Page 3
Title Publication number Summary of changes Date Brocade Network Advisor SAN User Manual 53-1002696-01 Updated for Network December 2012 Advisor 12.0.0. Brocade Network Advisor SAN User Manual 53-1002948-01 Updated for Network July 2013 Advisor 12.1.0. Brocade Network Advisor SAN User Manual 53-1003057-01 Updated for Network January 2014 Advisor 12.2.0.
Page 4
Brocade Network Advisor SAN User Manual 53-1003154-01...
Chapter 11 Server Management Console Server Management Console overview ..... .427 Launching the SMC on Windows ..... . .427 Launching the SMC on Linux .
Page 16
Launching a remote SMIA configuration tool....459 Service Location Protocol (SLP) support ....459 Home tab .
Page 17
Determining port status ......522 Viewing port optics........522 Port commissioning .
Page 18
Chapter 14 Storage Port Mapping Storage port mapping overview ......561 Creating a storage array ........562 Adding storage ports to a storage array .
Chapter 17 Security Management Layer 2 access control list management.....653 Fabric OS Layer 2 ACL configuration ....653 Creating a Layer 2 ACL from a saved configuration.
Page 36
Chapter 33 Monitoring and Alerting Policy Suite Monitoring and Alerting Policy Suite overview ....1327 MAPS role-based access control..... . 1328 Enabling MAPS on a device.
• Chapter 14, “Storage Port Mapping,” provides instructions about how to create and assign properties to a storage device. • Chapter 15, “Host Management,” provides information on how to configure an HBA. • Chapter 16, “Fibre Channel over Ethernet,” provides information on how to configure FCoE. •...
Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some devices but not to others, this guide identifies exactly which devices are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc.
Page 46
TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required Brocade M6505 embedded switch 24-port, 16 Gbps embedded switch Fabric OS v7.2.0 or later Brocade 6510 switch 48-port, 16 Gbps switch Fabric OS v7.0.0 or later Brocade 6520 switch 96-port, 16 Gbps switch Fabric OS v7.1.0 or later...
Page 47
TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required 1, 2 Brocade DCX with FC10-6 Blades 8-slot Backbone Chassis with FC 10 - 6 ISL Blade Fabric OS v6.2.0 1, 2 Brocade DCX with FS8-18 Blades 8-slot Backbone Chassis with Encryption Blade Fabric OS v6.1.1_enc or later 1, 2...
TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required 1, 2 FX8-24 Blade 8 Gbps Extension Blade Professional can discover but not manage this device. Use the device’s Element Manager, which can be launched from the Connectivity Map, to manage the device.
Performance Data Configuring a monitor from a performance graph IP real-time performance monitoring Traffic flow dashboard monitors VLAN Management VLAN Manager Port VLAN • Information that was deleted: License support for Ethernet fabrics For further information about new features and documentation updates for this release, refer to the release notes.
Key terms For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary http://www.snia.org/education/dictionary Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations.
Other industry resources For additional resource information, visit the Technical Committee T11 website. This website provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.org Getting technical help...
• Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the switch • Brocade 7600—On the bottom of the chassis • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX and DCX-4S—On the bottom right on the port side of the chassis 4.
Chapter Getting Started In this chapter • User interface components ........1 •...
Page 54
User interface components FIGURE 1 Main window 1. Menu bar — Lists commands you can perform on the Management application. The available commands vary depending on which tab (SAN or Dashboard) you select. For a list of available commands, refer to Appendix A, “Application menus”.
Management server and client Management server and client The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores device-related information; it does not have a user interface. To view information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines.
Management server and client 5. Click OK on the Login Banner dialog box. The Management application displays. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. Launching a remote client NOTE For higher performance, use a 64-bit JRE.
Management server and client Click Login. 8. Click OK on the Login Banner dialog box. The Management application displays. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. Clearing previous versions of the remote client The remote client link in the Start menu does not automatically upgrade when you upgrade the Management application.
Management server and client FIGURE 3 Management application web client log in page 2. Enter your user name and password. NOTE Do not enter Domain\User_Name in the User ID field for LDAP server authentication. 3. Press Enter or click the log in arrow icon. 4.
Page 59
Management server and client 1. Choose one of the following options: • On Windows systems, select Start > Programs > Management_Application_Name 12.X.X > Management_Application_Name Configuration. • On UNIX systems, execute on the terminal. sh Install_Home/bin/configwizard 2. Click Next on the Welcome screen. 3.
Page 60
Management server and client • Options dialog box (does not display all IP addresses) • Firmware import and download dialog box • Firmware import for Fabric OS and Network OS products • FTP button in Technical Support Repository dialog box •...
Page 61
Management server and client d. Enter a port number in the Starting Port Number field (default is 24600). NOTE For Professional software, the server requires 15 consecutive free ports beginning with the starting port number. NOTE For Trial and Licensed software, the server requires 18 consecutive free ports beginning with the starting port number.
Management server and client 11. Choose one of the following options: • If you configured authentication to CAC, enter your PIN in the CAC PIN field. • If you configured authentication to the local database, an external server (RADIUS, LDAP, or TACACS+) or a switch, enter your user name and password.
Management server and client Disconnecting users To disconnect a user, complete the following steps. 1. Select Server > Active Sessions. The Active Sessions dialog box displays. 2. Select the user you want to disconnect and click Disconnect. 3. Click Yes on the confirmation message. The user you disconnected receives the following message: The Client has been disconnected by User_Name from IP_Address at Disconnected_Date_and_Time.
Management server and client TABLE 2 Server Properties Field/Component Description Java VM Vendor The Java Virtual Machine vendor. Java VM Version The Java Virtual Machine version running on the server. Server Name The server’s name. OS Architecture The operating system architecture on the server. OS Name The name of the operating system running on the server.
Management server and client FIGURE 7 Port Status dialog box 2. Review the port status details: • Name — The Port name. Options include CIM Indication for Event Handling, CIM Indication for HCM Proxy, FTP, SCP/SFTP, SNMP Trap, Syslog, Web Server (HTTP), and Web Server (HTTPS).
Page 66
Management server and client • Communication Path — The “source” to “destination” vaules. Client and Server refer to the Management application client and server unless stated otherwise. Product refers to the Fabric OS, Network OS, or IronWare devices. • Open in Firewall — Whether the port needs to be open in the firewall. TABLE 3 Port usage and firewall requirements Port Number Ports...
Page 67
Management server and client TABLE 3 Port usage and firewall requirements (Continued) Port Number Ports Transport Description Communication Path Open in Firewall HTTPS server HTTPS (HTTP over SSL) server Client-Server port if you use secure client - server communication HTTPS (HTTP over SSL) server Server–Product port if you use secure communication to the product...
Page 68
Management server and client TABLE 3 Port usage and firewall requirements (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 6343 sFlow Receives sFlow data from Product-Server products if you are monitoring with sFlow 24600 JBoss remoting connector port Use for service location.
Accessibility features for the Management application Accessibility features for the Management application Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. The following list includes the major accessibility features in the Management application: •...
Accessibility features for the Management application Look and feel customization You can configure the Management application to mimic your system settings as well as define the size of the font. ‘Look’ refers to the appearance of graphical user interface widgets and ‘feel’ refers to the way the widgets behave.
Product improvement Changing the font size The Options dialog box enables you to change the font size for all components including the Connectivity map of the Management application interface. Font size changes proportionately in relation to the system resolution. For example, if the system resolution is 1024 x 768, the default font size would be 8 and large font size would be 10.
Product improvement • Feature details Feature name Button identifier (such as OK, Help, or Cancel, and so on) Enabling product improvement data transfer To enable feature usage data transfer from the application, complete the following steps. 1. Select Server > Options. The Options dialog box displays.
PostgreSQL database • Last transfer timestamp must be greater than 24 hours to avoid frequent data uploads. • Data must be available for transfer. Data availability is determined by the difference between the last data transfer and the current data. 8.
PostgreSQL database 5. Enter your username (default is dcmuser) in the Username field. 6. Enter your password (password) in the Password field. Click OK on the New Server Registration dialog box. The pgAdmin III application displays. 8. To browse data in the database, complete the following steps. a.
PostgreSQL database 9. Click Finish. The PostgreSQL Unicode ODBC Driver (psqlODBC) Setup dialog box displays. 10. Enter a name for the data source in the Datasource field. 11. Enter the description of the database in the Description field. 12. Enter the name of the database in the Database field. 13.
Page 76
PostgreSQL database 3. Install the file to the usual location for your system’s application files (for example, /opt/PostgreSQL/psqlODBC) on the Installation Directory screen and click Next. NOTE If you select an invalid location, the ODBC driver is installed in a different location than where the ODBC executable drivers are located.
PostgreSQL database 4. On the Set up ODBC connection screen, complete the following steps. a. Click Browse. The datasource saved in the odbc.ini file is populated in the Datasource dialog box. b. Select the datasource and click OK on the Datasource dialog box. Click Next.
Supported open source software products If an error occurs and the password did not change, the following message displays: Error while updating password. Please try again. Press any key to continue. If the current password and new password are the same, the following message displays: Old and New passwords cannot be same.
Page 80
Supported open source software products TABLE 7 Open source software third-party software products Open Source Software License Type JavaTar2.5andTarTool1.4 public domain JaxenXpathLibrary 1.1.1 Jaxen License JbcParser 3.7 Math Parser License JBossApplicationServer 7.2.0 GA LGPL JBossWeb 2.1.9 GNU Lesser General Public License version 3 JCalendar 1.3.3 LGPL v2.1 JCommon 1.0.16...
SAN feature-to-firmware requirements TABLE 7 Open source software third-party software products Open Source Software License Type XML RPC 1.2-B1 Open Source YourKitJavaProfiler 9.5.1 YourKit License SAN feature-to-firmware requirements Use the following table to determine whether the Management application SAN features are only available with a specific version of the Fabric OS firmware as well as if there are specific licensing requirements.
Page 82
SAN feature-to-firmware requirements TABLE 8 SAN feature to firmware requirements Feature Fabric OS Meta SAN Requires Fabric OS 5.2 or later for FC router and router domain ID configuration. Requires Fabric OS 6.0 or later in a mixed Fabric OS and M-EOS fabric. Requires Integrated Routing license.
Uninstalling a patch 5. Click Upgrade. If the patch process is interrupted (for example, loss of power), you must restart the patch process. The patch installer performs the following functions: • Extracts patch files to the Install_Home folder. • Creates a back up (zip) of the original files to be updated and copies the zip file to the Install_Home\patch-backup directory (for example, Install_Home\patch-backup\na_11-3-0a.zip).
Page 85
Uninstalling a patch 4. Open the restore.xml file from the extracted files. The artifacts (jar files, war files, and so on) you need to replace display as separate file tags in the restore.xml file. The location of each artifact in the extracted folder is detailed in the src value under each file tag.
Page 86
Uninstalling a patch Brocade Network Advisor SAN User Manual 53-1003154-01...
SAN discovery overview NOTE Professional Plus edition can discover up to 2,560 ports. NOTE Once a fabric is discovered an enclosure is formed for the Host having FDMI with symbolic name enabled.When FDMI name is same for the adapters (HBA and CNA) which are displayed through fabric discovery, auto enclosure will be displayed for the fabric/fabrics NOTE Professional Plus edition can discover, but not manage the Backbone chassis.Use the device’s...
SAN discovery overview TABLE 9 Backbone Chassis discovery Device Professional Professional Plus Enterprise 4-slot Backbone Chassis as seed switch 4-slot Backbone Chassis as member switch 16 Gbps 8-slot Backbone Chassis as seed switch 16 Gbps 8-slot Backbone Yes for discovery; Yes for discovery;...
Page 90
SAN discovery overview FIGURE 8 Discover Fabrics dialog box 2. Click Add to specify the IP addresses of the devices you want to discover. The Add Fabric Discovery dialog box displays. FIGURE 9 Add Fabric Discovery dialog box (IP Address tab) 3.
Page 91
SAN discovery overview NOTE The Backbone Chassis cannot be used as seed switch to discover and manage edge fabrics. You must discover a seed switch from each edge fabric to discover and manage the edge fabric. NOTE The Backbone Chassis can only discover and manage the backbone fabric. NOTE Professional and Professional Plus editions cannot manage the Backbone Chassis.
Page 92
SAN discovery overview • Select the Manual option to configure SNMP and complete the following steps. a. Click the SNMP tab. FIGURE 10 Add Fabric Discovery dialog box (SNMP - v1 tab) b. Enter the duration (in seconds) after which the application times out in the Time-out (sec) field.
SAN discovery overview Enter a user name in the User Name field. Enter a context name In the Context Name field. Select the authorization protocol in the Auth Protocol field. m. Enter the authorization password in the Auth Password field. •...
SAN discovery overview 5. Enter the password for the switch in the Password field. 6. Click OK. on the Fabric_Name Edit Switches dialog box. The Credential Update Status dialog box displays. This dialog box displays the status of the change on the selected devices. If you selected a logical switch, the updated credentials will be applied to the other logical switches in the same chassis.
SAN discovery overview Select the SNMP version from the SNMP Version list. • If you selected v1, continue with step 8. • If you select v3, the SNMP tab displays the v3 required parameters. Go to step 12. To discover a Virtual Fabric device, you must configure SNMPv3 and your SNMP v3 user account must be defined as a Fabric OS switch user.
SAN discovery overview 4. Select the Automatic option. 5. Click OK on the Add Fabric Discovery dialog box. 6. Click Close on the Discover Fabrics dialog box. Rediscovering a fabric To refresh discovery of a fabric, complete the following steps. 1.
Viewing the fabric discovery state 4. Click OK on the confirmation message. The rediscovered fabric displays in the Discovered Fabrics table. 5. Click Close on the Discover Fabrics dialog box. Deleting a fabric To delete a fabric permanently from discovery, complete the following steps. 1.
Troubleshooting fabric discovery The Discovery Status field details the actual status message text, which varies depending on the situation. The following are samples of actual status messages: • Discovered: Seed Switch: Not registered for SNMP Traps • Discovered: Seed Switch: Not Manageable: Not registered for SNMP Traps •...
Page 99
Troubleshooting fabric discovery Problem Resolution If you exceed your managed count limit, the Perform one or more of the following actions to • Management application displays a “licensed “Changing your network size” • exceeded” message on the topology. “Remove a device from active discovery” •...
