HP STORAGEWORKS XP24000 User Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Storage
  5. STORAGEWORKS XP24000
  6. User manual
HP STORAGEWORKS XP24000 User Manual

HP STORAGEWORKS XP24000 User Manual

Volume security disk array
Hide thumbs Also See for STORAGEWORKS XP24000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, User Manual
HP StorageWorks
XP24000/XP20000 Volume Security User's
Guide
Abstract
This document describes and provides instructions for configuring and performing Volume Security operations
on the HP storage system.
Part number: T5214-96074
Sixth edition: June 2009

Advertisement

Table of Contents
loading

Related Manuals for HP STORAGEWORKS XP24000

Summary of Contents for HP STORAGEWORKS XP24000

  • Page 1 HP StorageWorks XP24000/XP20000 Volume Security User's Guide Abstract This document describes and provides instructions for configuring and performing Volume Security operations on the HP storage system. Part number: T5214-96074 Sixth edition: June 2009...
  • Page 2 U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents 1 Overview of Volume Security ... 7 Overview ... 7 Terminology ... 7 2 About Volume Security Operations ... 9 Overview of Volume Security Functions ... 9 Protecting Volumes from I/O Operations at Mainframe Hosts ... 9 Enabling Only the Specified Hosts to Access Volumes ... 9 Port-Level Security ...
  • Page 4 Renaming LDEV Groups ... 66 Deleting LDEV Groups ... 67 5 Troubleshooting ... 69 Troubleshooting Volume Security ... 69 Calling HP Technical Support ... 69 6 Support and Other Resources ... 71 Related Documentation ... 71 Conventions for Storage Capacity Values ... 71 HP Technical Support ...
  • Page 5 Figures Security Example 1 ... 10 Security Example 2 ... 11 Security Example 3 ... 12 The Volume Security Window ... 16 Security Group Tree ... 17 Hosts Table ... 19 LDEV table ... 20 The Add/Change Security Group Dialog Box ... 21 The Add/Change Host Group Dialog Box ...
  • Page 6 Tables Acronyms and Abbreviations ... 73...

  • Page 7: Overview Of Volume Security

    Overview Volume Security protects data in your HP storage system from I/O operations performed at mainframe hosts. Security can be applied to logical volumes so that specified mainframe hosts are unable to read from and write to the specified logical volumes.
  • Page 8 referred to as S-VOLs, or source volumes. Secondary volumes are often referred to as T-VOLs, or target volumes. Overview of Volume Security...

  • Page 9: About Volume Security Operations

    2 About Volume Security Operations Overview of Volume Security Functions The Volume Security feature protects data in your storage system from I/O operations performed at mainframe hosts. Volume Security enables you to apply security to volumes so that the specified mainframe hosts will be unable to read from and write to the specified volumes.

  • Page 10: Port-Level Security

    The volume ldev4 is accessible only from host4 because ldev4 and host4 are registered in the same access group. The volume ldev5 does not belong to any access groups. For this reason, hosts in access groups cannot access ldev5. ldev5 is only accessible from host5 and host6, which are not registered in access groups.

  • Page 11: Prohibiting All Hosts From Accessing Volumes

    Figure 2 Security Example 2 If no ports are registered in a host group, hosts in the host group can access volumes via ports to which the hosts are connected. This manual uses the term port-level security, which is a security policy for enabling hosts to access volumes only via ports registered in host groups and thus prohibiting hosts to access the volumes via other ports.

  • Page 12: Protecting Volumes From Erroneous Copy Operations

    When storage system copy software (TrueCopy for Mainframe, Universal Replicator for Mainframe, ShadowImage for Mainframe, and HP StorageWorks XP for FlashCopy Mirroring Software or XP for FlashCopy Mirroring V2 Software) is used to perform copy operations, data will be overwritten onto the secondary volumes (that is, the copy destination volumes).

  • Page 13: Supported Volume Emulation Types

    Security to disable security on the VLL volume. For details on how to disable security, see “Disabling Volume If you are using HP StorageWorks XP for Compatible Parallel Access Volumes Software: If you apply security to a Parallel Access Volumes base volume, the security settings will also apply to the corresponding alias volume.

  • Page 14: Maximum Possible Number Of Groups

    3390-9, 3390-9A, 3390-9B, 3390-9C 3390-L, 3390-LA, 3390-LB, 3390-LC 3390-M, 3390-MA, 3390-MB, 3390-MC PCB types: Volume Security supports the following PCB types: ESCON or ACONARC FICON or FIBARC Maximum Possible Number of Groups Volume Security enables you to create up to 128 security groups per storage system, and up to 64 security groups per LDKC.

