Type list. All event types are listed in alphabetical order. b. Select the event column for the event from the Event Column list. All event columns are listed in alphabetical order.

  • Page 310

    FIGURE 94 Advanced Event Filtering dialog box - Include Events tab a. Select the event type you want to remove from the Event Type list. All event types are listed in alphabetical order. b. Enter all or part of the event type description text in the Description Contains text box (up to 40 characters).

  • Page 311: Snmp Trap And Informs Registration And Forwarding, Registering The Management Server

    SNMP trap and informs registration and forwarding You can configure the application to send SNMP traps and informs to other computers. To correctly configure trap forwarding, you must configure the target computer’s IP address and SNMP ports. To correctly configure informs, you must enable informs on the switch. Registering the management server NOTE If the source IP address does not match the switch, the Management application does not forward...

  • Page 312: Removing A Host Server, Enabling Trap Forwarding, Adding An Snmpv1 Destination

    5. Select a fabric from the Targeted Fabric list. 6. Select a severity (None, Critical, Error, Warning, Info, or Debug) from the Severity list. Click OK on the SNMP Setup dialog box. Removing a host server You can remove any host server as the trap recipient on managed Fabric OS devices. To remove a host server, complete the following steps.

  • Page 313: Adding An Snmpv3 Destination

    4. Click Add. The Add/Edit Trap Recipient dialog box displays. a. (Optional) In the Description field, enter a description of the trap recipient. b. In the IP Address field, enter the trap recipient’s IP address. The Management application accepts IP addresses in IPv4 or IPv6 formats. Enter the trap recipient’s UDP port number, in the port field.

  • Page 314: Editing A Destination, Removing A Destination, Disabling Trap Forwarding

    Editing a destination To edit a destination, complete the following steps. 1. Select Monitor > SNMP Setup. The SNMP Setup dialog box displays. 2. Click the Trap Forwarding tab. 3. Select the destination you want to edit in the Destinations table and click Edit. The Add/Edit Trap Recipient dialog box displays.

  • Page 315: Enabling Snmp Informs, Disabling Snmp Informs

    Enabling SNMP informs NOTE SNMP Informs is only supported on Fabric OS 6.3 or later switches discovered through SNMP v3. For information about discovery through SNMP v3, refer to “Discovering fabrics” on page 36. You can enable SNMP informs on all Informs-capable Fabric OS switches. To enable Informs, complete the following steps.

  • Page 316: Syslog Forwarding, Registering The Management Server

    Syslog forwarding NOTE Syslog messages are only available on Fabric OS devices and Brocade HBAs (managed using HCM Agent). Syslog forwarding is the process by which you can configure the Management application to send Syslog messages to other computers. Switches only send the Syslog information through port 514; therefore, if port 514 is being used by another application, you must configure the Management application to listen on a different port.

  • Page 317: Registering A Host Server, Removing A Host Server, Adding A Destination

    Registering a host server You can register any host server as the Syslog destination on managed Fabric OS devices. You can register different destinations for different fabrics. To register a host server, complete the following steps. 1. Select Monitor > Syslog Configuration. The Syslog Registration and Forwarding dialog box displays.

  • Page 318: Removing A Destination, Editing A Destination, Enabling Syslog Forwarding

    Editing a destination To edit a destination, complete the following steps. 1. Select Monitor > Syslog Configuration. The Syslog Registration and Forwarding dialog box displays. 2. Click the Syslog Forwarding tab. 3. Select the destination you want to edit in the Destinations table and click Edit. The Add/Edit Syslog Recipient dialog box displays.

  • Page 319: Disabling Syslog Forwarding

    Disabling Syslog forwarding You can disable Syslog forwarding on all defined destinations. To disable Syslog forwarding, complete the following steps. 1. Select Monitor > Syslog Configuration. The Syslog Registration and Forwarding dialog box displays. 2. Click the Syslog Forwarding tab. 3.

  • Page 320

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 321: Performance Overview, In This Chapter

    Chapter Performance Data In this chapter • Performance overview......... . 287 •...

  • Page 322: Performance Measures

    Performance measures Performance measures enable you to select one or more measures to define the graph or report. The measures available to you depend on the object type from which you want to gather performance data. • Tx % Utilization — available for FC, GE, Managed HBA ports, Managed CNA ports, 10GE ports, and FCIP tunnels.

  • Page 323: Performance Management Requirements

    • Under Sized Frames — available for Managed HBA ports and Managed CNA ports. • Over Sized Frames — available for Managed HBA ports and Managed CNA ports. • Primitive Sequence Protocol Errors — available for Managed HBA ports and Managed CNA ports.

  • Page 324

    Trap recipient: 10.191.12.240 Trap port: 162 Trap recipient Severity level: 4 Community 3: private (rw) Trap recipient: 10.103.5.105 Trap port: 162 Trap recipient Severity level: 4 Community 4: public (ro) Trap recipient: 192.168.102.41 Trap port: 162 Trap recipient Severity level: 4 Community 5: common (ro) Trap recipient: 10.32.150.116 Trap port: 162...

  • Page 325

    Priv Protocol: noPriv User 3 (rw): snmpadmin3 Auth Protocol: noAuth Priv Protocol: noPriv User 4 (ro): snmpuser1 Auth Protocol: noAuth Priv Protocol: noPriv User 5 (ro): snmpuser2 Auth Protocol: noAuth Priv Protocol: noPriv User 6 (ro): admin Auth Protocol: noAuth Priv Protocol: noPriv To set the SNMP v3 credentials on the device, use the snmpconfig --set snmpv3...

  • Page 326

    Trap Recipient's IP address : [0.0.0.0] Trap Recipient's IP address : [0.0.0.0] Trap Recipient's IP address : [0.0.0.0] To check SNMP credentials in the Management application, complete the following steps. 1. Select Discover > Setup. The Discover Setup dialog box displays. 2.

  • Page 327: Real-time Performance Data

    HA-MIB (yes, y, no, n): [yes] FCIP-MIB (yes, y, no, n): [yes] ISCSI-MIB (yes, y, no, n): [yes] • To collect performance on a Virtual Fabric enabled device, use the admin> userconfig command to make sure the Fabric OS user has access to all the Virtual Fabrics. Make --show sure that the SNMPv3 user name is same as the Fabric OS user name.

  • Page 328: Generating A Real-time Performance Graph

    Generating a real-time performance graph You can monitor a device’s performance through a performance graph that displays transmit and receive data. The graphs can be sorted by the column headers. You can create multiple real-time performance graph instances. NOTE To make sure that statistic collection for a switch does not fail, you must configure SNMP credentials for the switch.

  • Page 329: Filtering Real-time Performance Data

    Filtering real-time performance data To filter real-time performance data from the Real Time Performance Graphs dialog box, complete the following steps. 1. Open the Real Time Performance Graphs dialog box. For step-by-step instructions, refer to “Generating a real-time performance graph” page 294.

  • Page 330: Exporting Real-time Performance Data, Clearing Port Counters

    10. Select the granularity at which you want to gather performance data from the Granularity list. 11. Select the Interpolate check box to use interpolation to fill existing gaps, if necessary. 12. (Optional) Click Other Options and select the Use Same Y-axis check box to make the Y-axis range the same for object.

  • Page 331: Historical Performance Data, Enabling Historical Performance Collection San Wide

    Historical performance data Performance should be enabled constantly to receive the necessary historical data required for a meaningful report. The following options and features are available for obtaining historical performance data: • Collect historical performance data from the entire SAN or from a selected device. NOTE Virtual Fabric logical ISL ports are not included in performance collection.

  • Page 332: Generating A Historical Performance Graph

    Historical performance data collection is disabled for all fabrics in the SAN. Generating a historical performance graph To generate a historical performance graph for a device, complete the following steps. 1. Select the device for which you want to generate a performance graph. 2.

  • Page 333: Saving A Historical Performance Graph Configuration

    1. Select the type of ports from the Show list. 2. Right-click a device in the Available table and select Expand All. 3. Select the ports (press Ctrl or Shift and then click to select multiple ports) from which you want to gather performance data from the Available table and click the right arrow button.

  • Page 334: Exporting Historical Performance Data, Deleting A Historical Performance Graph

    The Source and Destination icons and the Graph column do not display 12. Save this configuration by selecting Save. The Save Favorites dialog box displays. This enables you to save the selected configuration so that you can use it to generate the same type of report at a later date. 13.

  • Page 335: End-to-end Monitoring, Configuring An End-to-end Monitor Pair

    4. Click Delete. 5. Click Yes on the confirmation message. 6. Click the close button (X) to close the Historical Performance Graph dialog box. End-to-end monitoring NOTE End-to-end monitoring requires a Fabric OS device. Performance enables you to provision end-to-end monitors of selected target and initiator pairs. These monitors are persisted in the database and are enabled on one of the F_ports on the connected device (the Management application server determines the port).

  • Page 336: Displaying End-to-end Monitor Pairs In A Real-time Graph

    Once you have created the end-to-end monitored pair, you can view both real-time and historical performance data. For step-by-step instructions refer to “Displaying end-to-end monitor pairs in a real-time graph” on page 302 or “Displaying end-to-end monitor pairs in a historical graph”...

  • Page 337: Refreshing End-to-end Monitor Pairs, Deleting An End-to-end Monitor Pair, Top Talker Monitoring

    Refreshing end-to-end monitor pairs The Management application enables you to rewrite the end-to-end monitors (deleted through CLI or an Element Manager) back to a device. To refresh all end-to-end monitor pairs, complete the following steps. 1. Select Monitor > Performance > End-to-End Monitors. The Set End-to-End Monitor dialog box displays.

  • Page 338: Configuring A Fabric Mode Top Talker Monitor

    Configuring a fabric mode Top Talker monitor NOTE A fabric mode Top Talker and an end-to-end monitor cannot be configured on the same fabric. You must delete the end-to-end monitor before you configure the fabric mode Top Talker. NOTE A fabric mode Top Talker and an F_port mode Top Talker cannot be configured on the same fabric. You must delete the F_port mode Top Talker before you configure the fabric mode Top Talker.

  • Page 339

    • Destination Port • Destination Switch/Port 8. Click the minimize button to hide this dialog box when it is not needed. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 340: Configuring An F_port Mode Top Talker Monitor

    Configuring an F_port mode Top Talker monitor NOTE An F_port mode Top Talker and an end-to-end monitor cannot be configured on the same F_port. You must delete the end-to-end monitor before you configure the F_port mode Top Talker. NOTE An F_port mode Top Talker and a fabric mode Top Talker cannot be configured on the same fabric. You must delete the fabric mode Top Talker before you configure the F_port mode Top Talker.

  • Page 341: Deleting A Top Talker Monitor, Pausing A Top Talker Monitor, Restarting A Top Talker Monitor

    Deleting a Top Talker monitor To delete a Top Talker monitor, complete the following steps. 1. Select the dialog box of the Top Talker monitor you want to delete. 2. Click Close. 3. Click Yes on the ‘do you want to delete this monitor’ message. Pausing a Top Talker monitor To pause a Top Talker monitor, complete the following steps.