Troubleshooting fabric discovery Virtual Fabric discovery troubleshooting The following section state possible issues and the recommended solutions for Virtual Fabric discovery errors. Problem Resolution At the time of discovery, the seed switch is Virtual Fabric-enabled; however, the user does not have Make sure the user account has Chassis Admin role for the seed switch.
SAN Fabric monitoring SAN Fabric monitoring NOTE Monitoring is not supported on Hosts. The upper limit to the number of HBA and CNA ports that can be monitored at the same time is 32. The same upper limit applies if switch ports and HBA ports are combined.
SAN Fabric monitoring Stop monitoring of discovered fabrics NOTE Monitoring is not supported on Hosts. When you stop monitoring a fabric, the Management application performs the following actions: • Stops all data collection for the fabric and all associated devices. •...
Page 103
SAN Fabric monitoring The following details the behavior that occurs when you unmonitor a switch: • If you unmonitor a switch, the switch does not display in the topology, but end devices connected to the switch continue to display in the product list and topology (with no connections).
SAN Fabric monitoring Resume monitoring of discovered fabrics NOTE Monitoring is not supported on Hosts. To monitor a fabric and all associated devices, complete the following steps. 1. Select Discovery > Fabrics. The Discover Fabrics dialog box displays. 2. Select the fabric you want to monitor from the Discovered Fabrics table. 3.
SAN Seed switch SAN Seed switch The seed switch must be running a supported Fabric OS version and must be HTTP-reachable. Sometimes, the seed switch is auto-selected, such as when a fabric segments or when two fabrics merge. Other times, you are prompted (an event is triggered) to change the seed switch, such as in the following cases: •...
SAN Seed switch Seed switch requirements The seed switch must be running Fabric OS 5.0 or later. For a complete list of all supported Fabric OS hardware, refer to “Supported hardware and software” on page xlv. Seed switch failover The Management application collects fabric-wide data (such as, fabric membership, connectivity, name server information, zoning, and so on) using the seed switch.
Host discovery 3. Click Seed Switch. If the fabric contains other switches that are running the latest version and are also HTTP-reachable from the Management application, the Seed Switch dialog box appears. Otherwise, a message displays that you cannot change the seed switch. 4.
Host discovery For Windows, the Emulex adapter discovery is based on Windows Management Instrumentation (WMI). Perform the following steps to configure HTTPS certificate validation. 1. Import the host certificate when the Enable Certificate Validation check box is selected. Discovery will occur successfully even without importing the certificate when the Enable Certificate Validation checkbox is not selected.
Page 109
Host discovery FIGURE 14 Add Host Adapters dialog box 3. (Optional) Enter a discovery request name (such as, Manual 06/12/2009) in the Discovery Request Name field. 4. Select Network Address from the list. 5. Enter the IP address (IPv4 or IPv6 formats) or host name in the Network Address field. 6.
Host discovery 10. Enter your user name in the User ID field. The HCM agent default is admin. Leave this field blank for the CIM server. 11. Enter your password in the Password field. The HCM agent default is password. Leave this field blank for the CIM server. 12.
Page 111
Host discovery 5. Browse to the CSV file location. The CSV file must meet the following requirements: • Comma-separated IP addresses or host names • No commas within the values • No escaping supported For example, XX.XX.XXX.XXX, XX.XX.X.XXX, computername.company.com 6. Click Open. The CSV file is imported to the Add Host Adapters dialog box.
Host discovery Importing Hosts from a fabric To discover a Host from a discovered fabric, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Click Add. The Add Host Adapters dialog box displays. FIGURE 16 Add Host Adapters dialog box 3.
Host discovery 8. Configure discovery authentication by choosing one of the following options: • To configure discovery with authentication, select the HTTPS option in Protocol • To configure discovery without authentication, select the HTTP option in Protocol. 9. Enter the port number in the Port field. The HCM agent default is 34568.
Host discovery 3. Enter a discovery request name (such as MyVMManager) in the Discovery Request Name field. 4. Select Hosts from VM Manager from the list. 5. Select All VM or an individual VM from the list. 6. Click Add. All hosts that are part of a discovered VM Manager and have a registered host name display in the list.
Page 115
Host discovery FIGURE 18 Edit Host Adapters dialog box 3. Configure Host credentials by choosing one of the following options: • To configure HCM agent credentials, select the HCM agent option. Go to step • To configure CIM server credentials, select the CIM server (ESXi only) option. Continue with step •...
Host discovery Removing a host from active discovery If you decide you no longer want the Management application to discover and monitor a specific host, you can delete it from active discovery. Deleting a host also deletes the host data on the server (both system-collected and user-defined data) except for user-assigned names for the device port, device node, and device enclosure information.
Host discovery Deleting a host from discovery To delete a host permanently from discovery, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Select the host you want to delete permanently from discovery in the Previously Discovered Addresses table.
Host discovery • HCM Agent unknown failure • WMI authentication failed • WMI connection failed • WMI Unknown Error • Discovery ignored. One or more adapters in the host are already a part of Host group {} • Discovery ignored. One or more adapters in the host are already a part of auto/manual enclosure {}.
VM Manager discovery VM Manager discovery The Management application enables you to discover VM managers. VM Manager discovery requires vCenter Server 4.0 or later. NOTE vCenter discovery time is dynamically determined based on the number of hosts being managed by the vCenter.
Page 120
VM Manager discovery FIGURE 19 Discover VM Managers dialog box 2. Click Add. The Add VM Manager dialog box displays. FIGURE 20 Add VM Manager dialog box 3. Enter the IP address or host name in the Network Address field. 4.
VM Manager discovery 8. Select the Forward event to vCenter check box to enable event forwarding from the Management application to vCenter. Clear to disable event forwarding. 9. Click OK on the Add VM Manager dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A VM manager displays in Discovered VM Managers table with pending status.
VM Manager discovery 9. Refresh the Discover VM Managers list by clicking Refresh. 10. Click Close on the Discover VM Managers dialog box. Excluding a host from VM manager discovery To exclude host from VM manager discovery complete the following steps. 1.
VM Manager discovery Rediscovering a previously discovered VM manager To return a VM manager to active discovery, complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select the VM manager you want to return to active discovery in the Previously Discovered Addresses table.
VM Manager discovery The following are samples of actual ESX host status messages: • Active • Discovery pending, • Excluded, • Conflict – Existing Host <hostname> 3. Refresh the Discover VM Managers list by clicking Refresh. 4. Click Close on the Discover VM Managers dialog box. Troubleshooting VM manager discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly.
Chapter Application Configuration In this chapter • Server Data backup..........75 •...
Page 126
Configurable preferences • SAN End Node Display — Use to display (or turn off display of) end nodes on the Connectivity map for newly discovered fabrics. Disabling end node display limits the Connectivity map to switch members only. For more information, refer to “SAN End node display”...
Server Data backup Server Data backup The Management application helps you to protect your data by backing it up automatically. Backup is a service process that periodically copies and stores application files to an output directory. The output directory is relative to the server and must use a network share format to support backup to the network.
Server Data backup Backup directory structure overview The Management server backs up data to two alternate folders. For example, if the backup directory location is D:\Backup, the backup service alternates between two backup directories, D:\Backup\Backup and D:\Backup\BackupAlt. The current backup is always D:\Backup and contains a complete backup of the system.
Page 129
Server Data backup • Select the Include Technical Support directory check box, if necessary. Only available if the Include FTP Root directory check box is clear. • Select the Include Upload Failure Data Capture directory check box, if necessary. Only available if the Include FTP Root directory check box is clear.
Server Data backup 9. Backup data to a CD by completing the following steps. NOTE This is not recommended on a permanent basis. CDs have a limited life, and may only last a month. An error message occurs if your Management application can no longer backup to the disc.
Server Data backup 3. Clear the Enable Backup check box. 4. Click Apply or OK. Viewing the backup status The Management application enables you to view the backup status at a glance by providing a backup status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the backup function.
Server Data backup Starting immediate backup NOTE You must have backup privileges to use the Backup Now function. For more information about privileges, refer to “User Privileges” on page 1451. To start the backup process immediately, complete one of the following procedures: Using the Backup Icon, right-click the Backup icon and select Backup Now.
Server Data restore Server Data restore NOTE You cannot restore data from a previous version of the Management application. NOTE You cannot restore data from a higher or lower configuration (Trial or Licensed version) of the Management application. NOTE You cannot restore data from a different package of the Management application. The Management application helps you to protect your data by backing it up automatically.
SAN data collection 6. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console. For the restored data to take effect, re-launch the Configuration Wizard using the instructions in “Launching the Configuration Wizard”...
Page 135
SAN data collection events is the lazy polling interval plus the short tick interval. To increase polling efficiency, you can configure both the short tick interval (Check for state change every option) and the lazy polling interval (If no state change, poll switch every option) on the Options dialog box. For step-by-step instructions, refer to “Configuring asset polling”...
Product communication protocols • MetaSANCollector – Collects data about the IFLs (Inter Fabric Links) on the switch. • FlowCollector – Collects data about the flow definitions on the switch. Also collects the subflows for each flow definition. This collector requires the Fabric Insight license on the switch.
SAN display settings TABLE 15 Product communication protocols Protocol Description Management application use Communicates with device type File Transfer Protocol (FTP) is a standard Used for firmware download. Fabric OS network protocol used to transfer files from For Fabric OS devices, used to collect Network OS one host to another host over a TCP-based technical support information.
SAN display settings FIGURE 23 Options dialog box (SAN Display pane) 3. Click Set Up FICON Display. Any table that contains end device descriptions move the following nine columns to the beginning of the table: Attached Port #, FC Address, Serial #, Tag, Device Type, Model, Vendor, Port Type, and WWN.
Page 139
SAN display settings Importing the OUI file To import the OUI file, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Display in the Category list. The SAN Display pane displays. 3. Click Import OUI . 4.
SAN End node display FIGURE 24 Product Type Mapping dialog box NOTE You can search for an OUI by using a search string in the Search list or with the Organization drop down. 4. Select the product type for a particular OUI file and change to Target, Initiator, or Default. 5.
SAN Ethernet loss events FIGURE 25 Options dialog box (SAN End Node Display pane) 2. Select SAN End Node Display in the Category list. 3. Select the Show connected end nodes when new fabric is discovered check box to display end nodes on your system.
Event storage settings Disabling SAN Ethernet loss events To disable Ethernet loss events, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Ethernet Loss Events in the Category list. 3. Clear the Enable events for ethernet loss check box. 4.
Flyover settings 4. Enter then number of days (1 through 365) you want to store events in the Maximum Days field. The events are purged at midnight on the last day of the retention period regardless of the number of maximum events. 5.
Page 144
Flyover settings FIGURE 28 Options dialog box (Flyovers pane, Product tab) a. Select the type from the Type list, if necessary. protocol b. Select each property you want to display in the product flyover from the Available Properties table. Depending on which protocol you select, some of the following properties may not be available: FC (default) •...
Page 145
Flyover settings Add connection properties you want to display on flyover by selecting the Connection tab (Figure 29) and completing the following steps. FIGURE 29 Options dialog box (Flyovers pane, Connection tab) a. Select the type from the Type list, if necessary. protocol Depending on which protocol you select, some properties may not be available for all protocols.
Name settings • • Name Port# • • Node WWN Port Type • • FCoE Index # Click the right arrow to move the selected properties to the Selected Properties table. d. Use the Move Up and Move Down buttons to reorder the properties in the Selected Properties table.
Name settings To edit duplicate names, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Names in the Category list. The SAN Names pane displays (Figure 30). FIGURE 30 Options dialog box (SAN Names pane) 3.
Name settings 3. Select one of the following options. • If you select Append Incremental numbers for all repetitive names, the names are edited automatically using incremental numbering. • If you select I will fix them myself, edit the name in the Name field. 4.
Name settings • Display table — This table displays the following information: Description–A description of the device. Name–The name of the device. Enter a name for the device. Operational Status–The operational status of the device (discovered, operational, and ...
Name settings If you set names to be unique on the Options dialog box and the name you entered already exists, the entry is not accepted. To search for the device already using the name, refer to “Searching for a device by name” on page 101 or “Searching for a device by WWN”...
Name settings Removing a name from a device 1. Select Configure > Names. The Configure Names dialog box displays. 2. In the Display table, select the name you want to remove. 3. Click Remove. An application message displays asking if you are sure you want clear the selected name. 4.
Name settings Importing Names If the name length exceeds the limitations detailed in the following table, you must edit the name (in the CSV file) before import. Names that exceed these limits will not be imported. If you migrated from a previous version, the .properties file is located in the Install_Home\migration\data folder. TABLE 16 Name length limitations Device...
Miscellaneous security settings 5. Click Search. All devices with the specified name (or partial name) are highlighted in the Display table. You may need to scroll to see all highlighted names. If the search finds no devices, a ‘no item found’ message displays. 6.
Miscellaneous security settings Configuring the server name To configure the server name, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Security Misc in the Category list. The Security Misc pane displays (Figure 33).
Miscellaneous security settings Enforcing MD5 file during import NOTE The MD5 checksum file is required when you load Fabric OS firmware into the Management application version 12.0 or later. You can configure the Management application to enforce the MD5 checksum file import during the import of the Fabric OS image into the firmware repository.
Syslog Registration settings 4. Enter the message you want to display every time a user logs into this server in the Banner Message field. This field contains a maximum of 2048 characters. 5. Click Apply or OK to save your work. Disabling the login banner To disable the login banner display, complete the following steps.
SNMP Trap Registration settings Configuring the Syslog listing port number 1. Select Server > Options. The Options dialog box displays. 2. Select Syslog Registration in the Category pane. The Syslog Registration pane displays (Figure 34). 3. Enter the Syslog listening port number of the Server in the Syslog Listening Port (Server) field, if necessary.
SNMP Trap forwarding credential settings 3. Enter the SNMP listening port number of the Server in the SNMP Listening Port (Server) field, if necessary. The default SNMP listening port number is 162 and is automatically populated. 4. Click Apply or OK to save your work. SNMP Trap forwarding credential settings You can configure SNMP credentials for the traps forwarded by the server.
Software Configuration Configuring SNMP v3 credentials To configure a SNMP v1 or v2c credentials, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Trap Forwarding Credentials in the Category pane. The Trap Forwarding Credentials pane displays (Figure 36).