  • Page 15: Using The Volume Security Gui

    Volume Security operations. To start the Volume Security software: Log on to the disk array to open the Remote Web Console main window. For details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User s Guide.

  • Page 16: Security Group Tree

    Figure 4 The Volume Security Window Item Description Displays the security, host, and LDEV groups assigned to each LDKC defined on the Security Group tree storage system. For details see Displays the type, model, SEQNUMBER, Logical Partition (LPAR) and vendor of each Hosts table host.

  • Page 17: Security Group Tree

    LDEV group in that security group. Double-click Host Group and a list of host groups appears. Then select a specific host group. Double-click LDEV Group. The tree view shows the host group and/or LDEV group registered in the security group. Figure 5 Security Group Tree Icon Description...

  • Page 18: Hosts Table

    Icon Description Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group is classified as an access group. Also, volumes in this security group can be used as secondary volumes (i.e., copy destination volumes) for copy operations.

  • Page 19: Ldevs Table

    The Reports Display dialog boxes in Remote Web Console also show information about hosts. For details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User s Guide. LDEVs Table Figure 7 provides information about volumes.

  • Page 20: The Add/Change Security Group Dialog Box

    Figure 7 LDEV table Column LDEV Emulation Attribute The Add/Change Security Group Dialog Box The Add/Change Security Group dialog box or the Security Group entry in the tree view of the Volume Security window Add/Change from the pop-up menu. This dialog box enables you to: create a security group and classify the security group as an access group or a pool group (sees “Creating a Security Group for Use As an Access “Creating a Security Group for Use As a Pool...

  • Page 21: The Add/Change Security Group Dialog Box

    Figure 8 The Add/Change Security Group Dialog Box Item Description Indicates the selected LDKC number. LDKC Descriptive information about the security groups in the LDKC. Security indicates whether the security settings in the security group are Enabled or Disabled. CAUTION: It is possible that security settings are disabled even if Enabled is displayed.
  • Page 22 Item Description When creating a new security group, you enter the name of the security group in this Enter Security Group text box. When renaming an existing security group, you select the security group in the Security Group List table and then enter a new name. The following conventions apply to security group names: Up to eight characters can be used.

  • Page 23: The Add/Change Host Group Dialog Box

    Item Description When settings of the selected security groups are changed, click Change to make the changes Change appear in the Security Group List table. Applies settings in the Add/Change Security Group dialog box to the Volume Security window, and then closes the dialog box. CAUTION: Clicking OK applies the settings to the Volume Security window, but does not apply the settings to the storage system.

  • Page 24: The Add/Change Host Group Dialog Box

    Figure 9 The Add/Change Host Group Dialog Box Item Description LDKC Indicates the selected LDKC number. Host Group List A list of host groups in the LDKC. When creating a new host group, you enter the name of the host group in this Enter Host Group text box.

  • Page 25: The Add/Change Ldev Group Dialog Box

    Item Description This button applies settings in the Add/Change Host Group dialog box to the Volume Security window, and then closes the Add/Change Host Group dialog box. CAUTION: The OK button applies the settings to the Volume Security window, but does not apply the settings to the storage system.

  • Page 26: The Add/Change Ldev Group Dialog Box

    Figure 10 The Add/Change LDEV Group Dialog Box Item Description LDKC Indicates the number of the selected LDKC. LDEV Group List A list of LDEV groups in the LDKC. When creating a new LDEV group, you enter the name of the LDEV group in this Enter LDEV Group text box.

  • Page 27: The Add/Change Host Dialog Box

    Item Description This button applies settings in the Add/Change LDEV Group dialog box to the Volume Security window, and then closes the Add/Change LDEV Group dialog box. CAUTION: The OK button applies the settings to the Volume Security window, but does not apply the settings to the storage system.
  • Page 28 Vendor indicates the vendor of a host. This column can display FJT (Fujitsu), IBM, and HTC (HP). This column can also display CNT(Ex); if CNT(Ex) is displayed, the Type/Model column indicates the type and the model number of a channel extender, and the SEQNUMBER column indicates the node ID of the channel extender.

  • Page 29: The Select Ldev Dialog Box

    Item Description Applies settings in the Add/Change Host dialog box to the Volume Security window, and then closes the dialog box. CAUTION: Clicking OK applies the settings to the Volume Security window, but does not apply the settings to the storage system. To apply the security settings to the storage system, you must continue to click Apply in the Volume Security window until they appear in the dialog box.