  • Page 342: Thresholds And Event Notification, Creating A Threshold Policy

    Thresholds and event notification Performance allows you to apply thresholds and event notification to real-time performance data. A performance monitor process (thread) monitors the performance data against the threshold setting for each port and issues an appropriate alert to notify you when the threshold is exceeded. For information about configuring event notification, refer to Event Notification.

  • Page 343: Editing A Threshold Policy

    You can only define policies for E and F/FL ports. 5. Select a measure from the Measure list. You can only define policies for the Tx and Rx % Utilization measures. You cannot add the same measure more than once. If you try to add another threshold with the same measure, the new values overwrite the older threshold values in the Selected Thresholds table.

  • Page 344

    4. Change the policy type from the Policy Type list. 5. Select a measure from the Measure list. You cannot add the same measure more than once. If you try to add another threshold with the same measure, the new values overwrite the older threshold values in the Selected Thresholds table.

  • Page 345: Duplicating A Threshold Policy, Assigning A Threshold Policy

    13. Make the threshold changes by selecting one of the following options: • To only add new thresholds, select the Keep currently set thresholds and only add new thresholds check box. • To overwrite all existing thresholds on all fabrics and devices, select the Overwrite all thresholds currently set on all switches check box.

  • Page 346: Deleting A Threshold Policy

    3. Select one or more fabrics or devices to which you want to assign the policy in the Available Threshold Policies table. If you choose to assign the policy to a fabric and a M-EOS logical switch is present in the fabric, the policy is not assigned to the M-EOS logical switch.

  • Page 347: Connection Utilization

    6. Make the threshold changes by selecting one of the following options: • To only add new thresholds, select the Keep currently set thresholds and only add new thresholds check box. • To overwrite all existing thresholds on all fabrics and devices, select the Overwrite all thresholds currently set on all switches check box.

  • Page 348: Enabling Connection Utilization, Disabling Connection Utilization

    Enabling connection utilization NOTE Fabrics where performance data collection is not enabled display connections as thin black lines. To display the connection utilization, complete the following steps. 1. Choose from one of the following options: • Select Monitor > Performance > View Utilization •...

  • Page 349: Changing Connection Utilization

    Changing connection utilization You can change the utilization percentages. To change the utilization percentages, complete the following steps. 1. Click the change link in the utilization legend. 2. Enter or select the end percentage you want for the blue line. When you make a change to the end percentage of a utilization line, you also change the start percentage for the utilization line immediately above the one you changed when you click apply.

  • Page 350

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 351: Report Types, In This Chapter

    Chapter Reports In this chapter • Report types..........317 •...

  • Page 352: Generating Reports, Viewing Reports, Exporting Reports

    Generating reports To generate reports, complete the following steps. 1. Select Reports > Generate. The Generate Reports dialog box displays. 2. Select the types of reports you want to generate. • Fabric Ports • Fabric Summary 3. Select the fabrics for which you want to generate reports. 4.

  • Page 353

    If you do not see the report you want to export, generate it first by following the instructions in “Generating reports” on page 318. You can select reports by Time, Report Type, or User. 3. Select the format (PDF, HTML, or XML) you want to export to from the list to the left of the Export button.

  • Page 354: Printing Reports, Deleting Reports

    Printing reports You can print reports through an internet browser. 1. Select Reports > View. The View Reports dialog box displays. 2. Select the report you want to print in the left pane of the dialog box. If you do not see the report you want to view, generate it first by following the instructions in “Generating reports”...

  • Page 355: Generating Performance Reports

    Generating performance reports To generate a historical performance report for a device, complete the following steps. 1. Select the device for which you want to generate a performance report. 2. Choose one of the following options: • Select Monitor > Performance > Historical Report. •...

  • Page 356: Generating Zoning Reports

    Click Apply. The selected report automatically displays in the View Reports dialog box. NOTE Hyperlinks in reports are active only as long as the source data is available. To print the selected report, refer to “Printing reports” on page 320. To export the selected report, refer to “Exporting reports”...

  • Page 357: Users, In This Chapter, Viewing The List Of Users

    Chapter Role-Based Access Control In this chapter • Users ............323 •...

  • Page 358: Adding A User Account

    Adding a user account NOTE You must have the User Management privilege to perform this task. To add a user, complete the following steps. 1. Select Server > Users. The Server Users dialog box displays. 2. Click Add. The New User dialog box displays (Figure 99).

  • Page 359: Editing A User Account, Filtering Event Notifications For A User

    Editing a user account NOTE You must have the User Management privilege to perform this task. To edit a user, complete the following steps. 1. Select Server > Users. The Server Users dialog box displays. 2. Select the user whose information you want to edit in the Users table. 3.

  • Page 360: Removing A User Account

    FIGURE 100 Define Filter dialog box 4. Move events between the tables by selecting the event and clicking the appropriate arrow. 5. Set up advanced event filtering by clicking Advanced Filtering. For more information about advanced event filtering, refer to “Setting up advanced event filtering for a user”...

  • Page 361: Roles, Creating A User Role

    4. Click OK on the confirmation message. The selected user is removed from the Server Users dialog box. 5. Click OK to close the Server Users dialog box. Roles The Management application enables you to set privileges for individual users, which enhances the security of your SAN.

  • Page 362: Editing A User Role

    3. Enter a name for the role in the Name field. 4. (Optional) Enter a description for the role in the Description field. 5. Add Read and Write access by completing the following steps. a. In the Available Privileges list, select features to which you want to allow read and write access.

  • Page 363: Removing A User Role

    5. Remove Read and Write access by completing the following steps. a. In the Read & Write Privileges list, on the left, select features to which you want to remove read and write access. Press CTRL and click to select multiple features. b.

  • Page 364: Resource Groups, Creating A Resource Group

    5. Click OK on the “role removed” message. 6. Click OK to close the Server Users dialog box. Resource groups The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to configure user access by both role and fabric when you assign users to a role within the resource group.

  • Page 365: Editing A Resource Group

    5. Click the Hosts tab and complete the following steps to add hosts to the resource group. FIGURE 103 Add/Edit Resource Group dialog box - Hosts tab a. Select the hosts you want to include in this group in the Available Hosts table. b.

  • Page 366: Removing A Resource Group

    5. Remove fabrics from the resource group by completing the following steps. a. Click the Fabrics tab. a. In the Selected Fabrics and Hosts table, select the fabrics you want to remove from this group. b. Click the left arrow button. The selected fabrics are moved to the Available Fabrics table.

  • Page 367: Assigning A User To A Resource Group

    4. Click Yes on the message. A message box displays indicating the group was removed successfully. 5. Click OK on the message. The Server Users dialog box displays and the resource group no longer displays in the Resource Groups list. 6.

  • Page 368: Removing A User From A Resource Group, Finding A User's Resource Group

    Removing a user from a resource group NOTE You must have the User Management privilege to perform this task. NOTE You cannot remove the default resource group 'All Fabrics'. You can remove users from a resource group to take away permissions for features and topology views.

  • Page 369: About Host Management, In This Chapter

    Chapter Host management In this chapter • About host management........335 •...

  • Page 370: Hcm Software, Hcm Features

    HCM software The Host Connectivity Manager (HCM) is a management software application for configuring, monitoring, and troubleshooting Brocade host bus adapters (HBAs), converged network adapters (CNAs), and FC mezzanine cards in a storage area network (SAN) environment. HCM features Common HBA and CNA management software features include the following: •...

  • Page 371: Host Bus Adapters

    Host bus adapters Brocade offers five models of Fibre Channel Host Bus Adapters (HBAs). These models provide reliable, high-performance host connectivity for mission-critical SAN environments. The Brocade HBAs are listed in Table TABLE 20 Brocade Fibre Channel HBA models Model Number Description Number of Ports Brocade 804...

  • Page 372: Converged Network Adapters

    Converged network adapters Table 21 describes available Brocade Converged Network Adapters (CNAs) for PCIe x 8 host bus interfaces, hereafter referred to as Brocade CNAs. These adapters provide reliable, high-performance host connectivity for mission-critical SAN environments. TABLE 21 Brocade Fibre Channel CNA Models Model Number Port Speed Number of Ports...

  • Page 373

    Host discovery The Management application enables you to discover individual hosts, import a group of hosts from a CSV file, or import host names from discovered fabrics. The maximum number of host discovery requests that can be accepted is 1000. Host discovery requires HCM Agent 2.0 or later. SMI and WMI discovery are not supported.

  • Page 374: View Management, Host Port Mapping, Role-based Access Control

    View management You can customize the topology by creating views at the managed host level in addition to the fabric level views. If you discover or import a Fabric with more than approximately 2000 devices, the devices display on the Product List, but not on the Connectivity Map. Instead, the topology area shows a message stating that the topology cannot be displayed.

  • Page 375: Host Management Privileges, Host Administrator Privileges

    The Management application provides one pre-configured resource group (All Fabrics). When you create a resource group, all available roles are automatically assigned to the resource group. Once the resource group is available you can assign a user to a role within the resource group. Host management privileges You can launch the Host Connectivity Manager (HCM) if you have read and write permissions to the Host Management privilege.

  • Page 376: Host Performance Management

    Host performance management Real-time performance enables you to collect data from managed HBA and CNA ports. You can use real-time performance to configure the following options: • Select the polling rate from 20 seconds up to 1 minute. • Select up to 32 ports total from a maximum of 10 devices for graphing performance. •...

  • Page 377: Host Fault Management, Adapter Events, Event Policies

    TABLE 22 Counters (Continued) FC port measures HBA port measures CNA port measures Received length error frames Received code error frames Instructions for generating real-time performance data are detailed in “Generating a real-time performance graph”. Host fault management Fault management enables you to monitor your SAN using the following methods: •...

  • Page 378: Filtering Event Notifications, Syslog Forwarding

    Filtering event notifications The application provides notification of many different types of SAN events. If a user wants to receive notification of certain events, you can filter the events specifically for that user. NOTE The e-mail filter in the Management application is overridden by the firmware e-mail filter. When the firmware determines that certain events do not receive e-mail notification, an e-mail is not sent for those events even when the event type is added to the Selected Events table in the Define Filter dialog box.

  • Page 379: Host Security Authentication, Application

    Host security authentication Fibre Channel Security Protocol (FC-SP) is a mechanism used to secure communication between two switches or between a switch and a device such as an HBA port. You can use either the the Management application or the HCM GUI to display the authentication settings and status.

  • Page 380

    3. Configure the following parameters on the FCSP Authentication dialog box: a. Select the Enable Authentication check box to enable or disable the authentication policy. If authentication is enabled, the port attempts to negotiate with the switch. If the switch does not participate in the authentication process, the port skips the authentication process.