Software Configuration Certificates Certificate management allows you to enable certificate validation between the Management application server and products when HTTPS is enabled and between server and client when SSL is enabled on server. For more information about product communication, refer to “Product communication settings”...
Page 162
Software Configuration The Certificates pane contains the following fields and components: • Enable certificate validation check box — Select to enable certificate validation. Clear to disable certificate validation • Keystore Certificates drop-down list — Select one of the following options: View —...
Page 163
Software Configuration FIGURE 38 Name Details - Certificate dialog box The Details - Certificate Name dialog box contains the following fields: • Left-side text box — Name of the Issuer. • Right-side table — Displays the following certificate details: Version — Version of the certificate. ...
Page 164
Software Configuration 5. Enter a unique alias for the certificate in the Alias Name field. 6. Click OK. Click Apply or OK to save your work. Deleting a truststore certificate 1. Select Server > Options. The Options dialog box displays. 2.
Page 165
Software Configuration Viewing a keystore certificate 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select View from the Keystore Certificate list. The Details - Certificate Name dialog box displays with the following fields: •...
Page 166
Software Configuration Replacing a keystore certificate NOTE Changes to this option take effect after an application restart. 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select Replace from the Keystore Certificate list. The Replace Keystore Certificate dialog box displays.
Software Configuration Enabling and disabling certificate validation The Management application server only validates the certifying authority and the date in the certificate. Certificate validation requires HTTPS connections between the server and the switches. To configure product communication to HTTPS, refer to “Product communication settings”...
Software Configuration 4. Click Apply or OK to save your work. NOTE Changes to this option take effect after a client restart. 5. Click OK on the “changes take effect after client restart” message. Client/Server IP You can configure connections between the client or switches and the Management application server.
Page 169
Software Configuration FIGURE 40 Options dialog box (Client/Server IP option) 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step • Select a specific IP address. Continue with step • Select localhost. Continue with step When Server IP Configuration is set to All, you can select any available IP address as the Return Address.
Page 170
Software Configuration Configuring an explicit server IP address If you selected a specific IP address from the Server IP Configuration screen during installation and the selected IP address changes, you will not be able to connect to the server. To connect to the new IP address, you must manually update the IP address information.
Page 171
Software Configuration 8. Verify the IP address on the Server Configuration Summary screen and click Next. 9. Click Finish on the Start Server screen. 10. Click Yes on the restart server confirmation message. 11. Choose one of the following options: •...
Software Configuration 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step • Select a specific IP address. Continue with step • Select localhost. Continue with step 4. Select the return IP address in the Client - Server IP Configuration Return Address list. When Server IP Configuration is set to All, you can select any available IP address as the Return Address.
Page 173
Software Configuration • Medium SAN — 90 products, 5,000 ports • Large SAN — 200 products, 15,000 ports NOTE For full performance management and dashboard functionality, the Large option of the SAN Enterprise edition only supports 5000 switch ports on a 32-bit system. Memory and asset polling values change to the new default values when you change the SAN Network size.
Page 174
Software Configuration • Small: 768 MB • Medium: 1024 MB • Large: 1024 MB For all 64-bit servers, the default minimum server heap size for all network sizes is 2048 MB. NOTE There is no restriction on the maximum value for server heap size in a 64-Bit server. The correct server heap size value must be given according to the RAM present in the server.
Page 175
Software Configuration • Medium/2000–5000 ports: 900 seconds • Large/5000 or more ports: 1800 seconds 5. Click Apply or OK to save your work. NOTE Changes to this option take effect after an application restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 12.X.X >...
Software Configuration Product communication settings You can configure HTTP or HTTPS connections between the products and the Management application server. Configuring SAN communication To configure connections between the SAN devices and the Management application server, complete the following steps. 1. Select Server > Options. The Options dialog box displays.
Software Configuration 4. To connect using HTTPS (HTTP over SSL), complete the following steps. a. Select the Connect using HTTPS (HTTP over SSL) only option. b. Enter the connection port number in the Port # field. Continue with step The default HTTPS port number is 443. 5.
Page 178
Software Configuration Secure Copy (SCP) is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. You must configure SCP on your machine to support Technical Support and firmware download. NOTE SCP is supported on Fabric OS devices running 5.3 and later.
Page 179
Software Configuration 4. Select the Built-in FTP Server check box. 5. Change your password by entering a new password in the Password and Confirm Password fields. The default password is passw0rd (where 0 is a zero). 6. Click Test to test the FTP server. An “FTP Server running successfully”...
Page 180
Software Configuration Click Test to test the server. An “SCP/SFTP Server running successfully” or an error message displays. If you receive an error message, make sure your credentials are correct, the SCP/SFTP server is stopped, the remote directory path exists, and you have the correct access permission; then try again.
Page 181
Software Configuration Enter a user name in the Remote Host User Name field. d. Enter the path to the remote host in the Remote Directory Path field. Use a slash (/) or period (.) to denote the root directory. e. Enter the password in the Password Required for FTP field. 5.
Software Configuration • If you are using the internal FTP server, select the Use built-in FTP/SCP/SFTP Server option. For step-by-step instructions about configuring the built-in server, refer to “Configuring an internal FTP server” on page 126. • If you are using the external FTP server, select the Use external FTP/SCP/SFTP Server option.
Software Configuration 4. Enable HTTP redirection to HTTPS by selecting the Redirect HTTP Requests to HTTPS check box. When you enable HTTP redirection, the server uses port 80 to redirect HTTP requests to HTTPS. Make sure that port 80 is available before you enable HTTP redirection. 5.
Page 184
Software Configuration 4. Select the Log server support data - Log Level list, and select the type of log data you want to configure. Log level options include: All, Fatal, Error, Warn, Info, Debug, Trace, and Off. Default is Info. 5.
FIPS Support 3. Select the maximum number of days to retain the server log file in the Log Purging Limit field. Valid values are 1 through 90. Default is 14. The log files are purged at 1:00 AM on the day after the retention period ends. 4.
Fabric tracking • Do not show me this again check box — Select if you do not want to see this dialog box again when you enable or disable fabric tracking or accept changes for a switch or fabric. • Switches —...
Fabric tracking Accepting changes for a fabric 1. Accept the changes to a fabric by choosing one of the following options: • Select a fabric on the Product List or Connectivity Map and select Monitor > Accept Changes. • Right-click a fabric on the Product List or Connectivity Map and select Accept Changes. The accept changes summary message displays (Figure 48).
Fabric tracking Accepting changes for all fabrics 1. Accept the changes to all fabrics by choosing one of the following options: • Click in the white space on the Connectivity Map and select Monitor > Accept All Changes. • Right-click in the white space on the Connectivity Map and select Accept All Changes. The accept changes summary message displays (Figure 49).
Fabric tracking Accepting changes for a switch, access gateway, or phantom domain 1. Accept the changes to a switch, access gateway, or phantom domain by choosing one of the following options: • Select the switch, access gateway, or phantom domain on the Product List or Connectivity Map and select Monitor >...
Page 190
Fabric tracking Brocade Network Advisor SAN User Manual 53-1003154-01...
Chapter User Account Management In this chapter • Users overview..........139 •...
Page 192
Users overview FIGURE 50 Users dialog box - Users tab The Users dialog box contains the following fields and components: • Authentication-Primary — The primary authentication server type configured through the Server Management Console. • Secondary — The secondary authentication server type configured through Server Management Console.
Page 193
Users overview • Users table — The configured users. User ID — The unique name used to identity a user. Full Name — The user’s full name. Roles — List of roles the user belongs to separated by commas. ...
Page 194
Users overview • Roles table — Lists the default system roles and any user-defined roles. Name — The unique name of the role. Default system roles for SAN only environments include: SAN System Administrator Network Administrator Security Administrator Zone Administrator Operator Security Officer Host Administrator...
User accounts User accounts NOTE You must have User Management Read and Write privileges to add new accounts, set passwords for accounts, and apply roles to the accounts. For a list of privileges, refer to “User Privileges” page 1451. Management application user accounts contain the identification of the Management application user, as well as privileges, roles, and AORs assigned to the user.
Page 196
User accounts 4. Enter a password for the user in the Password and Confirm Password fields. Passwords displays as dots (.). For password policy details, refer to “Viewing your password policy” on page 162. 5. Select the Account Status - Enable check box to enable the account of the user. Account Status is enabled by default.
User accounts Editing a user account To make changes to an existing user account, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user account you want to edit and click Edit under the Users table. The Edit User dialog box displays.
User accounts Copying and pasting user preferences You can copy user preference settings, such as window and dialog box sizes, table column and sort order, as well as other customizations, and all the user-defined views (including fabrics and hosts) from the selected user account to one or more other user accounts. If the fabric and hosts from the original user account are not included in the other user's AOR, then the copied fabrics and hosts do not display in the other user's views.
User accounts 5. Click Save.The file is saved to the location you selected. If the export is successful, the following message displays: User profile data exported successfully to <Flavor>-UserProfile-<Time stamp>.zip Importing a user account To import a user account, complete the following steps. 1.
User accounts Removing roles and areas of responsibility from a user account To remove roles and AORs from an existing user account, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user account you want to edit and click Edit under the Users table. The Edit User dialog box displays.
Roles Deleting a user account NOTE You cannot delete the default "Administrator" user account. To permanently delete a user account from the server, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user you want to delete in the Users table and click Delete. 3.
Roles 2. Click Add under the Roles table. The Add Role dialog box displays. FIGURE 52 Add Role dialog box 3. Enter a name of the role in the Name field. 4. (Optional) Enter a short description for the role in the Description field. 5.
Roles 4. Click OK to save the role and close the Edit Role dialog box. If you make changes to the user’s role or AOR while the user is logged in, a confirmation message displays. When you click OK on the confirmation message, the user is logged out and must log back in to see the changes.
Roles 2. Click Add, Edit, or Duplicate under the Roles table. The Add Roles, Edit Roles, or Duplicate Roles dialog box displays. 3. Add read and write access by selecting the features to which you want to allow read and write access in the Available Privileges list and click the right arrow button to move the features to the Read &...
Areas of responsibility Areas of responsibility NOTE You must have User Management Read and Write privileges to view, add, modify, or delete operational areas of responsibility. An area of responsibility (AOR) allows you to place Fabricsand Hosts into management groups that can be assigned to an Management application user.
Areas of responsibility FIGURE 53 Users dialog box - Users tab 3. Enter a name of the AOR in the Name field. 4. (Optional) Enter a short description for the AOR in the Description field. 5. Assign or remove products as needed. For step-by-step instructions, refer to “Assigning products to an AOR”...
Areas of responsibility 4. Click OK to save the AOR and close the Edit AOR dialog box. If you make changes to the user’s role or AOR while the user is logged in, a confirmation message displays. When you click Yes on the confirmation message, the user is logged out and must log back in to see the changes.
Areas of responsibility 2. Click Add, Edit, or Duplicate under the AOR table. The Add AOR, Edit AOR, or Duplicate AOR dialog box displays. 3. Click the Fabrics tab. 4. Select the fabrics you want to assign to the AOR in the Available Fabrics table and click the right arrow button to move the products to the Selected Products table.
Password policies Password policies NOTE You must have User Management Read and Write privileges to configure password policy. Passwords are an important aspect of computer security. They are the front line of protection for user accounts. The purpose of the password policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.
Page 210
Password policies d. Enter the minimum number of lowercase characters required in the Lower Case Characters field. Only enabled when the Empty Password - Allow check box is clear. Valid values are 0 through 127. The default is 0. e. Enter the minimum number of digits required in the Number of Digits field. Only enabled when the Empty Password - Allow check box is clear.
User profiles 10. Click Yes on the confirmation message. 11. Click Close to close the Users dialog box. Viewing password policy violators To view password policy violators, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2.
User profiles Viewing your user profile To view your user profile, complete the following steps. To edit your user profile, refer to “Editing your user profile” on page 160. 1. Select Server > User Profile. The User Profile dialog box displays the following information: •...
User profiles 3. Change your password in the Password and Confirm Password fields. Passwords display as dots (.). 4. Change your user profile description in the Description field. 5. Change your phone number in the Phone Number field. 6. Select the E-mail Notification Enable check box to enable e-mail notification. Clear the E-mail Notification Enable check box to disable e-mail notification.
User profiles Viewing your password policy To view your password policy, complete the following steps. 1. Select Server > User Profile. The User Profile dialog box displays. 2. Click Password Policy - View to display your password policy. The View Password Policy dialog box displays. •...
User profiles Configuring e-mail notification To configure and enable e-mail notification, complete the following steps. 1. Select Server > User Profile. The User Profile dialog box displays. 2. Select the E-mail Notification - Enable check box to enable e-mail notification. 3.
Page 216
User profiles Brocade Network Advisor SAN User Manual 53-1003154-01...
Dashboard • “Inventory expand navigation bar” on page 211 • “Reports expand navigation bar” on page 234 3. Right pane — Displays the detail for the feature selected in the left pane. For more information, refer to: • “Dashboard” on page 166 •...
Dashboard The dashboard refreshes every ten seconds regardless of the size of your network. Note that data may become momentarily out of sync between the dashboard and other areas of the application. For example, if you remove a product from the network while another user navigates from the dashboard to a more detailed view of the product, the product may not appear in the detailed view.
Dashboard Dashboard toolbar The dashboard toolbar (Figure 56) is located above the status widgets or performance monitors and provides a information about the selected dashboard as well as buttons to perform various functions. FIGURE 56 Dashboard toolbar The dashboard toolbar contains the following fields and components: 1.
Dashboard customization Accessing a dashboard NOTE If you change the dashboard in the Java client, change is reflected in the web client and vice versa. To access a specific dashboard, complete the following steps. 1. Click the Dashboard icon. The Dashboard expand navigation bar displays. 2.
Page 222
Dashboard customization FIGURE 57 Scope dialog box 2. Select a network from the Network Scope list. The default network scope is All. The available network scopes include the following options: • All products and fabrics • Any SAN fabric If you select a fabric scope, dashboard widgets displays data for all products and ports in the fabric.
Dashboard customization Setting the time interval Setting the global time interval in the dashboard toolbar configures the data display time range for all the applicable widgets. Time interval in the Scope list allows you to select a specific time range for which you want to display data in the dashboard.
Dashboard customization Default dashboards The Management application provides preconfigured dashboards which provide high-level overview of the network, the current states of managed devices, and performance of devices, ports, and traffic on the network. Product Status and Traffic The Product Status and Traffic dashboard provides the following preconfigured status widgets and performance monitors: •...