  • Page 30: The Select Port Dialog Box

    Item Description Lists volumes registered in the LDEV group. One table row indicates one volume. Registered in LDEV Group table Lists volumes that not registered in the LDEV groups. One table row indicates one volume. Not Registered in LDEV Group table Registers volumes in the LDEV group.

  • Page 31: The Select Port Dialog Box

    Figure 13 The Select Port Dialog Box Item Description LDKC Indicates the number of the selected LDKC Host Group Specifies a host group in which ports will be registered. Shows the registered ports in the host group: LDEV displays the LDEV numbers. NOTE: Registered Port When the dialog box opens for the first time, the Port list does not display...

  • Page 32: The Specify Security Group Dialog Box

    Item Description Applies settings in the Select Port dialog box to the Volume Security window, and then closes the Select Port dialog box. CAUTION: Clicking OK applies the settings to the Volume Security window, but does not apply the settings to the storage system. To apply the security settings to the subsystem, you must continue to click Apply in the Volume Security window until they appear in the dialog box.

  • Page 33: The Host To Security Group Dialog Box

    Item Cancel The Host to Security Group Dialog Box The Host to Security Group dialog box the Volume Security window when you right-click a host from the upper-right table and then select Host to Security Group from the pop-up menu. when you right-click an item in the tree view and then select List ->...

  • Page 34: The Host To Ldev Dialog Box

    Item Description Provides information about a host, where the number groups, from left to right, indicate: First: The Type/Model the type and model number of a host (or a channel extender). Second: The Node ID of a host (or a channel extender). Host Third: The Logical Partition Number of the host.

  • Page 35: Host Group To Security Group Dialog Box

    Figure 16 The Host to LDEV Dialog Box Item Description LDKC Indicates the number of the selected LDKC Provides information about a host, where the number groups, from left to right, indicate: First: The Type/Model the type and model number of a host (or a channel extender). Second: The Node ID of a host (or a channel extender).

  • Page 36: The Host Group To Port Dialog Box

    Figure 17 The Host Group to Security Group Dialog Box Item Description LDKC Indicates the number of the selected LDKC Host Group Specifies a host group. Lists information about the security groups in which the specified host group is registered. Security Group table Closes the dialog box.

  • Page 37: The Ldev To Security Group Dialog Box

    Figure 18 The Host Group to Port Dialog Box Item Description LDKC Indicates the number of the selected LDKC. Provides information about a host group, where the number groups, from left to right, indicate: Host Group Port table Lists ports that are available and registered. Closes the dialog box.

  • Page 38: The Ldev To Host Dialog Box

    Figure 19 The LDEV to Security Group Dialog Box Item Description LDKC Indicates the number of the selected LDKC. Specifies a CU image number. Describes the available LDEVs: LDEV indicates a number assigned to the LDEV. Emulation indicates the emulation types of the volume. LDEV table NOTE: A volume ID ending in # (for example, 00#) indicates the volume is an...

  • Page 39: The Ldev To Host Dialog Box

    menu. The List ->LDEV to Host pop-up command does not display if you double-click a security group and then right-click a host group or LDEV group from immediately below the security group. This dialog box enables you to specify a volume and then displays hosts in the security group in which the specified volume is registered (see “Locating Hosts in a Security Group that Contains a Specified Figure 20 The LDEV to Host Dialog Box...

  • Page 40: The Ldev Group To Security Group Dialog Box

    Item Description Lists hosts in the security group in which the specified volume is registered. No. A sequential number associated with a host. NOTE: Each table row usually shows information about a host. However, if a host is attached to the disk subsystem via a channel extender, the table row shows information about the channel extender.

  • Page 41: The Error Detail Dialog Box

    Figure 21 The LDEV Group to Security Group Dialog Box Item Description LDKC Indicates the number of the selected LDKC. LDEV Group Specifies an LDEV group. Lists information about the security groups in which the specified LDEV group is re- gistered.

  • Page 42: The Error Detail Dialog Box

    Figure 22 The Error Detail Dialog Box Item Description Lists the number of the host available on the selected LDKC which are performing I/O Host operations. LDKC Indicates the number of the selected LDKC. Specifies a Command Unit image and forces the display of any volumes on which the host is performing I/O operations and which belong to the specified CU image.

  • Page 43: Performing Volume Security Operations

    Volume Security. To start the Volume Security software: Log on to the Remote Web Console main window. For details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User s Guide. To make security settings and apply the settings, you must use a user account that has the write permission (For example, the Administrator account).