  • Page 381: Supportsave On Adapters

    supportSave on adapters Host management features support capturing support information for managed Brocade adapters, which are discovered in the Management application. You can trigger supportSave for multiple adapters at the same time. You can use Technical Support to collect supportSave data (such as, RASLOG, TRACE and so on) and switch events from Fabric OS devices.

  • Page 382

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 383: Fcoe Overview, In This Chapter, Dcb Exchange Protocol

    Chapter Fibre Channel over Ethernet In this chapter • FCoE overview ..........349 •...

  • Page 384: Enhanced Ethernet Features, Enhanced Transmission Selection, Priority-based Flow Control, Ethernet Jumbo Frames

    Enhanced Ethernet features Converged Enhanced Ethernet (CEE) is a set of IEEE 802 standard Ethernet enhancements that enable Fibre Channel convergence with Ethernet. The two basic requirements in a lossless Ethernet environment are Enhanced Transmission Selection (ETS) and priority-based flow control. These capabilities allow the Fibre Channel frames to run directly over 10 Gbps Ethernet segments without adversely affecting performance.

  • Page 385: Fcoe Protocols Supported, Ethernet Link Layer Protocols Supported, Fcoe Protocols

    FCoE protocols supported The Brocade FCoE converged network adapter supports two layers of protocols: Ethernet link layer and FCoE layer. They are listed in the following sections. Ethernet link layer protocols supported The following protocols support the Ethernet link layer. •...

  • Page 386: Fcoe Licensing, Save Running To Startup, Copying Switch Configurations To Selected Switches

    FCoE Licensing The FCoE license enables Fibre Channel over Ethernet (FCoE) functionality on the Brocade 8000. Without the FCoE license, the Brocade 8000 is a pure L2 Ethernet switch and will not allow FCoE bridging capabilities. With the FCoE license, the FCoE Configuration dialog displays virtual FCoE port information and enables you to manage the virtual port information.

  • Page 387: Cee Configuration

    2. Highlight a discovered CEE switch from the Available Switches table, and click the right arrow button to move the switch to the Selected Switches Table. 3. Highlight the selected switch and click OK to start the configuration. The running configuration is saved to the selected switch, effective on the next system startup. If you restore the CEE switch using the Restore Switch Configuration dialog box, you are prompted to select one of two restoration methods: •...

  • Page 388: Opening The Cee Configuration Dialog Box

    Opening the CEE Configuration dialog box 1. Launch the CEE Configuration dialog box using one of the following methods: • Select Configure > Switch > CEE from the menu bar. • Right-click the CEE switch from the device tree, and select Configure > CEE. •...

  • Page 389: Cee Configuration Tasks, Minimum Cee Configuration For Fcoe Traffic

    CEE configuration tasks The CEE Configuration dialog box enables you to perform the following tasks: • Edit CEE ports for a selected switch. You can also add a link aggregation group (LAG) if a single switch is selected. • Edit a switch or port and configure the following CEE policies: NOTE Access Control List and Spanning Tree Protocol can also be set at the LAG level.

  • Page 390

    Creating a CEE map to carry the LAN and SAN traffic To create a CEE map to carry the LAN and SAN traffic, complete the following steps. 1. Select Configure > Switch > CEE. The CEE Configuration dialog box displays. 2.

  • Page 391

    Configuring LLDP for FCoE To configure LLDP for FCoE, complete the following steps. 1. Select Configure > Switch > CEE. The CEE Configuration dialog box displays. 2. Select the switch to edit in the CEE Ports and LAGs table and click Edit. The CEE Edit Switch dialog box displays.

  • Page 392

    Configuring the CEE interface with the CEE Map and Global LLDP profile To configure the CEE interface, complete the following steps. 1. Select Configure > Switch > CEE. The CEE Configuration dialog box displays. 2. Select the Te port connected to the CNA in the CEE Ports and LAGs table and click Edit. 3.

  • Page 393

    9. Select the FCoE check box. 10. Select the CEE interface to carry the FCoE traffic from the Selection List and click Add to add it to the Selected List. 11. Click OK on the VLAN Configuration dialog box to save your changes. 12.

  • Page 394: Switch Policies, Cee Map And Traffic Class Map, Lldp Profiles, Access Control Lists

    Switch policies You can configure and enable a number of CEE policies on a switch, port, or link aggregation group (LAG). The following switch policy configurations apply to all ports in a LAG: • CEE map and Traffic Class map •...

  • Page 395: Spanning Tree Protocol Policy, X Policy

    Spanning Tree Protocol policy The Spanning Tree Protocol (STP) is a Layer 2 protocol that ensures a loop-free topology for any bridged LAN (Layer-2 bridges are typically Ethernet switches). Spanning tree allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops or the need to manually enable or disable these backup links.

  • Page 396: Link Aggregation Groups, Adding A Lag

    Link aggregation groups Link aggregation, based on the IEEE 802.3ad protocol, is a mechanism to bundle several physical ports together to form a single logical channel or trunk. The collection of ports is called a link aggregation group (LAG). LAG configuration is not supported on internal ports. The Add LAG button is enabled when a single CEE switch or ports of a single CEE switch are selected.

  • Page 397

    FIGURE 109 Add LAG dialog box 4. Configure the following LAG parameters: NOTE Ports with 802.1x authentication or ports that are L2 or L3 mode-enabled are not supported in a LAG. • Status - Enabled or Disabled. You must enable the LAG to use the CEE functionality. •...

  • Page 398

    6. Continue to configure the following LAG parameters. These parameters are always enabled. • Mode - Sets all ports added to the LAG members table in either Static or Dynamic mode. The default is Dynamic, Active, but LAG members can be Active or Passive if the LAG member is Dynamic.

  • Page 399: Editing A Cee Switch

    Editing a CEE switch 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select the CEE switch from the Products/Ports table. 3. Click Edit. The Edit Switch dialog box displays (Figure 110).

  • Page 400: Editing A Cee Port

    Editing a CEE port 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a CEE port from the Products/Ports table. 3. Click Edit. The Edit Port dialog box displays.

  • Page 401: Editing A Lag

    5. When you have finished configuring the policies, apply the settings to the CEE port. NOTE Clicking Cancel when there are pending changes launches a pop-up dialog. 6. Click OK when you have finished modifying the CEE port parameters. The CEE Confirmation and Status dialog box displays. Review the changes carefully before you accept them.

  • Page 402

    5. Configure the following LAG parameters: NOTE Ports with 802.1x authentication or ports that are L2/L3 mode enabled are not supported in a LAG. • Status - Enabled or Disabled. You must enable the LAG to use the CEE functionality. •...

  • Page 403: Enabling A Cee Port Or Lag

    NOTE If the primary or secondary IP address already exists on another interface, an error message displays in the Status area. Enabling a CEE port or LAG If you select multiple switches or multiple ports and LAGs from two or more switches, both the Enable button and the Disable button are disabled.

  • Page 404: Deleting A Lag

    Deleting a LAG You can only delete a link aggregation group (LAG) that is selected from a single switch. If you select multiple switches or multiple ports from two or more switches, the Delete button is disabled. 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions.

  • Page 405: Cee Performance, Real Time Performance Graph

    CEE Performance Performance monitoring provides details about the quantity of traffic and errors a specific port or device generates on the fabric over a specific time frame. You can also use performance to indicate the devices that create the most traffic and to identify the ports that are most congested. Real Time Performance Graph You can monitor a device’s performance through a performance graph that displays transmit and receive data.

  • Page 406: Historical Performance Graph, Historical Performance Report

    Historical Performance Graph The Historical Performance Graph dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance graph 1. Select a CEE port from the CEE Configuration dialog box, and select Historical Graph from the Performance list.

  • Page 407: Qos Configuration, Enhanced Transmission Selection, Priority-based Flow Control

    QoS configuration QoS configuration involves configuring packet classification, mapping the priority and traffic class, controlling congestion, and scheduling. The configuration of these QoS entities consist of CEE Map and Traffic Class Map configuration. In a Converged Enhanced Ethernet (CEE) configuration, Enhanced Transmission Selection (ETS) and Priority-based flow control (PFC) are configured by utilizing a priority table, a priority group table, and a priority traffic table.

  • Page 408: Creating A Cee Map

    Creating a CEE map When you create a CEE map, each of the Class of Service (CoS) options (0-7) must be mapped to at least one of the Priority Group IDs (0-7) and the total bandwidth must equal 100. All QoS, CEE map, and Traffic map configurations apply to all ports in a LAG.

  • Page 409

    5. Configure the following CEE Map parameters in the CEE Map table: • Name - Enter a name to identify the CEE map. If the switch is a 10 Gbps CEE/FC switch module, you cannot change the name. • Precedence - Enter a value between 1 - 100. This number determines the map’s priority. •...

  • Page 410: Editing A Cee Map

    Editing a CEE map 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays.

  • Page 411: Deleting A Cee Map

    Deleting a CEE map You cannot delete the CEE map of a 10 Gbps CEE/FC switch module. 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions.

  • Page 412: Assigning A Cee Map To A Port Or Link Aggregation Group

    Assigning a CEE map to a port or link aggregation group A port can have either a CEE map or a Traffic Class map assigned to it, but it cannot have both. 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions.

  • Page 413: Creating A Traffic Class Map

    Creating a traffic class map 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays.

  • Page 414: Editing A Traffic Class Map, Deleting A Traffic Class Map

    Editing a traffic class map 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays.

  • Page 415: Assigning A Traffic Class Map To A Port Or Link Aggregation Group

    Assigning a traffic class map to a port or link aggregation group You can assign a Traffic Class map to a port or ports under the LAG; however, a port does not require a Traffic Class map be assigned to it. A port can have either a CEE map or a Traffic Class map assigned to it, but it cannot have both.

  • Page 416: Lldp-dcbx Configuration, Configuring Lldp For Fcoe

    LLDP-DCBX configuration Link Layer Discovery Protocol (LLDP) provides a solution for the configuration issues caused by increasing numbers and types of network devices in a LAN environment, because, with LLDP, you can statically monitor and configure each device on a network. Data Center Bridging Capability Exchange Protocol (DCBX) enables Enhanced Ethernet devices to discover whether a peer device supports particular features, such as Priority Flow Control or Class of Service (CoS).

  • Page 417: Adding An Lldp Profile

    4. Select the Global Configuration LLDP profile in the LLDP Profiles table. 5. Click the left arrow button to edit. 6. Select the FCoE Application and FCoE Logical Link check boxes in the Advertise table to advertise them on the network. Click OK.

  • Page 418: Editing An Lldp Profile

    • DCBX - The DCBX profiles. • FCoE application - The FCoE application feature. • FCoE logical link - The logical link level for the SAN network. 6. Click the right arrow button to move the newly created profile into the DBCX Profiles table. Click OK.

  • Page 419: Deleting An Lldp Profile

    Deleting an LLDP profile 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the LLDP-DCBX tab on the Edit Switch dialog box. The LLDP Profile dialog box displays.