Dashboard customization Shared Dashboards The Shared Dashboards list includes all user-defined dashboards that have been shared with other users in the Java Client. Shared dashboards display in the following format: dashboard_name (user_name). The Shared Dashboards list does not display until a dashboard is shared with other users in the Java Client.
Dashboard customization • Type — The port type. • Identifier — The port identifier, such as port name, number, address, WWN, user port number, or zone alias. • Port Number — The port number. • State — Whether the port is online or offline. •...
Page 227
Dashboard customization TABLE 18 Event severity color codes Color Severity Grey Notice Blue Info The Events widget only includes events from products that are in your AOR. Double-click a bar in the graph to navigate to the Events page with only the selected event type (Emergency, Alert, and so on) displaying.
Page 228
Dashboard customization • Bar chart — Displays each group as a separate bar on the graph. Displays the current state of all Host products discovered for a group in various colors on each bar. Tooltips showing the number of devices in that state are shown when you pause on the bar. Double-click a bar in the graph to navigate to the Host Inventory Detailed View page.
Page 229
Dashboard customization SAN Inventory widget The SAN Inventory widget (Figure 59) displays the SAN products inventory as stacked bar graphs. FIGURE 59 SAN Inventory widget The SAN Inventory widget includes the following data: • Widget title — The name of the widget. •...
Page 230
Dashboard customization Customizing the SAN Inventory widget You can customize the SAN Inventory widget to display the product inventory for a specific group. The group type and number of devices in the group displays to the left of the associated bar; for example, v7.0.0 [3], where v7.0.0 is the firmware number and [3] is the number of devices running that firmware level.
Page 231
Dashboard customization SAN Status widget The SAN Status widget displays the device status as a pie chart. If you discover a DCB switch from the SAN tab, the switch status displays in both the SAN Status and IP Status widgets. However, if you discover a DCB switch from the IP tab, the switch status only displays in the IP Status widget.
Page 232
Dashboard customization Status widget The Status widget (Figure 61) displays the number of products managed and the number of events within the selected event time range FIGURE 61 Status widget The Status widget displays the following items for each product license: •...
Dashboard customization Monitoring and Alerting Policy Suite widgets NOTE MAPS is only supported on a licensed version of the Management application with SAN management. NOTE MAPS is only supported on FC devices running Fabric OS 7.2.0 or later with the Fabric Vision license. NOTE MAPS is not supported on DCB devices.
Page 234
Dashboard customization The Out of Range Violations widget includes the following fields and components: • Widget title — The widget title. • Widget summary — The color of the worst severity and the number of products with that severity displays below the widget title. •...
Page 235
Dashboard customization • Product — The product affected by this monitor. Click to launch the Product page for this device (refer to “Product summary view” on page 216). When you launch the Product page, the detailed view closes. • Object Name (MAPS and Fabric Watch support) — The object name (such as switch name, port name, FRU name, and so on).
Dashboard customization • State changes — The state of the port has changed for one of the following reasons: The port has gone offline. The port has come online. The port is faulty. • SFP Current — The amount of supplied current to the SFP transceiver. •...
Dashboard customization TABLE 19 Preconfigure performance monitors Monitor title Description Data collectors Top Port Encode Error Out Table view of the encode error out measure. There are four All SAN FC port collector versions of this monitor based on the type of port: All ports, initiator ports, ISL ports, and Target ports.
Page 238
Dashboard customization Top Port Alignment Errors monitor The Top Port Alignment Errors performance monitor displays the top ports with alignment errors in a table. The Top Port Alignment Errors performance monitor includes the following data: • Widget title — The name of the widget. •...
Page 239
Dashboard customization Top Port C3 Discards monitor The Top Port C3 Discards monitor displays the top ports with Class 3 frames discarded in a table. There are four port widgets: All, ISL, Initiator, and Target. The Top Port C3 Discards monitor includes the following data: •...
Page 240
Dashboard customization Top Port C3 Discards RX TO monitor The Top Port C3 Discards RX TO monitor displays the top ports with receive Class 3 frames received at this port and discarded at the transmission port due to timeout in a table. The Top Port C3 Discards RX TO monitor includes the following data: •...
Page 241
Dashboard customization Top Port CRC Errors monitor The Top Port CRC Errors monitor displays the top ports with frames that contain cyclic redundancy check (CRC) errors in a table. The Top Port CRC Errors monitor includes the following data: • Widget title —...
Page 242
Dashboard customization Top Port Encode Error Out monitor The Top Port Encode Error Out monitor displays the top ports with encoding errors outside of frames in a table. The Top Port Encode Error Out monitor includes the following data: • Widget title —...
Page 243
Dashboard customization Top Port Link Failures monitor The Top Port Link Failures monitor displays the top ports with link failures in a table. The Top Port Link Failures monitor includes the following data: • Widget title — The name of the widget. •...
Page 244
Dashboard customization Top Port Link Resets monitor The Top Port Link Resets monitor displays the top ports with link resets in a table. The Top Port Link Resets monitor includes the following data: • Widget title — The name of the widget. •...
Page 245
Dashboard customization Top Port Overflow Errors monitor The Top Port Overflow Errors performance monitor displays the top ports with overflow errors in a table. The Top Port Overflow Errors performance monitor includes the following data: • Widget title — The name of the widget. •...
Page 246
Dashboard customization Top Port Receive EOF monitor The Top Port Receive EOF performance monitor displays the top ports with received end-of-frames in a table. The Top Port Receive EOF performance monitor includes the following data: • Widget title — The name of the widget. •...
Page 247
Dashboard customization Top Port Runtime Errors monitor The Top Port Runtime Errors performance monitor displays the top ports with runtime errors in a table. The Top Port Runtime Errors performance monitor includes the following data: • Widget title — The name of the widget. •...
Page 248
Dashboard customization Top Port Sync Losses monitor The Top Port Sync Losses monitor displays the top ports with synchronization failures in a table. The Top Port Sync Losses monitor includes the following data: • Widget title — The name of the widget. •...
Page 249
Dashboard customization Top Port Too Long Errors monitor The Top Port Too Long Errors performance monitor displays the top ports with frames longer than the maximum frame size allowed errors in a table. The Top Port Too Long Errors performance monitor includes the following data: •...
Page 250
Dashboard customization Top Port Traffic monitor The Top Port Traffic monitor (Figure 63) displays the top ports with receive and transmit traffic in a table. FIGURE 63 Top Port Traffic monitor The Top Port Traffic monitor includes the following data: •...
Page 251
Dashboard customization • Port Number — The port number. • State — The port state (for example, Enabled). • Status — The port status (for example, Up). 2. Click the close (X) button. Top Port Underflow Errors monitor The Top Port Underflow Errors performance monitor displays the top ports with underflow errors in a table.
Page 252
Dashboard customization 2. Click the close (X) button. Top Port Utilization Percentage monitor The Top Port Utilization monitor (Figure 64) displays the top port utilization percentages in a table. FIGURE 64 Top Port Utilization monitor The Top Port Utilization monitor includes the following data: •...
Page 253
Dashboard customization A more detailed widget displays which includes the following data: • Scope — The scope configured for the dashboard. • Port — The port affected by this monitor. Click to launch the Port Page (refer to “Port summary view” on page 225).
Page 254
Dashboard customization Viewing additional details for the Bottom Port Utilization Percentage monitor 1. Click the View Details icon. FIGURE 67 Bottom Port Utilization Detailed View A more detailed widget displays which includes the following data: • Scope — The scope configured for the dashboard. •...
Page 255
Dashboard customization Top Product CPU Utilization monitor The Top Product CPU Utilization monitor (Figure 68) displays the top product CPU utilization percentages in a table. FIGURE 68 Top Product CPU Utilization monitor The Top Product CPU Utilization monitor includes the following data: •...
Page 256
Dashboard customization • Product — The product affected by this monitor. Click to launch the Product page for this device (refer to “Product summary view” on page 216). When you launch the Port page, the detailed view closes. • Min — The minimum value of the measure in the specified time range. •...
Page 257
Dashboard customization • Memory Utilization Percentage — The top memory utilization percentages. Pause on a rown to display the minimum, current, and maximum vaules for the selected row. This field also displays minimum (black) and maximum (red) pointers. Viewing additional details for the Top Product Memory Utilization monitor 1.
Page 258
Dashboard customization Top Product Response Time monitor The Top Product Response Time monitor (Figure 72) displays the top product response time in a table. FIGURE 72 Top Product Response Time monitor The Top Product Response Time monitor includes the following data: •...
Page 259
Dashboard customization • Product — The product affected by this monitor. Click to launch the Product page for this device (refer to “Product summary view” on page 216). When you launch the Product page, the detailed view closes. • Min — The minimum value of the measure in the specified time range. •...
Page 260
Dashboard customization • Temperature — The top temperatures. Pause on a rown to display the minimum, current, and maximum vaules for the selected row. This field also displays minimum (black) and maximum (red) pointers. • Fabric — The fabric to which the device belongs. Viewing additional details for the Top Product Temperature monitor 1.
Page 261
Dashboard customization Top Products with Unused Ports monitor The Top Products with Unused Ports monitor (Figure 68) displays the top products with ports not in use in a table. FIGURE 76 Top Product CPU Utilization monitor The Top Products with Unused Ports monitor includes the following data: •...
Inventory • Product Type — The type of product (for example, switch). • State — The product state (for example, Offline). • Status — The product status (for example, Reachable). • Tag — The product tag. • Serial # — The serial number of the product. •...
Inventory Inventory expand navigation bar The Inventory expand navigation bar (Figure 55) is located on the left side of the page and provides a list of discovered fabric and products. FIGURE 78 Expand navigation bar The expand navigation bar contains a list of discovered fabrics and products. Click a fabric to display the Fabric Page in the center pane (“Fabric summary view”...
Page 264
Inventory • Fabric Page — Displays the name of the selected fabric. • Refreshed time — Displays the time of the last application update. • Show/Hide pane arrow — Click to show or hide the Properties pane. FIGURE 81 Switch Details table The Switch Details table displays the following details for switches in the fabric: •...
Page 265
Inventory • Connected Switch — Displays the name of the switch connected to the port. • Symbolic Name — Displays the symbolic name (nickname) for the HBA port. • Port Type — Displays the port type; for example, N_Port. • Host Name —...
Page 266
Inventory The Events table displays the following details for events triggered in the fabric: • Collapse/Expand button — Click to collapse or expand the view. • All — Displays the total number of events triggered. • Emergency icon — Displays the total number of Emergency events triggered. Click to only display Emergency events in the table.
Inventory Viewing fabric properties To view fabric properties, complete the following steps. 1. Click the Inventory icon. 2. Select a fabric in the Product List pane. The fabric summary displays with two panes: Fabric Page and Properties. The fabric properties displays on the right side of the page. FIGURE 85 Fabric Properties pane The fabric properties pane contains the following fields:...
Inventory Product summary view The Product summary displays the Product List, summary, and properties panes for the selected product. Viewing the product summary To view product properties, complete the following steps. 1. Click the Inventory icon. 2. Select a product in the Product List pane. The product summary displays with two panes: Product Page and Properties.
Page 269
Inventory FIGURE 88 Product Performance area The Product Performance area displays the following information for the selected product: • Collapse/Expand button — Click to collapse or expand the view. • Avg. CPU Utilization — Displays the average percentage of CPU utilization in graphical format.
Page 270
Inventory • Show/Hide Legend button — Click to show or hide the performance graph legend. • Close Performance button — Click to close the performance graph or table. • Update button — Select or clear the ports in the table and click to update the graph or table.
Page 271
Inventory • Table button — Click to show the performance data in a table. The table includes the flow measures you selected and the time the flow measure was collected. • Unnamed check box — Select the check box for each flow you want to include in the graph. Select the check box in the table header to select all flows in the table.
Page 272
Inventory • Time — Displays the time on the server when the violation was reported. • Rule Condition — Displays the conditions defined in the MAPS policy that was triggered. • Product — Displays the name of the product. • Object Name —...
Page 273
Inventory • Severity — Displays the severity icon for the event. When the same event (Warning or Error) occurs repeatedly, the Management application automatically eliminates the additional occurrences. • Time — Displays the time and date the event last occurred on the server. •...
Page 274
Inventory FIGURE 92 Settings dialog box 5. Select one or more of the following measures you want to include in the graph from the Measures list: • • Alignment Errors Port Utilization Percentage • • Bad Packets Received Receive EOF •...
Page 275
Inventory • 3 Days — Displays data for 3 days. • 1 Week — Displays data for 1 week. • 1 Month — Displays data for 30 days. Click Apply. The port performance graph displays in the Port Details area. 8.
Page 276
Inventory Click Apply. The Flows performance graph displays in the Flows area. 8. Add flows to the graph by selecting the check box for each flow you want to include in the graph. Select the check box in the table header to select all flows in the table. Remove flows from the graph by clearing the check box.
Inventory • Name — Displays the name of the product. • Fabric — Displays the fabric name in which the product is located. • IP Address — Displays the IP address of the product. • WWN — Displays the WWN of the product. •...
Page 278
Inventory FIGURE 94 Port summary 4. Review the port summary data. The Ports Details area displays the following data for the selected product: • Collapse/Expand button — Click to collapse or expand the view. • Performance graph/table — Displays the performance data when configured. To configure a graph or table, refer to “Configuring a port measure performance graph”...
Page 279
Inventory • Performance graph/table — Displays the performance data when configured. • Show/Hide Legend button — Click to show or hide the performance graph legend. • Close Performance button — Click to close the performance graph or table. • Update button — Select or clear a flow and click to update the graph or table. •...
Page 280
Inventory FIGURE 95 Violations table The Violations table displays the Monitoring and Alerting Suite (MAPS) violations for the product over the selected time duration. • show arrow — Click to display the following additional detail for the associated violation: Time — Displays the time on the server when the violation was reported. Product —...
Inventory Fabric Name — Displays the Fabric name to which the object belongs. Category — Displays the MAPS category (such as Port, Switch Status, Fabric, FRU, Security, Resource, FCIP, and Traffic/Flows). Rule Name — Displays the name of the rule. A rule associates a condition with actions that need to be triggered when the specified condition is evaluated to be true.
Page 282
Inventory FIGURE 96 Port Properties pane 4. Review the port properties data. The port Properties pane displays on the right side of the page. For FC and GigE port properties, the Highlights area displays the following data for the selected port.