  • Page 44: Locating Volumes In A Specified Security Group

    Locating Ports through Which Hosts Can Access Volumes (see “Locating Ports through Which Hosts Can Access Locating Security Groups that Contain a Specified Volume (see “Locating Security Groups that Contain a Specified Locating Hosts in a Security Group that Contains a Specified Volume (see “Locating Hosts in a Security Group that Contains a Specified Locating Security Groups that Contain a Specified Host Group (see that Contain a Specified Host...

  • Page 45: Locating Ports Through Which Hosts Can Access Volumes

    Right-click an arrow at the right end of the CU drop-down list, and then see how many CU image numbers appear. If only one CU image number appears, the table in the dialog box displays all the volumes that you want. If two or more CU image numbers appear, the table in the dialog box currently displays some of the volumes that you want.

  • Page 46: Locating Hosts In A Security Group That Contains A Specified Volume

    From the pop-up menu, select List -> LDEV to Security Group. The LDEV to Security Group dialog box appears security groups that you want. If the desired volume is not displayed in the lower-right table: In the tree view of the Volume Security window group or LDEV group that appears immediately below a security group.

  • Page 47: Locating Security Groups That Contain A Specified Ldev Group

    Locating Security Groups that Contain a Specified LDEV Group To specify an LDEV group and then find security groups in which the specified LDEV group is registered, follow the procedure below: In the tree view of the Volume Security window group or LDEV group that appears immediately below a security group.

  • Page 48: Registering Hosts In A Host Group

    The Add/Change Host Group dialog box In the Enter Host Group box, enter the name of the host group that you want to create, and then click the Add button. NOTE: Host group names can be up to eight characters and are case-sensitive. The first character and the last character must not be a space.

  • Page 49: Registering Ports In A Host Group

    hosts that do not belong to any host group hosts belonging to host groups in which no ports are registered However, you cannot register hosts belonging to host groups in which ports are registered. Select Registration and then Register Host in Host Group from the pop-up menu. The specified hosts are displayed by blue and also indicated by the Click OK in the Add/Change Host dialog box.

  • Page 50: Creating An Ldev Group

    If hosts registered in the host group are also registered in another host group, you cannot register ports in the Port list in the Registered port box, and thus you cannot implement port-level security. Click OK in the Select Port dialog box. The Select Port dialog box closes and you are returned to the Volume Security window.

  • Page 51: Registering Volumes In An Ldev Group

    CAUTION: Here, the settings in the window have not been applied to the storage system. Click Apply in the Volume Security window A message appears and asks if you want to apply the settings to the storage system. Click Yes. The settings are applied to the storage system.

  • Page 52: Creating A Security Group For Use As An Access Group

    A message appears and asks if you want to apply the settings to the storage system. Click Yes. The settings are applied to the storage system. Creating a Security Group for Use As an Access Group To make security settings, you must create security groups. Security groups can be classified as access groups or pool groups.

  • Page 53: Registering A Host Group And An Ldev Group In A Security Group

    Registering a Host Group and an LDEV Group in a Security Group Now that you have classified your security group as an access group, your next (and the last) task is to register your host group and LDEV group into the security group. When you finish registration, the volumes in the LDEV group are secured and can only be accessed by hosts in the host group.

  • Page 54: Registering Volumes In An Ldev Group

    The following procedure explains how to create an LDEV group. For details on how to register volumes in an LDEV group, see “Registering Volumes in an LDEV CAUTION: When creating an LDEV group, you are strongly recommended to click the Apply button in the Volume Security window, as described in the last step of the following procedure.

  • Page 55: Creating A Security Group For Use As A Pool Group

    CAUTION: When registering volumes in an LDEV group, you are strongly recommended to click the Apply button in the Volume Security window, as described in the last step of the following procedure. If you forget to click Apply, the volumes might be unregistered when you encounter an error registering the LDEV group (see Registering an LDEV Group in a Security To register volumes in an LDEV group:...

  • Page 56: Registering An Ldev Group In A Security Group

    Select Add/Change from the pop-up menu. The Add/Change Security Group dialog box In the Enter Security Group box, enter the name of the security group that you want to create. NOTE: Security group names can be up to eight characters and are case-sensitive. The first character and the last character must not be a space.

  • Page 57: Protecting Volumes From Copy Operations

    an LDEV group. Use the LDEV Group drop-down list to select an LDEV group that you want to register in the security group, and then click OK. Click Apply in the Volume Security window A message appears and asks if you want to apply the settings to the storage system. Click Yes.

  • Page 58: Disabling Volume Security

    TIP: To make volumes in your security group usable as secondary volumes (that is, copy destination volumes) for copy operations, you must select the security group in the Add/Change Security Group dialog box (Figure 8) and then select Enable in the T-VOL/R-VOL box. Next, click Change and then OK.