  • Page 420: Assigning An Lldp Profile To A Port Or Ports In A Lag

    Assigning an LLDP profile to a port or ports in a LAG You create LLDP profiles using the Edit Switch dialog box, which you access from the CEE Configuration dialog box. Global configuration parameters, which is the default selection, are displayed in the Assigned Profile table shown in Figure 119.

  • Page 421

    6. Click OK. The CEE Confirmation and Status dialog box displays. Review the changes carefully before you accept them. The port you selected on the CEE Configuration dialog box should now be assigned to the profile you selected from the Available Profiles list.

  • Page 422: Access Control List Configuration, Adding An Acl To A Switch

    Access Control List configuration Access control lists (ACL) are sequential lists consisting of permit and deny rules. They are either Layer 3 (IP)- or Layer 2 (MAC)-specific. You can configure multiple access lists and rules and store them in the configuration. Some of the benefits of ACLs include the following: •...

  • Page 423

    4. Click Add and select Standard or Extended from the Add list. The Add Extended Access Control List includes all the Standard ACL features plus two additional features: Destination and Ether Type. The ACL parameters are described below. FIGURE 121 Add Extended Access Control List dialog box 5.

  • Page 424: Editing The Parameters Of An Acl

    • Count - Instructs the system to maintain a counter. • Ether Type - Specifies the Ethernet protocol being transferred in the Ethernet frame. Only one of the following Ether types is supported at a time. Address Resolution Protocol (ARP) - Ether Type 0x0806 ...

  • Page 425: Deleting An Acl, Assigning An Acl To A Port Or Link Aggregation Group

    Deleting an ACL When you delete an ACL from the ACLs table, you are given the option to also remove the profile from the entities where it is currently associated. 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions.

  • Page 426

    FIGURE 122 Assign ACL to port dialog box 5. Select an ACL from the Available ACLs list. The ACL name is suffixed with its type (standard or extended) in parentheses; for example, Human Resources (Extended). The details of the selected ACL are displayed in the Assigned ACL Details table, shown in Figure 122.

  • Page 427: Spanning Tree Protocol Configuration, Enabling Spanning Tree Protocol

    Spanning Tree Protocol configuration You can configure Spanning Tree Protocol (STP) when editing a LAG, but not when you are adding a LAG. The 8 Gbps 16-FC-ports, 10 GbE 8-Ethernet Port, and the 10 Gbps CEE/FC switch module support the following types of STP: •...

  • Page 428: Setting Spanning Tree Parameters For A Switch

    Setting Spanning Tree parameters for a switch You cannot configure Spanning Tree Protocol (STP) when adding a new LAG. STP can be configured only after the LAG has been added to the switch. NOTE The ports and the ports in a link aggregation group (LAG) for the selected switch must be in Layer 2 (L2) mode.

  • Page 429

    5. Configure the following Spanning Tree Protocol parameters: • Priority - The bridge priority. The value range is 0-61440 and the default value is 32768. The value must be in increments of 4096. • Mode - The spanning tree protocol mode. Options include Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP).

  • Page 430

    FIGURE 124 Spanning Tree Protocol dialog box, MSTP 6. Click OK. The CEE Confirmation and Status dialog box displays. Review the changes carefully before you accept them. 8. Click Start to apply the changes, or click Close to abort the operation. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 431: Stp Configurable Parameters At The Port Or Lag Level

    STP configurable parameters at the port or LAG level You cannot configure Spanning Tree Protocol (STP) when adding a new LAG. STP can be configured only after the LAG has been added to the switch. Figure 125 shows the Spanning Tree Protocol (STP) parameters that are configurable at the port or LAG level.

  • Page 432: X Authentication, Enabling 802.1x Authentication

    802.1x authentication 802.1x is a standard authentication protocol that defines a client-server-based access control and authentication protocol. 802.1x restricts unknown or unauthorized clients from connecting to a LAN through publicly accessible ports. NOTE 802.1x is not supported for internal ports. A switch must be enabled for 802.1x authentication before you configure its parameters.

  • Page 433: Disabling 802.1x, Setting 802.1x Parameters For A Switch

    Disabling 802.1x 1. Select Configure > Switch > CEE from the menu bar. The CEE Configuration dialog box displays, showing the status of all CEE-related hardware and functions. 2. Select a switch and click Edit. 3. Click the 802.1x tab on the Edit Switch dialog box. The 802.1x dialog box displays.

  • Page 434

    4. Click the Enable 802.1x check box to enable 802.1x authentication, and click OK. The 802.1x dialog box displays. FIGURE 126 802.1x dialog box 6. Configure the following 802.1x parameters: • Wait Period - The number of seconds the switch waits before sending an EAP request. The value range is 15 to 65535 seconds.

  • Page 435: Cee Switch Management Using Web Tools

    CEE switch management using Web Tools You can open Web Tools directly from the CEE Configuration dialog box and use the Element Man- ager to enable and manage the CEE switch. To launch a CEE switch’s Element Manager, complete the following steps. 1.

  • Page 436: Cee Switch Management Using Telnet, Virtual Fcoe Port Configuration

    CEE switch management using Telnet You can use Telnet to log in and issue command line-based commands to a CEE switch. To launch a Telnet session, complete the following steps: 1. Launch the CEE Configuration dialog box using one of the following methods: •...

  • Page 437: Viewing Virtual Fcoe Ports

    Viewing virtual FCoE ports Configuration of virtual FCoE ports requires installation of the FCoE license on the switch. 1. Select Configure > Switch > FCoE from the menu bar. The FCoE Configuration dialog box displays. 2. Select the Virtual FCoE Ports tab. The Virtual FCoE Ports tab displays.

  • Page 438: Clearing A Stale Entry

    Clearing a stale entry A stale entry is a device that logged in and logged off but, because a port went down after an FLOGI was received, the device failed to receive the message. The entry in the FCoE Connected Devices table becomes stale and you must clear it manually.

  • Page 439

    Chapter Fibre Channel over IP In this chapter • FCIP services licensing ......... 406 •...

  • Page 440: Fcip Services Licensing, Fcip Concepts, Ip Network Considerations

    FCIP services licensing Most of the FCIP extension services described in this chapter require the High Performance . FICON emulation features require additional licenses. Use the Extension over FCIP/FC license licenseShow command to verify the needed licenses are present on the hardware used on both ends the FCIP tunnel.

  • Page 441: Fcip Platforms And Supported Features

    FCIP platforms and supported features There are five Fabric OS platforms that support FCIP: • The 8 Gbps 16-FC ports, 6-Gbps ports extension switch. • The 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports blade (384-port Backbone Chassis, 192-port Backbone Chassis).

  • Page 442: Fcip Trunking

    The way FCIP tunnels and virtual ports map to the physical GbE ports depends on the switch or blade model. The 8 Gbps 16-FC ports, 6-Gbps ports extension switch and 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports blade tunnels are not tied to a specific GbE port, and may be assigned to any virtual port within the allowed range.

  • Page 443: Design For Redundancy And Fault Tolerance, Fcip Tunnel Restrictions For Fcp And Ficon Emulation Features

    IP Router IP Router 10.0.1.1 10.0.0.1 FCIP Circuits FCIP Circuits 10.0.0.2 10.0.1.2 10.0.0.3 10.0.1.3 10.0.0.4 10.0.1.4 FCIP Tunnel 10.0.0.5 10.0.1.5 FIGURE 129 FCIP tunnel and FCIP circuits Design for redundancy and fault tolerance Multiple FCIP tunnels can be defined between pairs of 8 Gbps extension switches and 8 Gbps extension blades, but doing so defeats the concept of a multiple circuit FCIP tunnel.

  • Page 444: Fcip Circuit Failover Capabilities

    • In a scenario where a FCIP tunnel has multiple circuits of different metrics the data will flow over the lower metric circuits unless a failover condition occurs, as described in “FCIP circuit failover capabilities”. • The maximum bandwidth for a single circuit is 1 Gbps. To utilize the entire bandwidth of an XGE (10GbE) port, you must create ten 1 Gbps circuits.

  • Page 445: Bandwidth Calculation During Failover, Adaptive Rate Limiting, Fspf Link Cost Calculation When Arl Is Used

    Bandwidth calculation during failover The bandwidth of higher metric circuits is not calculated as available bandwidth on an FCIP tunnel until all lowest metric circuits have failed. For example, assume the following: • Circuits 0 and 1 are created with a metric of 0. Circuit 0 is created with a maximum transmission rate of 1 Gbps, and Circuit 1 is created with a maximum transmission rate of 500 Mbps.

  • Page 446: Qos Sid/did Priorities Over An Fcip Trunk

    QoS SID/DID priorities over an FCIP trunk QoS SID/DID traffic prioritization is a capability of Brocade Fabric OS Adaptive Networking licensed feature. This feature allows you to prioritize FC traffic flows between hosts and targets. Four internal TCP connections provide internal circuits for managing QoS SID/DID priorities over an FCIP tunnel, as illustrated in Figure 132.

  • Page 447: Ipsec And Ike Implementation Over Fcip, Ipsec For The 4 Gbps Platforms

    IPsec and IKE implementation over FCIP Internet Protocol security (IPsec) uses cryptographic security to ensure private, secure communications over Internet Protocol networks. IPsec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. It helps secure your SAN against network-based attacks from untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network, data corruption, and data and user credential theft.

  • Page 448: Ipsec For The 8 Gbps Platforms

    The following limitations apply to using IPsec: • IPsec is not supported on 10GbE ports. • IPsec-specific statistics are not supported. • To change the configuration of a secure tunnel, you must delete the tunnel and recreate it. • There is no RAS message support for IPsec. •...

  • Page 449: Qos, Dscp, And Vlans, Dscp Quality Of Service, Vlans And Layer Two Quality Of Service

    QOS, DSCP, and VLANs Quality of Service (QoS) refers to policies for handling differences in data traffic. These policies are based on data characteristics and delivery requirements. For example, ordinary data traffic is tolerant of delays and dropped packets, but voice and video data are not. QoS policies provide a framework for accommodating these differences in data as it passes through a network.

  • Page 450

    TABLE 26 Default Mapping of DSCP priorities to L2Cos Priorities (Continued) DSCP priority/bits L2CoS priority/bits Assigned to: 11 / 001011 3 / 011 Medium QoS 15 / 001111 3 / 011 Medium QoS 19 / 010011 3 / 011 Medium QoS 23 / 010111 3 / 011 Medium QoS...

  • Page 451: Open Systems Tape Pipelining, Fcip Fastwrite And Tape Acceleration

    Open systems tape pipelining Open Systems Tape Pipelining (OSTP) can be used to enhance open systems SCSI tape write I/O performance. To implement OSTP over FCIP, you must enable the following two features: • FCIP Fastwrite and Tape Acceleration. • FC Fastwrite.