Events • Port Type — Displays the type of port, for example, U_port. • Port WWN — Displays the port’s world wide name. • Protocol — Displays the network protocol, for example, Fibre Channel. • Long Distance Settings — Displays whether the connection is considered to be normal or longer distance.
Events • All — Displays the total number of events triggered. • Emergency icon — Displays the total number of Emergency events triggered. Click to only display Emergency events in the table. • Alert icon — Displays the total number of Alert events triggered. Click to only display Alert events in the table.
Reports Icon Description Previous page — Click to return to the previous page in the report. Unavailable when you are on the first page of the report. Next page — Click to move to the next page in the report. Unavailable when you are on the last page of the report.
Reports Reports expand navigation bar The Reports expand navigation bar (Figure 55) is located on the left side of the page and provides a list of reports. When you select a report group or report in the Reports expand navigation bar, the the Reports, Schedules, and Templates tabs refresh to include the selected subset of reports.
Reports Icon Description Next page — Click to move to the next page. Unavailable when you are on the last page. Last page — Click to move to the last page. Unavailable when you are on the last page. Generating a report You can generate a report from the Generated Reports tab in the Reports page.
Reports FIGURE 101 Select Switch dialog box 3. Double-click the fabric or switch in the Available list to move it to the Selected list. You can only select one fabric or switch on which you want to run a report. Remove the fabric or switch from the Selected list by double-clicking the fabric or switch.
Page 289
Reports Viewing generated reports 1. Click the Reports icon. 2. Click the Generated Reports tab. A list of generated reports display in the right pane. The Reports tab contains the following information in table format: • Name — The name of the generated report. The generated report name uses the following format: <template_name>_<generated_by_user>_<date_and_time>.
Reports Deleting reports, schedules, or templates You can delete generated reports, schedules, and report templates from the respective tab. You can only delete items that you create or generate. You cannot delete default templates. 1. Select the appropriate tab. 2. Select one or more items that you want to remove from the list and click Delete. 3.
Page 291
Reports Configuring a new schedule You can schedule one or more reports to generate at a specific frequency. 1. Click the Reports icon. 2. Click the Schedules tab. A list of scheduled reports display. FIGURE 104 Schedules tab The Schedules tab contains the following information in table format: •...
Page 292
Reports FIGURE 105 Add Schedule dialog box - General tab 4. Enter a unique name for the schedule in the Name field. The name can be up to 128 characters. 5. Select the report templates that you want to include in the schedule from the Available Templates list.
Page 293
Reports FIGURE 106 Add Schedule dialog box - Schedule Settings tab 10. Select the frequency (Hourly, Daily (default), Weekly, Monthly, and Yearly) from the Frequency list. Depending on the frequency you select, different date and time fields display. 11. Enter the time (hour and minutes) that you want to generate the report in the Time field. 12.
Page 294
Reports FIGURE 107 Select Fabric dialog box 3. Double-click the fabric that you want to include in the report. 4. Click Ok on the Select Fabric dialog box. Selecting switches The Switch Report requires that you select a switch from a list of discovered switches. 1.
Page 295
Reports 3. Double-click the switch that you want to include in the report. 4. Click Ok on the Select Switch dialog box. Viewing reports from a schedule 1. Click the Reports icon. 2. Click the Schedule tab. 3. Click the date and time of the reports in the Last Used column. The Last Run Reports for Schedule dialog box displays.
Page 296
Reports Editing a schedule You can edit existing schedules or create a new schedule from an existing schedule. 1. Click the Reports icon. 2. Click the Schedules tab. A list of scheduled reports display. 3. Select the schedule you want to edit and click Edit. The Edit Schedule dialog box displays with the current configuration of the selected schedule.
Reports Activating a schedule To activate a schedule, complete the following steps. 1. Click the Reports icon. 2. Click the Schedules tab. A list of scheduled reports display. 3. Select the schedule you want to activate and click Activate. Deactivating a schedule To deactivate a schedule, complete the following steps.
Page 298
Reports Viewing report templates You can import external report design (.rptdesign) files into the Management application. The report title must be unique. 1. Click the Reports icon. The Reports page displays with two panes: Templates list and Reports tabs. 2. Click All Templates in the Templates list. 3.
Page 299
Reports • “Zone Summary reports” on page 257 • “Host Adapter Inventory reports” on page 259 • “Host Adapter with Unsupported and Faulty SFP reports” on page 260 Exporting report templates You can only export a non-default report template that you previously imported. You can only export one report template at a time.
Reports Removing a report from the shared templates You can only stop sharing reports that you create. 1. Click the Reports icon. 2. Click the Templates tab. A list of existing report templates display. 3. Select one or more reports that you want to remove from the shared templates and click Un-Share.
Reports Fabric Summary report The Fabric Summary report provides a summary of the discovered fabrics, switches and Access Gateway (AG) devices associated with the fabric as well as ISL and trunk details. Table 20 describes the fields and components of the Fabric Summary Report. For general report content and table functions, refer to “Report content and functions”...
Page 302
Reports TABLE 20 Fabric Summary report fields and components (Continued) Field/Component Description State The state for the switch. For example, online or offline. Operational Status The operational status of the switch. For example, healthy, operational, degraded, marginal, down, failed, unknown, or unreachable. Previous Operational Status The previous operational status of the switch.
Page 303
Reports TABLE 20 Fabric Summary report fields and components (Continued) Field/Component Description Switch Name The name of the switch. Click to launch the Switch report. Switch WWN The world wide name of the virtual switch. Switch IP Address The IP address of the physical switch. Click to launch the Switch report. Port Name The port name.
Reports TABLE 20 Fabric Summary report fields and components (Continued) Field/Component Description Port Speed (Gbps) The switch port speed. Port Status The switch port status. Port Type The switch port type. Physical/Logical Port Whether the port is Physical or Logical. Zone Alias The zone alias to which the switch port belongs.
Reports Fabric Ports report The Fabric Ports Report provides a summary of the discovered ports including used and unused ports. Port data for each fabric is divided into three parts: Fabric-wide port details, Switch-wide port details, and individual port details. Table 21 describes the fields and components of the Fabric Ports report.
Page 306
Reports TABLE 21 Fabric Ports report fields and components (Continued) Field/Component Description Domain ID /Port # The domain ID of the switch. Device Name The name of the connected device. Device Vendor The vendor of the connected device. Role The role of the connected device. Connected Device/Switch The world wide name of the connected device.
Page 307
Reports TABLE 21 Fabric Ports report fields and components (Continued) Field/Component Description Port Status The status of the port to which the AG is connected. Port State The state of the port to which the AG is connected. Port Type The type of port the AG is connected to.
Page 308
Reports TABLE 22 Switch Report fields and components (Continued) Field/Component Description IP Address The IP address (IPv4 or IPv6 format) of the switch port. Switch Name The name of the switch. Domain ID/Port # The domain ID for the switch and port number. Connected Device details The information about the device connected to this port.
Page 309
Reports TABLE 22 Switch Report fields and components (Continued) Field/Component Description Port Speed(Gbps) The port speed for the F_port. Port Status The switch port status. Port State The switch port state. Port Type The AG port type. Physical/Logical Port Whether the AG port is Physical or Logical. Device Name The name of the connected device.
Reports TABLE 23 Zoning Summary report fields and components (Continued) Field/Component Description Active Status Whether the zone is active or not. Zone Alias Details area Alias Name The name of the zone alias. Member Count The number of members in the zone alias. Logged-In Count The number of members logged into the zone alias.
Page 311
Reports Host Adapter Inventory reports The Host Adapter Inventory Report provides a information about the selected Host. For general report content and table functions, refer to “Report content and functions” on page 261. Table 22 describes the fields and components of the Host Adapter Inventory Report. TABLE 24 Host Adapter Inventory Report fields and components Field/Component...
Page 312
Reports TABLE 24 Host Adapter Inventory Report fields and components (Continued) Field/Component Description Switch IP Address The IP address for the connected switch. Fabric Assigned Address The state (enabled or disabled) of the fabric-assigned address for the adapter. WWN Source The source of the world wide name.
Page 313
Reports TABLE 25 Adapters Faulty SFP report fields and components (Continued) Field/Component Description Length Cu The length of the copper cable (for distances greater than 1 meter, where optimum performance is required). Vendor Name The vendor of the extended link. Vendor OUI The vendor’s organizational unique identifier (OUI).
Page 314
Reports Icon Description First page — Click to return to the first page in the report. Unavailable when you are on the first page of the report. Previous page — Click to return to the previous page in the report. Unavailable when you are on the first page of the report.
Chapter Dashboard Management In this chapter • Dashboard overview ......... . . 263 •...
Page 316
Dashboard overview FIGURE 110 Dashboard tab 1. Menu bar — Lists commands you can perform on the dashboard. For a list of Dashboard tab menu commands, refer to “Dashboard main menus” on page 1411. The dashboard also provides a shortcut menu to reset the dashboard back to the defaults. Reset the dashboard back to the default settings by right-clicking in the white space and selected Reset to Default.
Dashboard overview 8. Status bar — Displays the connection, port, product, fabric, special event, Call Home, and backup status, as well as Server and User data. For more information about the status bar, refer to “Status bar” on page 362. Dashboard toolbar The toolbar (Figure...
Dashboard overview Dashboard messages The dashboard message bar (Figure 112) only displays when Scope (Network Scope and Time Scope) has changed in other clients. You can also view all dashboard messages and clear them. FIGURE 112 Dashboard message bar The toolbar contains the following fields and components: 1.
Dashboard overview 6. Options button — Use to share, unshare, export, and import a user-defined dashboard. For more information, refer to “Sharing a user-defined dashboard definition” on page 270, “Unsharing a user-defined dashboard definition” on page 270, “Exporting a user-defined dashboard definition”...
Dashboard overview Accessing a dashboard From the Dashboards expand navigation bar, double-click the dashboard you want to view. Options include: • IP Port Health — Displays preconfigured IP performance monitors. You can display additional status widgets and performance monitors in this dashboard. •...
Dashboard overview Press Enter. The filter results display in the Dashboards expand navigation bar. To stop the filter, click the stop filter (X) icon in the Filter text box. Creating a user-defined dashboard You can create a dashboard and customize it with the status widgets and performance monitors you need to monitor your network.
Dashboard overview Sharing a user-defined dashboard definition You can share the user-defined dashboard with other users. The changes made in the shared dashboard will reflect to all the shared users. When the owner deletes a shared dashboard, it is unshared from all the shared users and removed from the Shared Dashboard list. 1.
Dashboard overview 4. Click OK. The user-defined dashboard definition details are saved in a .zip file in a location that you specify. NOTE You cannot export an empty dashboard and published widgets. Importing a user-defined dashboard definition You can import a user-defined dashboard definition from the file system to the Management application.
Page 324
Dashboard overview • Title — The name of the status widget. For more information, refer to “Status widgets” page 281. • Description — A general description of the status widget. 4. Click the Performance tab (Figure 114). The preconfigured performance monitors display. You can create up to 100 performance monitors;...
Dashboard overview Exporting the dashboard display You can export the current dashboard display (all widgets and monitors) or a selected widget or monitor in a .png format. 1. Select one of the following options from the Export list: • Dashboard — Exports the current dashboard. •...
Dashboard overview Customizing the dashboard scope You can customize the dashboard display by setting the network scope and time scope in the Scope list (Figure 115). FIGURE 115 Scope list Setting the network scope You can configure the dashboard to display all objects in your area of responsibility (AOR) or a subset of objects (fabrics, devices, or groups) using the network scope selection.
Dashboard overview • Any system-defined group • Any user-defined group (IP product and port group) • Any user-defined customized network If you select a fabric scope, dashboard widgets display data for all products and ports in the fabric. If you select a product scope, dashboard widgets display data for the selected products and the ports that belong to the selected products.
Dashboard overview FIGURE 116 Edit Scopes dialog box 4. Click Add. A new network scope displays in the Network Scopes list. 5. Enter a name for the scope in the Name field. 6. Select one of the following options: • Fabrics —...
Dashboard overview 5. To add objects, select one or more the objects you want to include in the network from the Available Targets list and click the right arrow button. The objects display in the Selected Targets list. 6. To remove an object from the Selected Targets list, select it and click the left arrow button. Click OK to save your changes and close the Edit Scopes dialog box.
Page 330
Dashboard overview • Historical — Displays data for a specific date and time based on the selected network scope and duration. The Historical option displays a calender with a 30-day timeline. The end date in the calendar is the current date and the calendar will show the last 30 days from the current date.
Dashboard overview Dashboard playback You can use dashboard control buttons (Pause, Rewind, and Forward) to view the available data of the dashboard and widgets in playback mode. Auto-refresh of data will not occur in playback mode. • Pause button — Use the Pause button to pause function in playback mode. •...
Default dashboards Default dashboards The Management application provides preconfigured dashboards which provide high-level overview of the network, the current states of managed devices, and performance of devices, ports, and traffic on the network. Product Status and Traffic dashboard The Product Status and Traffic dashboard provides the following preconfigured status widgets and performance monitors: •...
Status widgets Status widgets The Management application provides the following preconfigured status widgets: • Bottlenecked Ports widget — Table view of bottlenecked ports and number of violations for each bottlenecked port in the SAN. There are four versions of this monitor based on the type of port: All ports, initiator ports, ISL ports, and Target ports.
Page 334
Status widgets • Port — The port identifier, such as port name, number, address, WWN, user port number, or zone alias. • Connected_Port_Link (where Connected_Port_Link is Connected Port, Initiator, or Target) — Displays one of the following: Connected Port — The ISL or IFL port on the connected device. Click to launch the switch port properties dialog box.
Page 335
Status widgets Bottleneck Graph dialog box The Bottleneck Graph dialog box (Figure 119) displays the statistics for the selected ports based on the time period. FIGURE 119 Bottleneck Graph dialog box The Bottleneck Graph dialog box displays event information for a specific duration by selecting one of the following from the time period: •...
Status widgets Events widget The Events widget (Figure 120) displays the number of events by severity level for a specified network scope, specified time scope, and duration as a stacked bar graph. FIGURE 120 Events widget The Events widget includes the following data: •...
Status widgets The x-axis represents the number of occurrences of a particular event severity during the selected time period. If you pause on a bar, a tooltip shows the number of events with that severity level during the selected time period. Also, for each severity, the cumulative number of traps, application events, and security events is reported next to the horizontal bar.