  • Page 59: Editing Security Groups

    Editing Security Groups This section explains the following operations, which allow you to edit your security groups: Unregistering a host group from a security group (see Unregistering an LDEV group from a security group (see “Unregistering an LDEV Renaming a security group (see Deleting a security group (see Unregistering a Host Group To unregister a host group from a security group, take the following steps:...

  • Page 60: Renaming Security Groups

    CAUTION: Here, the changes in the window have not been applied to the storage system. Click Apply in the Volume Security window A message appears and asks if you want to apply the changes to the storage system. Click Yes. The changes are applied to the storage system.

  • Page 61: Deleting Security Groups

    Deleting Security Groups To delete a security group, take the following steps: To delete a security group: Ensure that you are in Modify mode. In the Volume Security window Do either of the following: Right-click a security group in the tree view. Right-click Security Group in the tree view and then select Add/Change from the pop-up menu.

  • Page 62: Deleting Hosts From Host Groups

    D M=CPU This command displays the type, the model number, the node ID and the logical partition number of the host. Write down the information on a paper so that you will not forget it. For details on the system command, see the documentation for system commands. Ensure that you are in Modify mode.

  • Page 63: Deleting Ports From Host Groups

    A pop-up menu appears. Select Specify and then Host from the pop-up menu. The Add/Change Host dialog box indicate hosts registered in the specified host group. Select and then right click one or more hosts (indicated by Select Registration and then Unregister Host from Host Group from the pop-up menu. The specified hosts are displayed by blue.

  • Page 64: Renaming Host Groups

    CAUTION: Here, the settings in the window have not been applied to the storage system. Click Apply in the Volume Security window A message appears and asks if you want to apply the settings to the storage system. Click Yes. The settings are applied to the storage system.

  • Page 65: Deleting Host Groups

    Deleting Host Groups To delete a host group, take the following steps. To delete a host group: Ensure that you are in Modify mode. In the Volume Security window Do either of the following: Right-click a host group in the tree view. Right-click Host Group in the tree view and then select Add/Change from the pop-up menu.

  • Page 66: Renaming Ldev Groups

    The two boxes below the drop-down list displays volumes in the specified CU image. The Registered in LDEV group box displays volumes registered in the LDEV group. The Not registered in LDEV group box displays volumes that are not registered in the LDEV group.

  • Page 67: Deleting Ldev Groups

    CAUTION: Here, the change in the window has not been applied to the storage system. Click Apply in the Volume Security window A message appears and asks if you want to apply the change to the storage system. Click Yes. The change is applied to the storage system.
  • Page 68 Performing Volume Security Operations...

  • Page 69: Troubleshooting

    For troubleshooting information on host operations, see the MVS documentation. Calling HP Technical Support If you need to call HP technical support, make sure to provide as much information about the problem as possible, including: The circumstances surrounding the error or failure.
  • Page 70 The exact content of any error messages displayed on the host system(s). The service information messages (R-SIMs), including reference codes and severity levels, displayed by Remote Web Console and/or logged on the host. For worldwide technical support information, see the HP support website: http://www.hp.com/support Troubleshooting...

  • Page 71: Support And Other Resources

    In the Storage section, click Storage Software and then select a product. Conventions for Storage Capacity Values HP XP storage systems use the following values to calculate physical storage capacity values (hard disk drives): 1 KB (kilobyte) = 1,000 bytes...

  • Page 72: Subscription Service

    Operating system type and revision level Detailed questions Subscription Service HP recommends that you register your product at the Subscriber’s Choice for Business website: http://www.hp.com/go/e-updates After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources.

  • Page 73: A Acronyms And Abbreviations

    Multiple Virtual Storage (IBM) personal computer printed circuit board remote service information message remote volume HP StorageWorks XP Business Copy Software service information message ShadowImage for Mainframe service processor HP StorageWorks XP Continuous Access Software TrueCopy for Mainframe...
  • Page 74 Acronyms and Abbreviations...

  • Page 75: Index

    LDEV to Host dialog box, LDEV to Security Group dialog box, Select LDEV dialog box, Select Port dialog box, Specify Security Group dialog box, document related documentation, documentation HP website, providing feedback, emulation types volume (device), Error Detail dialog box, Groups GUI, help...
  • Page 76 Subscriber's Choice, HP, T-VOL, technical support, volume emulation types, Volume Security group maximum possible number, Volume Security window, volumes maximum possible number, websites HP Subscriber's Choice for Business, product manuals, windows Volume Security window,...

This manual is also suitable for:

Storageworks xp20000

Table of Contents