  • Page 452: Ficon Emulation Features, Xrc Emulation, Tape Write Pipelining, Tape Read Pipelining

    FICON emulation features FICON emulation supports FICON traffic over IP WANs using FCIP as the underlying protocol. FICON emulation features support performance enhancements for specific applications. If you are using FCIP for distance extension in a FICON environment, evaluate the need for these features before you run the FCIP configuration wizard.

  • Page 453: Fcip Configuration Guidelines, Virtual Port Types

    FCIP configuration guidelines FCIP configuration always involves two or more extension switches. The following should take place first before you configure a working FCIP connection from the Management application: • The WAN link should be provisioned and tested for integrity. •...

  • Page 454: Configuring An Fcip Tunnel

    Configuring an FCIP tunnel When you configure an FCIP extension connection, you create FCIP tunnels and FCIP circuits, between two extension switches. 1. Select Configure > FCIP Tunnels. The FCIP Tunnels dialog box is displayed (Figure 133). All discovered fabrics with extension switches are listed under devices.

  • Page 455

    3. Click the Add Tunnel button, or right-click on the switch and select Add Tunnel. The Add FCIP Tunnel dialog is displayed (Figure 134). The name of the switch you selected is displayed in the Switch field under Switch One Settings. This dialog allows you to configure settings for both switches on either end of the tunnel.

  • Page 456: Adding An Fcip Circuit

    Adding an FCIP circuit When adding a new FCIP tunnel, you can add an FCIP circuit by selecting the Add Circuit button on the Add FCIP Tunnel dialog box. Additional FCIP circuits can be added to existing FCIP tunnels by clicking Add Circuit from the Circuit tab, or by right-clicking on an existing tunnel and selecting Add Circuit.

  • Page 457

    The default is created from the IP address and Subnet Mask. If you want to create a route through a gateway router, click Create Non-Default Route, and select a Gateway address. 5. Enter the MTU Size. For SAN traffic, the largest possible MTU (Maximum Transmission Unit) size is generally the most efficient.

  • Page 458

    FIGURE 136 FCIP Circuit Advanced Settings Select the Selective Ack Off check box to disable or enable selective acknowledgement. Selective acknowledgement allows a receiver to acknowledge multiple lost packets with a single ACK response. This results in better performance and faster recovery time. Normally, selective acknowledgement should not be disabled.

  • Page 459: Configuring Fcip Tunnel Advanced Settings, Enabling And Disabling Compression

    Configuring FCIP tunnel advanced settings Compression, FCIP fast write and tape pipelining, IPSec and IKE policies, and FICON emulation features are configured as advanced settings. 1. Click Advanced Settings on the Add FCIP Tunnel dialog box. The Advanced Settings dialog box is displayed. This dialog box has a Transmission tab, Security tab, and FICON Emulation tab.

  • Page 460: Enabling Open Systems Tape Pipelining (ostp), Enabling Tperf Test Mode

    2. Select the desired compression mode. A Hardware compression option is available on all platforms. The 8 Gbps 16-FC ports, 6-Gbps ports extension switch and the 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade provide two additional, more aggressive options for compression. The Software Moderate option enables a combination of hardware and software compression that provides more compression that hardware compression alone.

  • Page 461: Configuring Ipsec And Ike Policies

    Configuring IPSec and IKE policies IPSec and IKE policies are configured from the Security tab. The screens and procedures are platform-dependent. Figure 138 shows the screen for the 4 Gbps Router, Extension Switch. Figure 138 shows the screen for the 8 Gbps 16-FC ports, 6-Gbit ports Extension Switch and 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade.

  • Page 462

    FIGURE 139 Advanced Settings Security Tab for the 8 Gbps extension switch and blade NOTE IPSec settings cannot be edited. If you want to change settings, you will need to delete the tunnel and then create a new tunnel with the new settings. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 463: Configuring Ficon Emulation

    Configuring FICON emulation FICON emulation and acceleration features and operating parameters are configured from the FICON Emulation tab (Figure 140). Before you configure these features you must decide which features you want to implement, and you must look closely at the operational parameters to determine if values other than the default values are better for your installation.

  • Page 464: Viewing Fcip Connection Properties

    FICON Tape Read Max Ops defines a maximum number of concurrent emulated tape read operations. The range is 1-32. FICON Tape Write Timer defines a time limit for pipelined write chains. This value is be specified in milliseconds (ms). If a pipelined write chain takes longer than this value to complete, the ending status for the next write chain will be withheld from the channel.

  • Page 465: Viewing General Fcip Properties

    Viewing General FCIP properties Take the following steps to view general FCIP properties. 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the Properties tab (Figure 142).

  • Page 466: Viewing Fcip Fc Port Properties

    Viewing FCIP FC port properties Take the following steps to view FCIP FC port properties. 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2.

  • Page 467: Viewing Fcip Ethernet Port Properties

    Viewing FCIP Ethernet port properties Take the following steps to view Ethernet port properties. 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2.

  • Page 468: Editing Fcip Tunnels

    Editing FCIP tunnels NOTE You cannot edit an active tunnel; disable the tunnel before making changes. 1. From the FCIP Tunnels dialog box, select the tunnel you want to edit. 2. Select Edit Tunnel. The Edit FCIP Tunnel dialog box displays (Figure 145).

  • Page 469: Editing Fcip Circuits

    Editing FCIP circuits FCIP circuit settings may be edited from the Edit FCIP Circuit dialog box. The procedure for launching this dialog box for the 4 Gbps Router, Extension Switch and Blade is different than the procedure for the 8 Gbps 16-FC ports, 6-Gbit ports Extension Switch and the 8 Gbps 12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade.

  • Page 470: Disabling Fcip Tunnels, Enabling Fcip Tunnels

    FIGURE 146 Edit FCIP Circuits dialog box 5. Fields and parameters are as described in “Adding an FCIP circuit”. You can edit all editable fields and parameters. Disabling FCIP tunnels 1. From the FCIP Tunnels dialog box, select the tunnel you want to disable. 2.

  • Page 471

    A confirmation dialog box displays. 3. Click OK to enable the tunnel. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 472: Deleting Fcip Tunnels, Disabling Fcip Circuits, Enabling Fcip Circuits, Deleting Fcip Circuits

    Deleting FCIP tunnels 1. From the FCIP Tunnels dialog box, right-click the tunnel you want to delete. 2. Select the Delete Tunnel button. A confirmation dialog box displays, warning you of the consequences of deleting a tunnel. 3. Click OK to delete the tunnel. Disabling FCIP circuits 1.

  • Page 473: Displaying Fcip Performance Graphs, Displaying Performance Graphs For Fc Ports

    Displaying FCIP performance graphs You can display peformance graphs by clicking the Performance button on the FCIP Tunnels dialog box. You can also display performance graphs from Properties, as described in the following sections. Displaying performance graphs for FC ports 1.

  • Page 474: Displaying Tunnel Properties From The Fcip Tunnels Dialog Box

    Displaying tunnel properties from the FCIP tunnels dialog box Tunnel properties can be displayed from the FCIP Tunnels dialog box. 1. Select a tunnel from the FCIP tunnels dialog box. 2. Select the Tunnel tab. Tunnel properties are displayed (Figure 147).

  • Page 475: Displaying Fcip Circuit Properties From The Fcip Tunnels Dialog Box

    Displaying FCIP circuit properties from the FCIP tunnels dialog box Tunnel properties can be displayed from the FCIP Tunnels dialog box using the following procedure. 1. Select a tunnel from the FCIP tunnels dialog box. 2. Select the Circuit tab. Circuit properties are displayed (Figure 148).

  • Page 476: Displaying Switch Properties From The Fcip Tunnels Dialog Box

    Displaying switch properties from the FCIP Tunnels dialog box Switch properties are displayed on the FCIP Tunnels dialog box when you select a switch (Figure 149). FIGURE 149 Switch properties on the FCIP Tunnels dialog box DCFM Professional Plus User Manual 53-1001774-01...

  • Page 477: Displaying Fabric Properties From The Fcip Tunnels Dialog Box

    Displaying fabric properties from the FCIP Tunnels dialog box Fabric properties are displayed on the FCIP Tunnels dialog box when you select a fabric. (Figure 150). FIGURE 150 Fabric properties on the FCIP Tunnels dialog box DCFM Professional Plus User Manual 53-1001774-01...

  • Page 478: Troubleshooting Fcip Ethernet Connections

    Troubleshooting FCIP Ethernet connections 1. Select an extension blade or switch from the Fabric Tree structure, or right-click an extension blade or switch on the Connectivity Map, and select Properties. 2. Select the GigE Ports tab. 3. Select the Ethernet port. 4.

  • Page 479: Devices That Support Fibre Channel Routing, In This Chapter

    Chapter FC-FC Routing Service Management In this chapter • Devices that support Fibre Channel routing ......445 •...

  • Page 480: Fibre Channel Routing Overview

    Fibre Channel routing overview Fibre Channel routing provides connectivity to devices in different fabrics without merging the fabrics. Using Fibre Channel routing, you can share tape drives across multiple fabrics without the administrative overhead, such as change management and network management, and scalability issues that might result from merging the fabrics.

  • Page 481: Guidelines For Setting Up Fc-fc Routing, Connecting Edge Fabrics To A Backbone Fabric

    VE_Port Edge fabric 2 IP cloud Edge fabric 1 Edge fabric 3 E_Port E_Port VEX_Port FC router EX_Port (2) = LSAN Backbone fabric FIGURE 151 A metaSAN with edge-to-edge and backbone fabrics Guidelines for setting up FC-FC routing The following are some general guidelines for setting up FC-FC routing: •...

  • Page 482

    1. Select the edge fabric you want to connect to an FC router from the Connectivity Map or Product List. 2. Right-click the edge fabric in the Connectivity Map or Product List and select Router Configuration. The Router Configuration-Connect Edge Fabric dialog box is displayed (Figure 152).

  • Page 483: Configuring Routing Domain Ids

    a. Select the port to be configured as an EX_Port. b. Ensure the backbone fabric ID of the switch is the same as that of other FC routers in the backbone fabric. The backbone fabric ID is the fabric ID that was selected in the Router Configuration-Connect Edge Fabric dialog box.

  • Page 484

    You may need to scroll right or drag the dialog box open further to see the Domain ID column. 5. Click OK. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 485

    Chapter Encryption configuration In this chapter • Encryption Center features ........452 •...

  • Page 486: Encryption Center Features

    Encryption Center features The Encryption Center dialog box (Figure 154) is the single launching point for all encryption-related configuration in the Management application. It also provides a table that shows the general status of all encryption-related hardware and functions at a glance. FIGURE 154 Encryption Center dialog box Beginning with Fabric OS version 6.4, the Encryption Center is dynamically updated to reflect the...

  • Page 487: Encryption User Privileges

    Encryption user privileges In the Management application, resource groups are assigned privileges, roles, and fabrics. Privileges are not directly assigned to users; users get privileges because they belong to a role in a resource group. A user can only belong to one resource group at a time. The Management application provides three pre-configured roles: •...