Page 338
Status widgets • Severity icon/Host product count/widget title — The color of the worst severity and the Host product count with that severity displays before the widget title. • Group By list — Use to customize this widget to display a specific grouping. Options include: Model (default), Location, Driver, BIOS, and OS Type.
Status widgets SAN Inventory widget The SAN Inventory widget (Figure 122) displays the SAN products inventory as stacked bar graphs. FIGURE 122 SAN Inventory widget The SAN Inventory widget includes the following data: • Severity icon/product count/widget title — The color of the worst severity followed by the number of products with that severity displays before the widget title.
Page 340
Status widgets Customizing the SAN Inventory widget You can customize the SAN Inventory widget to display the product inventory for a specific group. The group type and number of devices in the group displays to the left of the associated bar; for example, v7.0.0 [3], where v7.0.0 is the firmware number and [3] is the number of devices running that firmware level.
Status widgets SAN Status widget The SAN Status widget (Figure 123) displays the device status as a pie chart. FIGURE 123 SAN Status widget The SAN Status widget includes the following data: • Severity icon/product count/widget title — The color of the worst status followed by the number of products with that status displays before the widget title.
Status widgets Viewing additional SAN product data 1. Double-click a section in the SAN Status widget. The SAN Products - Status dialog box (where Status is the section of the widget you selected) displays with the following fields and components: •...
Status widgets • Fibre Channel Fabrics — The number of managed fabrics. • SAN Switches — The number of managed SAN switches. • SAN Physical Switches — The number of discovered physical SAN switches. • Hosts — The number of managed hosts. •...
Monitoring and Alerting Policy Suite widgets Monitoring and Alerting Policy Suite widgets NOTE MAPS is only supported on a licensed version of the Management application with SAN management. NOTE MAPS is only supported on FC devices running Fabric OS 7.2.0 or later with the Fabric Vision license. NOTE MAPS is not supported on DCB devices.
Monitoring and Alerting Policy Suite widgets Out of Range Violations widget The Out of Range Violations widget (Figure 125) displays the number of violations for each MAPS category, Fabric Watch category, and the number of network objects (such as ports, trunks, switches, and circuits) for SAN devices with the MAPS violation and Fabric Watch violation based on the selected fabric and a specified time range.
Page 346
Monitoring and Alerting Policy Suite widgets • Network Object Count — The number and network object type (such as switch, virtual machine, port, trunk, and so on) with a MAPS and Fabric Watch violation for each category. Always displays whether or not there is a violation. NOTE For FCIP Health, the Network Object Count is based on the number of VE_port and circuit combinations with a MAPS violation.
Monitoring and Alerting Policy Suite widgets Port Health Violations widget The Port Health Violations widget (Figure 126) displays the number of violations for each product based on the selected fabric and a specified time range. There are four port health violation widgets: All, ISL, Initiator, and Target.
Page 348
Monitoring and Alerting Policy Suite widgets • Protocol Errors — The number of times a protocol error occurs on a port. • Link Reset — The ports on which the number of link resets exceed the specified threshold value. • C3TXTO —...
Performance monitors Performance monitors The performance monitors provide a high-level overview of the performance on the network. This allows you to easily check the performance of devices, ports, and traffic on the network. The performance monitors also provide several features to help you quickly access performance metrics and reports.
Performance monitors TABLE 27 Preconfigure performance monitors Monitor title Description Data collectors Top Port Sync Losses Table view of the top port synchronization losses. There All SAN FC port collector are four versions of this monitor based on the type of port: All ports, initiator ports, ISL ports, and Target ports.
Performance monitors Top Port Alignment Errors monitor The Top Port Alignment Errors performance monitor displays the top ports with alignment errors in a table. The Top Port Alignment Errors performance monitor includes the following data: • Threshold icon/object count/monitor title — The color associated with the threshold and number of objects within that threshold displays next to the monitor title.
Performance monitors Top Port C3 Discards monitor The Top Port C3 Discards monitor (Figure 127) displays the top ports with Class 3 frames discarded in a table. There are four port widgets: All, ISL, Initiator, and Target. FIGURE 127 Top Port C3 Discards monitor The Top Port C3 Discards monitor includes the following data: •...
Performance monitors • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor” on page 323.
Page 354
Performance monitors • C3 Discards RX TO/sec — The number (error rate) of Class 3 frames received at this port and discarded at the transmission port due to timeout errors per second for the duration specified in the monitor. • C3 Discards RX TO —...
Performance monitors Top Port CRC Errors monitor The Top Port CRC Errors monitor (Figure 129) displays the top ports with frames that contain cyclic redundancy check (CRC) errors in a table. FIGURE 129 Top Port CRC Errors monitor The Top Port CRC Errors monitor includes the following data: •...
Performance monitors • Port Number — The port number. • State — The port state (for example, Enabled). • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...
Page 357
Performance monitors • Connected_Port_Link (where Connected_Port_Link is Connected Port, Initiator, or Target) — Displays one of the following: Connected Port — The ISL or IFL port on the connected device. Click to launch the switch port properties dialog box. Initiator — The initiator port on the connected device. Click to launch the device properties dialog box.
Performance monitors Top Port Link Failures monitor The Top Port Link Failures monitor (Figure 131) displays the top ports with link failures in a table. FIGURE 131 Top Port Link Failures monitor The Top Port Link Failures monitor includes the following data: •...
Performance monitors To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor” on page 323. Accessing additional data from the Top Port Link Failures monitor •...
Performance monitors • TX Link Resets/sec — The number (error rate) of transmit link reset errors for the duration specified in the monitor. • TX Link Resets — The number (error count) of transmit link reset errors. • Product — The product affected by this monitor. •...
Performance monitors • Connected_Port_Link (where Connected_Port_Link is Connected Port, Initiator, or Target) — Displays one of the following: Connected Port — The ISL or IFL port on the connected device. Click to launch the switch port properties dialog box. Initiator — The initiator port on the connected device. Click to launch the device properties dialog box.
Performance monitors • Identifier — The port identifier. • Port Number — The port number. • State — The port state (for example, Enabled). • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To edit a port performance monitor, refer to “Editing a preconfigured performance monitor”...
Performance monitors Top Port Sync Losses monitor The Top Port Sync Losses monitor (Figure 134) displays the top ports with synchronization failures in a table. FIGURE 134 Top Port Sync Losses monitor The Top Port Sync Losses monitor includes the following data: •...
Performance monitors • Status — The port status (for example, In_Sync, No_Sync). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...
Performance monitors Top Port Traffic monitor The Top Port Traffic monitor (Figure 135) displays the top ports with receive and transmit traffic in a table. FIGURE 135 Top Port Traffic monitor The Top Port Traffic monitor includes the following data: •...
Performance monitors • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...
Performance monitors Top Port Utilization Percentage monitor The Top Port Utilization monitor (Figure 136) displays the top port utilization percentages in a table. FIGURE 136 Top Port Utilization monitor The Top Port Utilization monitor includes the following data: • Severity icon/monitor title — The worst severity of the data shown next to the monitor title. •...
Performance monitors Accessing additional data from the Top Port Utilization monitor • Right-click a row in the monitor to access the shortcut menu available for the associated device. For more information about shortcut menus, refer to “Application menus” page 1411. •...
Performance monitors • State — The port state (for example, Enabled). • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...
Performance monitors • Tag — The product tag. • Serial # — The serial number of the product. • Model — The product model. • Port Count — The number of ports on the product. • Firmware — The firmware level running on the product. •...
Performance monitors • Max — The maximum value of the measure in the specified time range. • Fabric — The fabric to which the device belongs. • Product Type — The type of product (for example, switch). • State — The product state (for example, Offline). •...
Page 372
Performance monitors The Top Product Response Time monitor includes the following data: • Severity icon/response time/monitor title — The worst severity of the data and the response time displays next to the monitor title. • Product — The product affected by this monitor. •...
Performance monitors Top Product Temperature monitor The Top Product Temperature monitor (Figure 141) displays the top product temperature in a table. FIGURE 141 Top Product Temperature monitor The Top Product Temperature monitor includes the following data: • Severity icon/temperature/monitor title — The worst severity of the data and the temperature displays next to the monitor title.
Performance monitors Accessing additional data from the Top Product Temperature monitor • Right-click a row in the monitor to access the shortcut menu available for the associated device. For more information about shortcut menus, refer to “Application menus” page 1411. •...
Performance monitors • Location — The location of the product. • Contact — A contact name for the product. • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...
User-defined performance monitors • To specify a color based on hue, saturation, and lightness, click the HSL tab. Specify the hue (0 through 360 degrees), saturation (0 through 100%), lightness (0 through 100%), and transparency (0 through 100%). • To specify a color based on values of red, green, and blue, click the RGB tab. Specify the values for red (0 through 255), green (0 through 255), blue (0 through 255), and alpha (0 through 255).
Page 377
User-defined performance monitors Ping Packet Loss Percentage — The ping packet loss percentage for the product. AP Client Count — The number of AP clients for the product. • Port Common Port Utilization Percentage — The memory utilization percentage. Traffic —...
Page 378
User-defined performance monitors Slow Start Status — The number of slow starts. Current Compression Ratio — The current compression ratio for the FCIP tunnel. Errors — The number of errors. Discards — The number of discarded frames. ...
User-defined performance monitors Receive Word Count (bytes) — The received word count in bytes as reported in the last data point received for the flow. Transmit Throughput (Mbps) — The transmit throughput in megabytes per second as reported by the last data point. Receive Throughput (Mbps) —...
User-defined performance monitors • Max — The maximum value of the measure in the specified time range. • Fabric — The fabric to which the device belongs. • Product Type — The type of product (for example, switch). • State — The product state (for example, Offline). •...
Page 381
User-defined performance monitors The top or bottom port performance monitor includes the following data: • Threshold icon/object count/monitor title — The color associated with the threshold and number of objects within that threshold displays next to the monitor title. • Severity icon/monitor title —...
User-defined performance monitors Distribution performance monitors The distribution performance monitor (Figure 145) displays the distribution (number) of products or ports for each of the five percentage ranges defined for the selected measure in a bar graph. FIGURE 145 Distribution performance monitor example The distribution performance monitor includes the following data: •...
Page 383
User-defined performance monitors TABLE 29 Port measures types Common FCIP • • Port Utilization Percentage Cumulative Compression Ratio • • Traffic Latency • • CRC Errors Dropped Packets • Link Retransmits • • Link Resets Timeout Retransmits • • Signal Losses Fast Retransmits •...
User-defined performance monitors Time series performance monitors The time series performance monitors (Figure 146) display the selected measures in a chart. FIGURE 146 Time series performance monitor example The time series performance monitor includes the following data: • Monitor title — The user-defined monitor title. •...
User-defined performance monitors Configuring a user-defined product performance monitor For creating a user-defined dashboard, refer to “Creating a user-defined dashboard” on page 269 and perform the following steps to configure a user-defined product performance monitor. 1. Click the Customize Dashboard icon. The Customize Dashboard dialog box displays.
Page 386
User-defined performance monitors 9. (Top N, Bottom N, and Distribution monitors only) Configure threshold numbers and associated colors by completing the following steps. Depending on the monitor type you select, you can define up to four threshold numbers in increasing or decreasing order and up to five associated threshold colors. (Top N and Bottom N monitors only) The decreasing order defaults are as follows: 90 and above displays red, 75 and above displays orange, 60 and above displays yellow, and all others display blue.
User-defined performance monitors Accessing additional data from user-defined product performance monitors • In a Distribution monitor, double-click a percentage range to navigate to the Measure_Type Distribution Data Details dialog box. For more information, refer to “Viewing product distribution data details” on page 339 or “Viewing port distribution data details”...
User-defined performance monitors 15. Click OK on the Customize Dashboard dialog box. The performance monitors display at the bottom of the dashboard. Configuring a user-defined port performance monitor For creating a user-defined dashboard, refer to “Creating a user-defined dashboard” on page 269 and perform the following steps to configure a user-defined port performance monitor.
Page 389
User-defined performance monitors Common FCIP • • Port Utilization Percentage Cumulative Compression Ratio • • Traffic Latency • • CRC Errors Dropped Packets • Link Retransmits • • Link Resets Timeout Retransmits • • Signal Losses Fast Retransmits • • Sync Losses Duplicate Ack Received •...
Page 390
User-defined performance monitors (Distribution monitors only) The increasing order defaults are as follows: 0 through 20 displays green, 21 through 40 displays blue, 41 through 60 displays yellow, 61 through 80 displays orange, and 81 through 100 displays red. a. (Top N and Bottom N monitors only) Select the check box. b.
User-defined performance monitors Viewing product distribution data details Each bar on the product distribution graph maps directly to one of the five percentage ranges defined for the distribution performance monitor (refer to “Distribution performance monitors” page 330). 1. Double-click a bar in the graph. The Monitor_Title Data Details dialog box displays.
User-defined performance monitors Viewing port distribution data details Each bar on the port distribution graph maps directly to one of the five percentage ranges defined for the distribution monitor (refer to “Distribution performance monitors” on page 330). 1. Double-click a bar in the graph. The Monitor_Title Data Details dialog box displays.
Page 393
User-defined performance monitors FCIP Cumulative Compression Ratio — The cumulative compression ratio for the FCIP tunnel. Latency — The latency for the FCIP tunnel. Dropped Packets — The number of dropped packets. Link Retransmits — The number of retransmitted links. Timeout Retransmits —...
Traffic flow dashboard monitors Traffic flow dashboard monitors NOTE Traffic flow monitors are only supported on devices running Fabric OS 7.2 and later with the Fabric Vision license. You can use the dashboard to monitor traffic flows. To monitor a flow, you must first create and activate the flow in Flow Vision (refer to //link to flow vision//.
Page 395
Traffic flow dashboard monitors • Frame Transmit Frame Count (frames) — The transmit frame count as reported in the last data point received for the flow. Receive Frame Count (frames) — The received frame count as reported in the last data point received for the flow.
Traffic flow dashboard monitors Traffic flow performance graph monitor The traffic flow performance monitors display (Figure 147) the selected measures in a chart. FIGURE 147 Traffic flow performance graph monitor example The traffic flows performance monitor includes the following data: •...
Traffic flow dashboard monitors Top or bottom traffic flow performance monitor The top or bottom traffic flow performance monitors (Figure 148) top or bottom number of flows for the selected measure in a table. FIGURE 148 Top traffic flow monitor example The top or bottom flow performance monitor includes the following data: •...
Traffic flow dashboard monitors Accessing additional data from traffic flow performance monitors • Right-click a row in the table to access the shortcut menu and select one of the following options: Show Graph/Table — Launches the Flow Graphing dialog box with the selected measures (sub-flows) to be plotted.
Traffic flow dashboard monitors Configuring a traffic flows monitor from a performance graph 1. Configure the performance graph. To configure a traffic flows performance graph, refer to //link to flow vision//. 2. Click Save As Widget to create a monitor of the graph data for the dashboard. The Historical Chart Monitor - Date_Time dialog box displays (where Date_Time is the date and time the monitor was created).
Page 400
Traffic flow dashboard monitors 5. Select the traffic measure for the monitor in the Measure area: For Time Series monitors, you can select more than one measure. SCSI Frame • • Read Frame Count (frames) Transmit Frame Count (frames) • •...
Traffic flow dashboard monitors • To specify a color based on values of red, green, and blue, click the RGB tab. Specify the values for red (0 through 255), green (0 through 255), blue (0 through 255), and alpha (0 through 255). •...
Page 402
Traffic flow dashboard monitors • LUN — The LUN values defined in the flow. • Bi-direction — Whether or not the flow is bi-directional. Valid values are Yes or No. 8. Select the flow targets from the Available Flow list and click the right arrow button to move the targets to the Selected Flow list.
Page 403
Chapter View Management In this chapter • SAN tab overview..........352 •...
SAN tab overview SAN tab overview The SAN tab (Figure 150) displays the Product List, Topology Map, Master Log, Utilization Legend, and Minimap. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading.
SAN tab overview 6. Port Display buttons — Provides buttons that enable quick access to configuring how ports display. Not enabled until you discover a fabric or host. For more information, refer to “Port Display buttons” on page 355. Connectivity Map toolbar — Provides tools for viewing the Connectivity Map as well as exporting the Connectivity Map as an image.
SAN tab overview 9. Flow Vision — Displays the Flow Vision dialog box. Use to configure Flow Vision. 10. MAPS — Displays the MAPS dialog box. Use to configure MAPS. 11. Domain ID/Port # — Use to set the domain ID or port number to display as decimal or hex in the Product List.
SAN tab overview Port Display buttons The Port Display buttons are located at the top right of the Product List and enable you to configure how ports display. You have the option of viewing connected (or occupied) product ports, unoccupied product ports, or attached ports. Not enabled until you discover a fabric or host. NOTE Occupied/connected ports are those that originate from a device, such as a switch.
SAN tab overview Product List The Product List, located on the SAN tab, displays an inventory of all discovered devices and ports. The Product List is a quick way to look up product and port information, including serial numbers and IP addresses. To display the Product List, select View >...
SAN tab overview • Protocol — Displays the protocol for the port. • Serial # — Displays the serial number of the product. • Speed Configured (Gbps) — Displays the actual speed of the port in Gigabits per second. • State —...
SAN tab overview FIGURE 154 Connectivity Map The Management application displays all discovered fabrics in the Connectivity Map by default. To display a discovered Host in the Connectivity Map, you must select the Host in the Product List. You can only view one Host and physical and logical connections at a time. Connectivity Map functions •...
Master Log FIGURE 155 Utilization Legend The colors and their meanings are outlined in the following table. TABLE 30 Line Color Utilization Defaults Red line 80% to 100% utilization Yellow line 40% to 80% utilization Blue line 1% to 40% utilization Gray line 0% to 1% utilization Black line...
Page 412
Master Log • Acknowledged — Whether the event is acknowledged or not. Select the check box to acknowledge the event. • Source Name — The product on which the event occurred. • Source Address — The IP address (IPv4 or IPv6 format) of the product on which the event occurred.
Minimap Minimap The Minimap, which displays in the lower right corner of the main window, is useful for getting a bird’s-eye view of the topology, or to quickly jump to a specific place on the topology. To jump to a specific location on the topology, click that area on the Minimap.
Status bar Status bar The status bar displays at the bottom of the main window. The status bar provides a variety of information about the SAN and the application. The icons on the status bar change to reflect different information, such as the current status of products, fabrics, and backup. FIGURE 157 Status Bar The icons on your status bar will vary based on the licensed features on your system.
Icon legend 8. Policy Monitor Status — Displays whether or not a policy monitor has failed or partially failed. Click to launch the Policy Monitor dialog box. For more information about policy monitors, refer “Viewing configuration policy manager status” on page 1238. 9.
Icon legend TABLE 31 Icon Description Icon Description VC module Multi-fabric VC module iSCSI Target iSCSI Initiator Host product icons The following table lists the manageable Host product icons that display on the topology. Fabric OS manageable devices display with blue icons. Unmanageable devices display with gray icons. Some of the icons shown only display when certain features are licensed.
Icon legend SAN group icons The following table lists the manageable SAN product group icons that display on the topology. TABLE 33 Icon Description Icon Description Switch Group Host Group Storage Group Unknown Fabric Group Unmanaged Fabric Group Chassis Group Host group icons The following table lists the manageable Host product group icons that display on the topology.
Icon legend SAN port icons The following table lists the SAN port icons that display in the Product List. TABLE 35 Icon Description Occupied FC Port Unoccupied FC Port Attached FC Port Trunk (port group) IP and 10 GE Port Attached IP and 10 GE Port Attached-to-Cloud 10 GE Port Virtual Port...
Icon legend TABLE 36 Icon Status Unknown/Link Down Unreachable Event icons The following table lists the event icons that display on the topology and Master Log. For more information about events, refer to “Fault Management” on page 1255. TABLE 37 Event Icon Description Emergency...
Customizing the main window Customizing the main window You can customize the main window to display only the data you need by displaying different levels of detail on the Connectivity Map (topology) or Product List. Zooming in and out of the Connectivity Map You can zoom in or out of the Connectivity Map to see products and ports.
Customizing the main window Showing levels of detail on the Connectivity Map You can configure different levels of detail on the Connectivity Map, making device management easier. Viewing fabrics To view only fabrics, without seeing groups, products, or ports, select View > Show> Fabrics Only. Viewing groups To view only groups and fabrics, without seeing products, or ports, select View >...
Page 422
Customizing the main window • Export information from the table • Search for information • Expand the table to view all information • Collapse the table Displaying columns To only display specific columns, complete the following steps. 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays.
Page 423
Customizing the main window Changing the order of columns To change the order in which columns display, choose from one of the following options. Rearrange columns in a table by dragging and dropping the column to a new location. 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays.
Page 424
Customizing the main window Exporting table information You can export the entire table or a specific row to a text file. 1. Choose from one of the following options: • Right-click anywhere in the table and select Table > Export Table. •...
Product List customization Product List customization NOTE Properties customization requires read and write permissions to the Properties - Add / Delete Columns privilege. You can customize the Product List by creating user-defined fabric, product, and port property labels. You can also edit or delete user-defined property labels, as needed. You can create up to three user-defined property labels from the Product List for each of the following object types: fabric, product, and port properties.
Search Editing a property label You can only edit labels that you create on the Product List. To edit a user-defined property label (column heading), complete the following steps. 1. Right-click the column heading on the Product List for the property you want to edit and select Edit Column.
Search The Search features contains a number of components. The following graphic illustrates the various areas, and descriptions of them are listed below. 1. Text field — Enter the text or unicode regular expression for which you want to search. 2.
Search Restricting a search by node When a device is assigned to a product group, it may be listed in the Product node, as well as Product Groups node. Therefore the search results include the device under both the Product node and the Product Group node.
SAN view management overview • Regular Expression — Enter a Unicode regular expression in the search text box. (For hints, refer to “Regular Expressions” on page 1495.) All products in the Product List that contain the search text display highlighted. This search is case insensitive. 3.
Page 430
SAN view management overview FIGURE 161 Create View dialog box - Fabrics tab 2. Enter a name (128-character maximum) in the Name field and a description (126-character maximum) in the Description field for the view. NOTE You cannot use the name “View” or “View All” in the Name field. NOTE You cannot use an existing name in the Name field.
SAN view management overview 6. In the Available Hosts table, select the hosts you want to include in the view and click the right arrow button to move your selections to the Selected Fabrics and Hosts table. The Available Hosts table displays the name, IP address, network address of the available hosts and the fabric in which the host is located.
SAN view management overview FIGURE 164 Edit View dialog box - Hosts tab 5. In the Available Hosts table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table. The Available Hosts table displays the name, IP address, network address of the available hosts and the fabric in which the host is located.
SAN view management overview Copying a view To copy a customized view, use the following procedure. 1. Use one of the following methods to open the Copy View dialog box: • Select View > Manage View > Copy View > View_Name. •...
SAN topology layout Click OK to save your changes and close the Copy View dialog box. NOTE When you open a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. 8.
SAN topology layout • Port Display. Select to configure how ports display. Occupied Product Ports. Select to display the ports of the devices in the fabrics (present in the Connectivity Map) that are connected to other devices. UnOccupied Product Ports. Select to display the ports of the devices (shown in the Connectivity Map) that are not connected to any other device.
SAN topology layout • Square. Select to display the device icons in a square configuration. Default for Host and Storage groups. • Vertical. Select to display the device icons vertically. • Horizontal. Select to display the device icons horizontally. • Most Connected at Center.
SAN topology layout FIGURE 167 Choose a background color dialog box 3. Select a color from the swatches tab and click OK. • To specify a color based on hue, saturation, and value, click the HSV tab. Specify the hue (0 to 359 degrees), saturation (0 to 100%), value (0 to 100%), and transparency (0 to 100%).
SAN topology layout Changing the product label To change the product label, complete the following steps. 1. Select a product in the Connectivity Map or Product List. 2. Select View > Product Label, and select one of the following options: •...
Grouping on the topology 2. Repeat step 1 to select more than one port display option. Grouping on the topology To simplify management, devices display in groups. Groups are shown with background shading and are labeled appropriately. You can expand and collapse groups to easily view a large topology. Collapsing groups To collapse a single group on the topology, choose one of the following options: •...
Grouping on the topology Configuring custom connections NOTE Active zones must be available on the fabric. To create a display of the connected end devices participating in a single zone or group of zones, complete the following steps. 1. Select a fabric on the topology and select View > Connected End Devices > Custom. The Connected End Devices - Custom display for Fabric dialog box displays with a list of devices participating in a single zone or a group of zones in the Zones in Fabric list.
Call Home overview overview Call Home NOTE Call Home is supported on Windows systems for all modem and e-mail Call Home centers and is supported on UNIX for the e-mail Call Home centers. Call Home notification allows you to configure the Management application server to automatically send an e-mail alert or dial in to a support center to report system problems on specified devices (Fabric OS switches, routers, and directors).
Viewing Call Home configurations Call Home allows you to perform the following tasks: • Assign devices to and remove devices from the Call Home centers. • Define filters from the list of events generated by Fabric OS devices. • Edit and remove filters available in the Call Home Event Filters table. •...
Page 444
Viewing Call Home configurations • Products List — Displays all discovered products. The list allows for multiple selections and manual sorting of columns. This list displays the following information: Product Icon — The status of the products’ manageability. Name — The name of the product. ...
Page 445
Viewing Call Home configurations • Call Home Centers list — The Call Home centers, products assigned to the Call Home centers, and event filters assigned to the Call Home centers and products. This list displays the following information: Centers — A tree with Call Home centers as the parent node, assigned products as ...
Showing a Call Home center Showing a Call Home center To show a Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Click Show/Hide Centers (beneath the Call Home Centers list). The Centers dialog box displays with a predefined list of Call Home centers (Figure 169).
Editing a Call Home center Editing a Call Home center To edit a Call Home center, select from the following procedures: • Editing the IBM Call Home center ....... . 395 •...
Editing a Call Home center 8. Enter how often you want to retry the heartbeat interval in the Retry Interval field. The default is 10 seconds. 9. Enter the maximum number of retries in the Maximum Retries field. The default is 3. 10.
Page 449
Editing a Call Home center FIGURE 171 Configure Call Home Center dialog box (Brocade, IBM, NetApp, or Oracle E-mail option) 4. Make sure the Call Home center type you selected displays in the Call Home Centers list. If the Call Home center type is incorrect, select the correct type from the list. 5.
Page 450
Editing a Call Home center 16. Enter an e-mail address in the E-mail Notification Settings - Send To Address field. For Brocade E-mail Call Home centers, enter callhomeemail@brocade.com. 17. Click Send Test to test the mail server. The selected Call Home center must be enabled to test the mail server. A faked event is generated and sent to the selected Call Home center.
Page 451
Editing a Call Home center Source — Details about the product. Includes the following data: Firmware Version Supplier Serial number Factory Serial number IP Address Model number Type Product Name Product WWN Ethernet IP ...
Editing a Call Home center Editing the EMC Call Home center To edit an EMC Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the EMC Call Home center you want to edit in the Call Home Centers list. 3.
Editing a Call Home center 13. Click OK. The Call Home dialog box displays with the Call Home center you edited highlighted in the Call Home Centers list. 14. Click OK to close the Call Home dialog box. Editing the HP LAN Call Home center To edit an HP LAN Call Home center, complete the following steps.
Enabling a Call Home center 8. Click Send Test to test the address. The selected Call Home center must be enabled to test the IP address. A faked event is generated and sent to the selected Call Home center. You must contact the Call Home center to verify that the event was received and in the correct format.
Testing the Call Home center connection Testing the Call Home center connection Once you add and enable a Call Home center, you should verify that Call Home is functional. To verify Call Home center functionality, complete the following steps. 1. Select Monitor > Event Notification > Call Home. 2.
Viewing Call Home status Viewing Call Home status You can view Call Home status from the main Management application window or from the Call Home Notification dialog box. The Management application enables you to view the Call Home status at a glance by providing a Call Home status icon on the status bar.
Assigning a device to the Call Home center Assigning a device to the Call Home center Discovered devices (switches, routers, and directors) are not assigned to a corresponding Call Home center automatically. You must manually assign each device to a Call Home center before you use Call Home.
Defining an event filter 3. Click the left arrow button. A confirmation message displays. 4. Click OK. All devices assigned to the selected Call Home center display in the Products List. Any assigned filters are also removed. 5. Click OK to close the Call Home dialog box. Defining an event filter To define an event filter, complete the following steps.