  • Page 488: Smart Card Usage

    Smart card usage Smart Cards are credit card-sized cards that contain a CPU and persistent memory. Smart cards can be used as security devices. You must have Storage Encryption Security user privileges to activate, register, and configure smart cards. Smart cards can be used to do the following: •...

  • Page 489: Registering Authentication Cards From A Card Reader

    Registering authentication cards from a card reader When authentication cards are used, one or more authentication cards must be read by a card reader attached to a Management application PC to enable certain security sensitive operations. These include the following: •...

  • Page 490: Registering Authentication Cards From The Database, De-registering An Authentication Card, Using Authentication Cards

    Registering authentication cards from the database Smart cards that are already in the Management program’s database can be registered as authentication cards. 1. From the Register Authentication Cards dialog box, select Register from Archive. The Authentication Cards dialog box displays, showing a list of smart cards in the database. 2.

  • Page 491

    1. When the Authenticate dialog box is displayed, gather the number of cards needed, as directed by instructions on the dialog box. The currently registered cards and the assigned owners are listed in the table near the bottom of the dialog box. 2.

  • Page 492: Enabling Or Disabling The System Card Requirement, Registering System Cards From A Card Reader

    Enabling or disabling the system card requirement If you want to use a system card to control activation of an encryption engine on a switch, you must enable the system card requirement. You can use the following procedure to enable or disable the system card requirement.

  • Page 493: Tracking Smart Cards

    3. A confirmation dialog box is displayed. Click OK to confirm de-registration. The card is removed to the Registered System Cards table. Tracking smart cards Use the Smart Card Tracking dialog box to track smart card details. 1. From the Encryption Center, select Smart Card > Smart Card Tracking. The Smart Card Tracking dialog box displays (Figure 155).

  • Page 494: Editing Smart Cards

    Editing smart cards Use the Edit Smart Card dialog box to edit smart card details. 1. From the Encryption Center, select Smart Card > Edit Smart Card. The Edit Smart Card dialog box displays(Figure 156). FIGURE 156 Edit Smart Card dialog box 2.

  • Page 495: Network Connections, Configuring Blade Processor Links

    Network connections Before you use the encryption setup wizard for the first time, you must have the following required network connections: • The management ports on all encryption switches and 384-port Backbone Chassis CPs that have encryption blades installed must have a LAN connection to the SAN management program, and must be available for discovery.

  • Page 496: Encryption Node Initialization And Certificate Generation

    Encryption node initialization and certificate generation When an encryption node is initialized, the following security parameters and certificates are generated: • FIPS crypto officer • FIPS user • Node CP certificate • A self-signed Key authentication center KAC) certificate • A Key authentication center KAC) signing request (CSR) From the standpoint of external SAN management application operations, the FIPS crypto officer,...

  • Page 497: Supported Encryption Key Manager Appliances

    Supported encryption key manager appliances As stated under “Network connections”, a supported key management appliance must be connected on the same LAN as the management port of the encryption switches or of the Backbone Chassis Control Processors (CPs) in the case of the encryption blade. Secure communication between encryption nodes in an encryption group, and between encryption nodes and key manager appliances requires an exchange of certificates that are used for mutual authentication.

  • Page 498: Steps For Connecting To An Rkm Appliance, Exporting The Kac Certificate Signing Request (csr)

    Steps for connecting to an RKM appliance All switches you plan to include in an encryption group must have a secure connection to the RSA Key Manager (RKM). The following is a suggested order for the steps needed to create a secure connection to RKM: 3.

  • Page 499: Importing The Signed Kac Certificate, Uploading The Kac And Ca Certificates Onto The Rkm Appliance

    4. Download and store the signed certificates. The following example submits a CSR to the demoCA from RSA. cd /opt/CA/demoCA openssl x509 -req -sha1 -CAcreateserial -in certs/KACcsr kac_RKM_cert.pem -days 365 -CA ca Importing the signed KAC certificate After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported into the switch.

  • Page 500: Rkm Key Vault High Availability Deployment

    kcn.1998-01.com.brocade:DEK_AES_256_ECB a. Click Create. b. Type the key name string into the Name field. Select Hardware Retail Group for Identity Group. d. Deselect Activated Keys Have Duration. e. Select AES for Algorithm. Select 256 for Key Size. Select the Mode for the respective key classes as follows: XTS for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_XTS"...

  • Page 501: Steps For Connecting To An Lkm Appliance, The Netapp Datafort Management Console

    Steps for connecting to an LKM appliance The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network appliance. The encryption engine and LKM appliance communicate over a trusted link. A trusted link is a secure connection established between the Encryption switch or blade and the NetApp LKM appliance, using a shared secret called a link key.

  • Page 502: Establishing The Trusted Link

    Establishing the trusted link You must generate the trusted link establishment package (TEP) on all nodes to obtain a trusted acceptance package (TAP) before you can establish a trusted link between each node and the NetApp LKM appliance. 1. From the Encryption Center, select Group > Link Keys. The switch name displays in the link status table under Switch, with a Link Key Status of Link Key requested, pending LKM approval.

  • Page 503: Obtaining And Importing The Lkm Certificate

    Obtaining and importing the LKM certificate Certificates must be exchanged between LKM and the encryption switch to enable mutual authentication. You must obtain a certificate from LKM, and import it into the encryption group leader. The encryption group leader exports the certificate to other encryption group members. To obtain and import an LKM certificate, do the following.

  • Page 504: Exporting And Registering The Switch Kac Certificates On Lkm, Lkm Key Vault High Availability Deployment

    Exporting and registering the switch KAC certificates on LKM The encryption switch self-signed KAC certificates must exported and then registered on the LKM appliance. 1. From the Encryption Center, select Switch > Export Certificate. The Export Switch Certificate dialog box displays. 2.

  • Page 505: Tape Lun And Df -compatible Tape Pool Support, Lkm Key Vault Deregistration

    Tape LUN and DF -compatible tape pool support • DEK Creation - The DEK is created and archived to the primary LKM only. Upon successful archival of the DEK to the primary LKM, the DEK can be used for encryption of a Tape LUN or DF-Compatible tape pool.

  • Page 506: Steps For Connecting To An Skm Appliance

    Steps for connecting to an SKM appliance The SKM management web console can be accessed from any web browser with Internet access to the SKM appliance. The URL for the appliance is as follows: https://<appliance hostname>:<appliance port number> Where: is the hostname or IP address when installing the SKM appliance. <appliance hostname>...

  • Page 507: Configuring A Brocade Group On Skm

    Configuring a Brocade group on SKM A Brocade group is configured on SKM for all keys created by Brocade encryption switches and blades. This needs to be done only once for each key vault. 1. Login to the SKM management web console using the admin password. 2.

  • Page 508: Registering The Skm Brocade Group User Name And Password

    Registering the SKM Brocade group user name and password The Brocade group user name and password you created when configuring a Brocade group on SKM must also be registered on each Brocade encryption node. 1. From the Encryption Center, select Key Vault Credentials. 2.

  • Page 509: Setting Up The Local Certificate Authority (ca) On Skm

    Setting up the local Certificate Authority (CA) on SKM To create and install a local CA, perform the following steps: 1. Login to the SKM management web console using the admin password. 2. Select the Security tab. 3. Under Certificates & CAs, click Local CAs. 4.

  • Page 510: Downloading The Local Ca Certificate From Skm, Creating And Installing The Skm Server Certificate

    In the Trusted Certificate Authority List, click Edit. 8. From the list of Available CAs in the right panel, select the CA you just created. Repeat these steps any time another local CA is needed. Downloading the local CA certificate from SKM The local CA certificate you created using the procedure for “Setting up the local Certificate Authority (CA) on SKM”...

  • Page 511: Enabling Ssl On The Key Management System (kms) Server

    11. Enter the required data in the Sign Certificate Request section of the window. Select the CA name from the Sign with Certificate Authority drop down box. Select Server as the Certificate Purpose. Enter the number of days before the certificate must be renewed based on your site's security policies.

  • Page 512: Creating An Skm High Availability Cluster

    Creating an SKM High Availability cluster The HP SKM key vault supports clustering of HP SKM appliances for high availability. If two SKM key vaults are configured, they must be clustered. If only a single SKM appliance is configured, it may be clustered for backup purposes, but the backup appliance will not be directly used by the switch.

  • Page 513: Adding Skm Appliances To The Cluster

    Adding SKM appliances to the cluster If you are adding an appliance to an existing cluster, select the Cluster Settings section of the window, click Download Cluster Key and save the key to a convenient location, such as your computer's desktop. To add SKM appliances to the cluster you are creating, you will need the original cluster member’s local IP address, local port number, and the location of the cluster key you downloaded, as specified in...

  • Page 514: Signing The Brocade Encryption Node Kac Certificates, Importing A Signed Kac Certificate Into A Switch

    Signing the Brocade encryption node KAC certificates The KAC certificate signing request generated when the encryption node is initialized must be exported for each encryption node and signed by the Brocade local CA on SKM. The signed certificate must then be imported back into the encryption node. 1.

  • Page 515: Steps For Connecting To A Tems Appliance, Setting Up Tems Network Connections

    Steps for connecting to a TEMS appliance TEMS provides a web user interface for management of clients, keys, admins, and configuration parameters. A Thales officer creates domains, groups, and managers (a type of administrator), assigns groups to domains and assigns managers to manage groups. Managers are responsible for creating clients and passwords for the groups they manage.

  • Page 516: Creating A Client On Tems

    2. Enter the management IP address information under Management Interface. 3. Enter the client IP address information under KM Server Interface. 4. Enter a host name for the appliance, internet or intranet domain, and, if used, the primary and secondary DNS IP address under Common Settings. 5.

  • Page 517

    FIGURE 160 TEMS Clients tab Click the Add Client tab. 8. Paste or type in the user name from step 4 in the Name field. 9. Enter a password in the Password and Verify Password fields. 10. Select the group brocade from the group pull down menu. 11.

  • Page 518: Establishing Tems Key Vault Credentials On The Switch

    Establishing TEMS key vault credentials on the switch The credentials established for the TEMS client must be presented to TEMS by the switch. 1. From the Encryption Center, select Switch > Key Vault Credentials. The Key Vault Credentials dialog box displays (Figure 161).

  • Page 519: Gathering Information

    Gathering information Before you use the encryption setup wizard for the first time, you should also have a detailed configuration plan in place and available for reference. The encryption setup wizard assumes the following: • You have a plan in place to organize encryption devices into encryption groups. •...

  • Page 520: Creating A New Encryption Group

    Creating a new encryption group The following steps describe how to start and run the encryption setup wizard, and then create a new encryption group. NOTE When a new encryption group is created, any existing tape pools in the switch are removed. 1.

  • Page 521

    4. Click Next. Create a new encryption Group is pre-selected. This is the correct selection for creating a new group. FIGURE 163 Designate Switch Membership dialog box 5. Enter an Encryption Group Name for the encryption group (the maximum length of the group name is 15 characters;...

  • Page 522

    FIGURE 164 Select Key Vault dialog box Select the Key Vault Type. The choices are the following: RSA Key Manager (RKM) NetApp Link Key Manager (LKM) HP Secure Key Manager (SKM) Thales Encryption Manager for Storage (TEMS) Tivoli Key Lifetime Manager (TKLM) Different options are available depending on which key vault type you choose.

  • Page 523

    When you select RKM, the options are a shown in Figure 165. a. Enter the IP address or host name for the primary key vault. If you are clustering RKM appliances for high availability, IP load balancers are used to direct traffic to the appliances.

  • Page 524

    When you select LKM, the options are as shown in Figure 166. a. Enter the IP address or host name for the primary key vault. b. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the location by clicking the Browse button.

  • Page 525

    When you select SKM, the options are as shown in Figure 167. a. Enter the IP address or host name for the primary key vault. b. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the location by clicking the Browse button.

  • Page 526

    When you select TEMS, the options are as shown in Figure 168. a. Enter the IP address or host name for the primary key vault. b. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the location by clicking the Browse button.

  • Page 527

    When you select TKLM, the options are as shown in Figure 169. a. Enter the IP address or host name for the primary key vault. b. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the location by clicking the Browse button.

  • Page 528

    FIGURE 170 Specify Public Key Certificate filename dialog box 8. Specify the name of the file where you want to store the public key certificate that is used to authenticate connections to the key vault, and click Next. The certificate stored in this file is the switch’s public key certificate. You will need to know this path and file name to install the switch’s public key certificate on the key management appliance.

  • Page 529

    FIGURE 171 Specify Master Key File Name dialog box 10. Enter a file name, or browse to the desired location. 11. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 12.

  • Page 530

    13. Click Next. The Confirm Configuration panel displays the encryption group name and switch public key certificate file name you specified, shown in Figure 172. FIGURE 172 Confirm Configuration dialog box 14. Click Next to confirm the displayed information. The Configuration Status displays, as shown in Figure 173.

  • Page 531

    FIGURE 173 Configuration Status dialog box The Management application sends API commands to verify the switch configuration. The CLI commands are detailed in the Fabric OS Encryption Administrator’s Guide, “Key vault configuration.” • Initialize the switch If the switch is not already in the initiated state, the Management application performs the command.

  • Page 532

    • Create a new master key The Management application checks for a new master key. New master keys are generated from the Encryption Group Properties dialog box, Security tab. See “Creating a new master key” on page 531 for more information. •...

  • Page 533: Adding A Switch To An Encryption Group

    Adding a switch to an encryption group The setup wizard allows you to either create a new encryption group, or add an encryption switch to an existing encryption group. Use the following procedure to add a switch to an encryption group. 1.

  • Page 534

    FIGURE 175 Add Switch to Existing Encryption Group dialog box 5. Select the group to which you want to add the switch, and click Next. The Specify Public Key Certificate Filename panel displays. FIGURE 176 Add switch to an encryption group - Specify Public Key Certificate filename dialog box 6.

  • Page 535

    FIGURE 177 Add switch to an encryption group - Confirm Configuration dialog box Click Next to confirm the displayed information. The Configuration Status displays. • A progress indicator shows that a configuration step is in progress. A green check mark indicates successful completion of all steps for that Configuration Item.

  • Page 536: Replacing An Encryption Engine In An Encryption Group

    8. Note Important Next Steps! below this message, and click Next. Instructions for installing public key certificates for the encryption switch are displayed. These instructions are specific to the key vault type. Copy or print these instructions. FIGURE 179 Add switch to an encryption group - Next Steps dialog box 9.

  • Page 537: Creating High Availability (ha) Clusters

    FIGURE 180 Engine Operations tab 2. Select the engine you want to replace in the Engine list. 3. Select the engine you want to use as the replacement in the Replacement list. 4. Click Replace. All containers hosted by the current engine (Engine list) are replaced by the new engine (Replacement list).

  • Page 538: Removing Engines From An Ha Cluster

    4. Select an available encryption engine, and a destination HA cluster under High-Availability Clusters. Select New HA Cluster if you are creating a new cluster. 5. Click the right arrow to add the encryption engine to the selected HA cluster. FIGURE 181 HA Clusters tab NOTE...

  • Page 539: Swapping Engines In An Ha Cluster, Failback Option, Invoking Failback

    Swapping engines in an HA cluster Swapping engines is useful when replacing hardware. Swapping engines is different from removing an engine and adding another because when you swap engines, the configured targets on the former HA cluster member are moved to the new HA cluster member. To swap engines, select one engine from the right tree (see Figure 181) and one unclustered...

  • Page 540: Adding Encryption Targets

    Adding encryption targets Adding an encryption target maps storage devices and hosts to virtual targets and virtual initiators within the encryption switch. NOTE It is recommended that you zone the host and target together before configuring them for encryption. If the host and target are not already zoned, you can still configure them for encryption, but afterward you will need to zone the host and target together, and then click the Commit button to commit the changes.

  • Page 541

    5. Click Next to begin. The Select Encryption Engine dialog box displays. The list of engines depends on the scope being viewed. • If the Targets dialog box is showing all targets in an encryption group, the list includes all engines in the group.

  • Page 542

    6. Select the encryption engine (blade or switch) you want to configure, and click Next. The Select Target panel displays. This panel lists all target ports and target nodes in the same fabric as the encryption engine. The Select Target list does not show targets that are already configured in an encryption group.

  • Page 543

    Click Next. The Select Hosts panel displays. This panel lists all hosts in the same fabric as the encryption engine. There are two available methods for selecting hosts: select from a list of known hosts or manually enter the port and node world wide names. FIGURE 185 Select Hosts dialog box a.

  • Page 544

    FIGURE 186 Name Container dialog box 10. Click Next. The Confirmation panel displays. FIGURE 187 Confirmation dialog box DCFM Professional Plus User Manual 53-1001774-01...

  • Page 545

    11. Click Next to confirm the displayed information. The Configuration Status displays the target and host that are configured in the target container, as well as the virtual targets (VT) and virtual initiators (VI). NOTE If you can view the VI/VT Port WWNs and VI/VT Node WWNs, the container has been successfully added to the switch.

  • Page 546

    13. Click Next to confirm the configuration. The Important Instructions dialog box displays. FIGURE 189 Important Instructions dialog box 14. Review the instructions about post-configuration tasks you must complete after you close the wizard. 15. Click Finish to exit the Configure Storage Encryption wizard. DCFM Professional Plus User Manual 53-1001774-01...

  • Page 547: Configuring Hosts For Encryption Targets

    Configuring hosts for encryption targets Use the Encryption Target Hosts dialog box to edit (add or remove) hosts for an encrypted target. NOTE Hosts are normally selected as part of the Configure Storage Encryption wizard but you can also edit hosts later using the Encryption Target Hosts dialog box.

  • Page 548: Adding Target Disk Luns For Encryption

    Adding target disk LUNs for encryption You can add a new path to an existing disk LUN or add a new LUN and path by launching the Add New Path wizard. Take the following steps to launch the Add New Path wizard. 1.

  • Page 549

    The Select Initiator Port dialog box displays. 6. Select the initiator port from the Initiator Port list. Click Next. LUN discovery is launched, and a progress bar displays. There are four possible outcomes: A message displays indicating No LUNs are discovered. Click OK to dismiss the message and exit the wizard.

  • Page 550: Remote Replication Luns, Srdf Pairs

    Remote replication LUNs The Symmetrix Remote Data Facility (SRDF) transmits data that is being written to a local Symmetrix array to a remote symmetrix array. The replicated data facilitates a fast switchover to the remote site for data recovery. SRDF supports the following methods of data replication: •...

  • Page 551: Metadata Requirements And Remote Replication

    FIGURE 194 Basic SRDF configuration with Brocade encryption switches Metadata requirements and remote replication When the metadata and key ID are written, the primary metadata on blocks 1 to 16 is compressed and encrypted. However, there are scenarios where these blocks are not compressible, and the metadata is not written to the media.

  • Page 552

    • The New LUN option is used only if an RKM key vault is configured for the encryption group. • The New LUN option can be used only if replication is enabled for the encryption group. • If the local LUN contains host data, configuring it with the New LUN option would cause the data on the last 3 blocks of the LUN to be lost.

  • Page 553: Adding Target Tape Luns For Encryption

    Adding Target Tape LUNs for encryption You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the encryption property on the Crypto LUN. You must add LUNs manually. After you add the LUNs, you must specify the encryption settings. When configuring a LUN with multiple paths, the same LUN policies must be configured on all the LUN’s paths.

  • Page 554: Configuring Encrypted Tape Storage In A Multi-path Environment

    8. Select the desired encryption mode. • If you change a LUN policy from Native Encryption or DF-Compatible Encryption to Clear Text, you disable encryption. • The LUNs of the target which are not enabled for encryption must still be added to the CryptoTarget container with the Clear Text encryption mode option.

  • Page 555: Re-balancing The Encryption Engine

    9. Select target port B, click LUNs, then click Add. Select the LUNs to be encrypted and the encryption policies for the LUNs, making sure that the encryption policies match the policies specified in the other path. 10. Click Commit to make the LUN configuration changes effective in both paths simultaneously. The Management application does not automatically commit LUN configuration changes.

  • Page 556: Master Keys, Active Master Key, Alternate Master Key

    To rebalance an encryption engine, do the following. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption engine and select Engine > Re-Balance from the menu bar, or right click on the encryption engine, and select Re-Balance.

  • Page 557: Master Key Actions, Reasons Master Keys Can Be Disabled

    Master key actions Master key actions are as follows: • Backup master key, which is enabled any time a master key exists. • Restore master key, which is enabled when no master key exists or the previous master key has been backed up. •...

  • Page 558

    4. Select Backup Master Key as the Master Key Action. The Master Key Backup dialog box displays, but only if the master key has already been generated. FIGURE 195 Backup Destination (to file) dialog box 5. Select File as the Backup Destination. 6.

  • Page 559: Saving A Master Key To A Key Vault

    Saving a master key to a key vault Use the following procedure to save the master key to a key vault. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3.

  • Page 560: Saving A Master Key To A Smart Card Set

    Saving a master key to a smart card set A card reader must be attached to the SAN Management application PC to complete this procedure. Recovery cards can only be written once to back up a single master key. Each master key backup operation requires a new set of previously unused smart cards.

  • Page 561

    FIGURE 197 Backup Destination (to smart cards) dialog box 5. Select A Recovery Set of Smart Cards as the Backup Destination. 6. Enter the recovery card set size. Insert the first blank card and wait for the card serial number to appear. 8.

  • Page 562: Restoring A Master Key From A File

    Restoring a master key from a file Use the following procedure to restore the master key from a file. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3.

  • Page 563: Restoring A Master Key From A Key Vault

    Restoring a master key from a key vault Use the following procedure to restore the master key from a key vault. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group from the tree, and click Properties. 3.

  • Page 564: Restoring A Master Key From A Smart Card Set

    Restoring a master key from a smart card set A card reader must be attached to the SAN Management application PC to complete this procedure. Use the following procedure to restore the master key from a set of smart cards. 1.

  • Page 565: Creating A New Master Key

    10. Insert the next card, and repeat step 8 step 11. Continue until all the cards in the set have been read. 12. Click OK. Creating a new master key Though it is generally not necessary to create a new master key, you may be required to create one due to circumstances such as the following: •...

  • Page 566: Zeroizing An Encryption Engine

    Zeroizing an encryption engine Zeroizing is the process of erasing all data encryption keys and other sensitive encryption information in an encryption engine. You can zeroize an encryption engine manually to protect encryption keys. No data is lost because the data encryption keys for the encryption targets are stored in the key vault.

  • Page 567: Encryption Targets Dialog Box

    A confirmation dialog box describing consequences and actions required to recover launches. 4. Click YES to zeroize the encryption engine. Encryption Targets dialog box The Encryption Targets dialog box enables you to send outbound data that you want to store as ciphertext to an encryption device.

  • Page 568

    FIGURE 202 Encryption Targets dialog box TABLE 29 Feature Description Add button Launches the Storage Encryption Setup Wizard, which enables you to configure a new target for encryption. It is the first step in configuring encryption for a storage device. It is recommended that you zone the host and target together before you add container information.

  • Page 569: Redirection Zones

    TABLE 29 Feature Description Hosts button Launches the Encryption Target Hosts dialog box, where you can configure hosts to access the selected encryption target. LUNs button Launches the Encryption Target LUNs dialog box, where you can display existing LUNs and add new LUNs. The button is enabled only if there are hosts associated with the targets.

  • Page 570: Disk Device Decommissioning, Decommissioning Luns

    Disk device decommissioning A disk device needs to be decommissioned when any of the following occur: • The storage lease expires for an array, and devices must be returned or exchanged. • Storage is reprovisioned for movement between departments. • An array or device is removed from service.

  • Page 571: Displaying And Deleting Decommissioned Key Ids, Viewing And Editing Switch Encryption Properties

    Displaying and deleting decommissioned key IDs When disk LUNs are decommissioned, the process includes the disabling of the key record in the key vault and indicating that the key has been decommissioned. These decommissioned keys are still stored on the switch. You can display them, copy them, and delete them as an additional security measure.

  • Page 572

    FIGURE 203 Encryption Properties dialog box • Switch Properties table - the properties associated with the selected switch. • Name - the name of the selected switch. • Node WWN - the world wide name of the node. • Switch Status - the health status of the switch. Possible values are Healthy, Marginal, Down, Unknown, Unmonitored, and Unreachable.

  • Page 573

    • Domain ID - the domain ID of the selected switch. • Firmware Version - the current encryption firmware on the switch. • Primary Key Vault Link Key Status - the possible statuses are as follows: Not Used – the key vault type is not LKM. No Link Key –...

  • Page 574: Properties, Importing A Signed Public Key Certificate From Properties

    • HA Cluster Name - the name of the HA cluster (for example, Cluster1), if in an HA configuration. The name can have a maximum of 31 characters. Only letters, digits, and underscores are allowed. • Media Type - the media type of the encryption engine. Possible values are Disk and Tape. •...

  • Page 575: Disabling The Encryption Engine State From Properties

    1. Find the Set State To entry under Encryption Engine Properties. 2. Click the field and select Enabled. 3. Click OK. Disabling the encryption engine state from Properties To disable the encryption engine, complete the following steps. 1. Find the Set State To entry under Encryption Engine Properties. 2.

  • Page 576: Viewing And Editing Group Properties

    Viewing and editing group properties To view encryption group properties, complete the following steps. 1. Select Configure > Encryption. The Encryption Center dialog box displays. 2. If groups are not visible in the Encryption Devices table, select View > Groups from the menu bar.

  • Page 577: General Tab, Members Tab

    General tab The properties displayed in the General tab are described below. • Encryption group name - the name of the encryption group. • Group status - the status of the encryption group, which can be OK-Converged or Degraded. Degraded means the group leader cannot contact all of the configured group members. •...

  • Page 578: Consequences Of Removing An Encryption Switch

    Members tab Remove button You can click the Remove button to remove a selected switch or an encryption group from the encryption group table. • You cannot remove the group leader unless it is the only switch in the group. If you remove the group leader, the Management application also removes the HA cluster, the target container, and the tape pool (if configured) that are associated with the switch.

  • Page 579

    FIGURE 205 Removal of switch warning Figure 206 shows the warning message that displays if you click Remove to remove an encryption group. FIGURE 206 Removal of switch in encryption group warning DCFM Professional Plus User Manual 53-1001774-01...

  • Page 580: Security Tab

    Security tab The Security tab (Figure 207) displays the status of the master key for the encryption group. NOTE You must enable encryption engines before you back up or restore master keys. Master key actions are as follows: • Create a new master key, which is enabled when no master key exists or the previous master key has been backed up.

  • Page 581: Ha Clusters Tab, Engine Operations Tab

    HA Clusters tab HA clusters are groups of encryption engines that provide high availability features. If one of the engines in the group fails or becomes unreachable, the other cluster member takes over the encryption and decryption tasks of the failed encryption engine. An HA cluster consists of exactly two encryption engines.

  • Page 582: Link Keys Tab

    Link Keys tab Connections between a switch and an NetApp LKM key vault require a shared link key. Link keys are used only with LKM key vaults. They are used to protect data encryption keys in transit to and from the key vault. There is a separate link key for each key vault for each switch. The link keys are configured for a switch but are stored in the encryption engines, and all the encryption engines in a group share the same link keys.

  • Page 583: Tape Pools Tab

    Tape Pools tab Tape pools are managed from the Tape Pools tab. Figure 209 displays the tape pools tab. FIGURE 209 Encryption Group Properties - Tape Pools tab • If you want to remove a tape pool, select one or more tape pools in the list and click Remove. •...

  • Page 584

    Adding tape pools A tape pool can be identified by either a name or a number, but not both. Tape pool names and numbers must be unique within the encryption group. When a new encryption group is created, any existing tape pools in the switch are removed and must be added. 1.

  • Page 585: Encryption-related Acronyms In Log Messages

    6. Select the Encryption Mode. Choices include Clear Text, DF-Compatible Encryption, and Native Encryption. DF-Compatible Encryption is valid only when LKM is the key vault. The Key Lifespan (days) field is editable only if the tape pool is encrypted. If Clear Text is selected as the encryption mode, the key lifespan is disabled.

  • Page 586

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 587: Virtual Fabrics Overview, In This Chapter, Terminology

    Chapter Virtual Fabrics In this chapter • Virtual Fabrics overview ........553 •...

  • Page 588: Virtual Fabrics Requirements

    TABLE 32 Virtual Fabrics terms Term Definition Physical chassis The physical switch or chassis from which you create logical switches and fabrics. Logical switch A collection of zero or more ports that act as a single Fibre Channel (FC) switch. When Virtual Fabrics is enabled on the chassis, there is always at least one logical switch: the default logical switch.

  • Page 589: Configuring Virtual Fabrics

    Table 33 lists the Virtual Fabric-capable physical chassis and the number of logical switches allowed for each of those physical chassis. TABLE 33 Maximum number of logical switches per chassis Physical chassis Number of logical switches allowed 40-port, 8 Gbps FC Switch 80-port, 8 Gbps FC Switch 384-port Backbone Chassis 192-port Backbone Chassis...

  • Page 590: Enabling Virtual Fabrics On A Discovered Device

    This procedure describes the general steps you take to enable the Virtual Fabrics feature and configure logical fabrics. The logical fabrics in this example span multiple physical chassis, and the logical switches in each fabric communicate using an XISL in the base fabric. 1.

  • Page 591: Disabling Virtual Fabrics On A Discovered Device, Creating A Logical Switch Or Base Switch

    1. Right-click the physical chassis in the topology and select Enable Virtual Fabric. For a list of physical chassis that are Virtual Fabrics-capable, refer to “Virtual Fabrics requirements” on page 554. 2. Click OK on the warning message. Note that all ports are placed in the default logical switch and any EX_ports are persistently disabled.

  • Page 592

    This assigns the new logical switch to a logical fabric. If the logical fabric does not exist, this creates a new logical fabric as well as assigning the new logical switch. (Optional) Clear the Base Fabric for Transport check box to configure the switch to not use XISLs.

  • Page 593: Finding The Physical Chassis For A Logical Switch

    The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box. NOTE Ports are disabled before moving from one logical switch to another. 19. Select the Re-Enable ports after moving them check box. 20.

  • Page 594: Removing Ports From A Logical Switch

    1. Select a switch on the Product List or Connectivity Map and select Configure > Logical Switches. The Logical Switches dialog box displays. 2. Select the physical chassis from which you want to assign ports in the Chassis list. 3. Select the ports you want to include in the logical switch from the Ports table. 4.

  • Page 595: Deleting A Logical Switch

    (Optional) Perform the following steps to assign the ports to a logical switch other than the default logical switch: a. Select the destination logical switch in the Existing Logical Switches table. b. Click the right arrow button. The ports display in the selected logical switch node in the Existing Logical Switches table. 8.

  • Page 596: Configuring Fabric-wide Parameters For A Logical Fabric

    NOTE Most changes to logical switches will disrupt data traffic in the fabric. The status of each change is displayed in the Status column and Status area in the dialog box. 9. When the changes are complete, click Close. Configuring fabric-wide parameters for a logical fabric When you create a logical switch, you must assign it to a fabric and configure fabric-wide parameters.

  • Page 597: Applying Logical Fabric Settings To All Associated Logical Switches

    All of the logical fabric templates have the same name, “NewFabric”. You can differentiate among the templates by the FID number. You can now create logical switches using the fabric-wide settings in the logical fabric template. To assign logical switches, refer to “Creating a logical switch or base switch”...

  • Page 598: Changing A Logical Switch To A Base Switch

    1. Select a switch on the Product List or Connectivity Map and select Configure > Logical Switches. The Logical Switches dialog box displays. 2. Right-click anywhere in the Existing Logical Switches table and select Table > Expand All. 3. Select the logical switch you want to move to another logical fabric. 4.

  • Page 599

    3. Select the logical switch you want to change to a base switch. 4. Click Edit. The Edit Properties dialog box displays. 5. Clear the Base Fabric for Transport check box. This check box is applicable only to logical switches that are not base switches. 6.

  • Page 600

    DCFM Professional Plus User Manual 53-1001774-01...

  • Page 601: Zoning Overview, In This Chapter, Types Of Zones

    Chapter Zoning In this chapter • Zoning overview ..........567 •...

  • Page 602: Online Zoning, Offline Zoning

    • QoS zones Assign high or low priority to designated traffic flows. Quality of Service (QoS