Assigning an event filter to a Call Home center Assigning an event filter to a Call Home center Event filters allow Call Home center users to log in to a Management server and assign specific event filters to the devices. This limits the number of unnecessary or “acknowledge” events and improves the performance and effectiveness of the Call Home center.
Overwriting an assigned event filter Overwriting an assigned event filter A device can only have one event filter at a time; therefore, when a new filter is applied to a device that already has a filter, you must confirm the new filter assignment. To overwrite an event filter, complete the following steps.
Removing an event filter from a device Removing an event filter from a device To remove an event filter from a device, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.
Page 462
Searching for an assigned event filter Brocade Network Advisor SAN User Manual 53-1003154-01...
Starting third-party tools from the application Starting third-party tools from the application You can open third-party tools from the Tools menu or a device’s shortcut menu. Remember that you cannot open a tool that is not installed on your computer. You must install the tool on your computer and add the tool to the Tools menu or the device’s shortcut menu.
Launching an Element Manager 2. Select Tools > Product Menu > Telnet. The Telnet session window displays. NOTE On Linux systems, you must use CTRL + BACKSPACE to delete text in the Telnet session window. Launching an Element Manager Element Managers are used to manage Fibre Channel switches and directors. You can open a device’s Element Manager directly from the application.
Launching Web Tools Launching Web Tools Use Web Tools to enable and manage Fabric OS access gateway, switches, and directors. You can open Web Tools directly from the application. For more information about Web Tools, refer to the Web Tools Administrator’s Guide. For more information about Fabric OS access gateway, switches, and directors, refer to the documentation for the specific device.
Launching Name Server • Fabric OS 1U, 8 Gbps 40-port FC Switch (with Integrated Routing license) • Fabric OS 2U, 8 Gbps 80-port FC Switch (with Integrated Routing license) • Fabric OS directors configured with a FC 8 Gbps 16-port Blade (with Integrated Routing license) •...
Launching HCM Agent 2. Select Configure > Element Manager > Name Server. The Name Server module displays. NOTE When you close the Management application client, any Web Tools instance launched from the clients closes as well. Launching HCM Agent Use Fabric OS HCM Agent to enable and manage Fabric OS HBAs. You can open HCM Agent directly from the application.
Launching Fabric Watch Launching Fabric Watch Use Fabric Watch as an health monitor that allows you to enable each switch to constantly monitor its SAN fabric for potential faults and automatically alerts you to problems long before they become costly failures.. For more information about Fabric Watch, refer to the Fabric Watch Administrator’s Guide.
Entering the server IP address of a tool FIGURE 174 Define Tools dialog box 4. Type the tool’s name in the Tool Name field as you want it to appear on the Tools menu. 5. Type or browse to the path of the executable file in the Path field. 6.
Adding an option to the Tools menu 5. Click Edit. NOTE You must click Edit before clicking OK; otherwise, your changes will be lost. 6. Click OK to save your work and close the Setup Tools dialog box. Adding an option to the Tools menu You can add third-party tools to the Tools menu which enables you to launch tools directly from the application.
Changing an option on the Tools menu Click Add. The new tool displays in the Tool Menu Items table. NOTE You must click Add before clicking OK; otherwise, the new menu option is not created. 8. Click OK to save your work and close the Setup Tools dialog box. The tool you configured now displays on the Tools menu.
Adding an option to a device’s shortcut menu 4. Click Remove. If the tool is not being utilized, no confirmation message displays. 5. Click Update to remove the tool. 6. Click OK to save your work and close the Setup Tools dialog box. Adding an option to a device’s shortcut menu You can add an option to a device’s shortcut menu.
Changing an option on a device’s shortcut menu 10. Click Add to add the new menu item. It displays in the Product Popup Menu Items table. NOTE You must click Add before clicking OK; otherwise, your changes will be lost. 11.
Removing an option from a device’s shortcut menu 11. Click Edit. NOTE You must click Edit before clicking OK; otherwise, your changes will be lost. 12. Click OK to save your work and close the Setup Tools dialog box. Removing an option from a device’s shortcut menu You can remove a tool that displays on a device’s shortcut menu.
Microsoft System Center Operations Manager (SCOM) plug-in The SCOM plug-in is supported on the following configurations: • SCOM 2007 R2 or SCOM 2012 • Professional Plus and Enterprise Trial and Licensed version 11.0.0 and later SCOM plug-in requirements • Make sure you import the Management application management pack (Management_Application_Name.FabricView.xml) to the SCOM Server prior to registering the SCOM Plug-in.
Microsoft System Center Operations Manager (SCOM) plug-in Editing a SCOM server To edit the SCOM server, complete the following steps. 1. Select Tools > Plug-in for SCOM. The Plug-in for SCOM dialog box displays. 2. Select the server you want to edit and click Edit. The Edit SCOM Server dialog box displays.
Page 478
Microsoft System Center Operations Manager (SCOM) plug-in Brocade Network Advisor SAN User Manual 53-1003154-01...
Services tab Launching the SMC on Linux NOTE The Server Management Console is a graphical user interface and should be launched from the XConsole on Linux systems. Perform the following steps to launch the Server Management Console on Linux systems. 1.
Services tab 3. Review the following information for each available service. • Name — The name of the server; for example, FTP Server or Database Server. • Process Name — The name of the process; for example, postgres.exe (Database Server). •...
Services tab Starting all services NOTE The Start button restarts running services in addition to starting stopped services which causes client-server disconnect. To start all services, complete the following steps. 1. Launch the Server Management Console. 2. Click the Services tab. 3.
Ports tab 6. Select the database user name for which you want to change the password in the User Name field. Options include dcmadmin and dcmuser. Changing the dcmadmin password requires all Management application services, except for the database server, to be stopped and then re-started. Changing the dcmuser password requires all ODBC remote client sessions to be restarted.
AAA Settings tab AAA Settings tab Authentication enables you to configure an authentication server and establish authentication policies. You can configure the Management application to authenticate users against the local database (Management application server), an external server (RADIUS, LDAP, CAC or TACACS+), or a switch.
Page 485
AAA Settings tab 1. Select the AAA Settings tab (Figure 177). FIGURE 177 AAA Settings tab 2. Select Radius Server from the Primary Authentication list. 3. Add or edit a Radius server by referring to “Configuring a Radius server” on page 434. 4.
Page 486
AAA Settings tab Configuring a Radius server To add or edit a Radius server, complete the following steps. 1. Choose one of the following options from the AAA Settings tab: • Click Add. • Select an existing Radius server and click Edit. The Add or Edit Radius Server dialog box displays (Figure 178).
AAA Settings tab Configuring LDAP server authentication NOTE You cannot configure multiple Active Directory groups (domains) for the LDAP server. NOTE You cannot enter Domain\User_Name in the Management application dialog box for LDAP server authentication. If you configure the external LDAP server as the primary authentication server, make the following preparations first: •...
Page 488
AAA Settings tab FIGURE 179 AAA Settings tab - LDAP server 3. Add or edit an LDAP server by referring to “Configuring an LDAP server” on page 437. The LDAP Servers and Sequence table displays the following information: • Network Address — The network address of the LDAP server. •...
Page 489
AAA Settings tab • LDAP Servers Not Reachable • LDAP Authentication Failed • User Not Found in LDAP 10. Set the authorization preference by selecting one of the following options from the Authorization Preference list: • Local Database Use the LDAP server for authentication and the Management application local ...
AAA Settings tab FIGURE 180 Add or Edit LDAP server 4. Enter the LDAP server’s hostname in the Network address field. If DNS is not configured in your network, provide an IP address instead of the hostname. 5. Enable security by selecting the Security Enabled check box. When you enable security, the TCP port number automatically changes to port 636 and you must enable certificate services on the LDAP server.
Page 491
AAA Settings tab FIGURE 181 AAA Settings tab - TACACS+ server 3. Add or edit a TACACS+ server by referring to “Configuring a TACACS+ server” on page 440. 4. Rearrange the TACACS+ servers in the table by selecting a server and click the Up or Down button to move it.
Page 492
AAA Settings tab Configuring a TACACS+ server To add or edit a TACACS+ server, complete the following steps. 1. Choose one of the following options from the AAA Settings tab: • Click Add. • Select an existing TACACS+ server and click Edit. The Add or Edit TACACS+ Server dialog box displays (Figure 180).
AAA Settings tab Configuring Common Access Card authentication NOTE Common Access Card (CAC) authentication does not support SMI Agent and launch-in-context dialog boxes. NOTE CAC authentication is only supported on Windows systems. Common Access Card (CAC) authentication requires the following preparations: •...
Page 494
AAA Settings tab FIGURE 183 AAA Settings tab - CAC server 3. Set the authorization preference by selecting one of the following options from the Authorization Preference list: • Local Database — Uses the AD server for authentication and the Management application local database for authorization.
AAA Settings tab Configuring switch authentication Switch authentication enables you to authenticate a user account against the switch database and the Management application server. You can configure up to three switches and specify the fall back order if one or more of the switches is not available. NOTE Switch authentication is only supported on Fabric OS devices.
AAA Settings tab 1. Select the AAA Settings tab. 2. For Primary Authentication, select Windows Domain. 3. Enter the domain name in the Windows Domain Name field. 4. Set secondary authentication by selecting one of the following options from the Secondary Authentication list: •...
Radius server configuration Displaying the client authentication audit trail All responses to authentication requests coming from clients are logged to an audit trail log file. This file is automatically backed up on the first day of every month. 1. Select the AAA Settings tab. 2.
Radius server configuration For example: client 172.26.3.76 { secret = password shortname = GVM1 server 3. Save and close the file. Configuring user authorization for the Radius server The user configuration file contains the individual user profiles. 1. Open the user configuration file (such as users.conf) a text editor (such as Notepad). 2.
LDAP server configuration 2. Change the attribute to use the sequence number 9 as follows. ATTRIBUTE NM-Roles-AORs-List string 3. Save and close the file. 4. Open the Radius server dictionary file in a text editor (such as Notepad). 5. Enter the following to add the Management application dictionary file to the Radius server dictionary file: $INCLUDE dictonary.NM_AAA_dictionary 6.
LDAP server configuration 4. Enter a name in the Full name field 5. Enter a log on name in the User logon name field. 6. Click Next. Select the Password Never Expires option and click Next. 8. Click Finish. The new user displays in the Users pane. 9.
Page 501
LDAP server configuration 5. Select Active Directory Schema from the Available standalone snap-ins list and click Add. If Active Directory Schema does not display the Available standalone snap-ins list, you must configure it on the LDAP server (refer to “Configuring the Active Directory Schema on the LDAP server”...
Page 502
LDAP server configuration 19. Close the Management console. 20. Restart the AD server. After you restart the AD server, go to “Configuring authorization details on the external LDAP server” on page 450. Configuring the Active Directory Schema on the LDAP server 1.
LDAP server configuration 4. Select NmAors in the Attributes list and click Edit. The String Attribute Editor dialog box displays. 5. Enter the areas of responsibility (such as, All Fabricsand All Hosts) in the Value field and click OK.. 6. Select NmRoles in the Attributes list and click Edit. Enter the Management application user roles (such as Host Administrator, Network Administrator, Operator, Report User Group, SAN System Administrator, Security Administrator, Security Officer, and Zone Administrator) in the Value field and click OK.
LDAP server configuration 3. Select the roles and AORs you want to remove in the Active Directory Groups table. Select multiple roles and AORs by holding down the CTRL key and clicking more than one role and AOR. 4. Click the left arrow button. The selected roles and AORs are moved to the Available Roles / AORs table.
TACACS+ server configuration 10. (Optional) Enter the group name in the Group Name Filter field. You can specify the group name in the following formats: • User, Domain - Will fetch the group name that contains the user or the operator. •...
Restore tab Restore tab The Restore tab enables you to restore the application data files used by the Management application server. Restoring the database To restore application data files, you must know the path to the backup files. This path is configured from the Server >...
Technical Support Information tab 5. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console. For the restored data to take effect, re-launch the Configuration Wizard using the instructions in “Launching the Configuration Wizard”...
HCM Upgrade tab 3. Enter the path where you want to save the support data and a name for the support save file in the Output Path field. For example, Full_Path\Support_Save_File_Name.zip. You can also browse to the location you want to save the support data and append the file name to the path when you return to the Technical Support Information tab.
SMI Agent Configuration Tool 3. Click Upgrade. 4. Click Close. SMI Agent Configuration Tool The SMIA Configuration Tool enables you to configure SMI (Storage Management Initiative) Agent settings, such as security, CIMOM, and certificate management. This tool is automatically installed with the Management application as part of the Server Management Console.
SMI Agent Configuration Tool 3. Enter your username and password in the appropriate fields. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. 4. Select or clear the Save password check box to choose whether you want the application to remember your password the next time you log in.
SMI Agent Configuration Tool 4. Enter your username and password in the appropriate fields and click OK. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. The SMIA Configuration Tool dialog box displays. Launching a remote SMIA configuration tool To launch a remote SMIA configuration tool, complete the following steps.
Page 512
SMI Agent Configuration Tool SLP support includes the following components: • slpd script starts the slpd platform • slpd program acts as a Service Agent (SA). A different slpd binary executable file exists for UNIX and Windows systems. • slptool script starts the slptool platform-specific program •...
Page 513
SMI Agent Configuration Tool • slptool findattrs service:wbem:https://IP_Address:Port NOTE Where IP_Address:Port is the IP address and port number that display when you use the slptool findsrvs service:wbem command. Use this command to verify that Management application SMI Agent SLP service is properly advertising its WBEM SLP template over the HTTP protocol.
Page 514
SMI Agent Configuration Tool SLP on UNIX systems This section describes how to verify the SLP daemon on UNIX systems. SLP file locations on UNIX systems • SLP log — Install_Home/cimom /cfg/slp.log • SLP daemon — Install_Home/cimom /cfg/slp.conf You can reconfigure the SLP daemon by modifying this file. •...
SMI Agent Configuration Tool Verifying SLP service installation and operation on Windows systems 1. Launch the Server Management Console from the Start menu. 2. Click Start to start the SLP service. 3. Open a command window. 4. Type cd c:\Install_Home\cimom \bin and press Enter to change to the directory where slpd.bat is located.
SMI Agent Configuration Tool Accessing Management application features To access Management application features such as, fabric and host discovery, role-based access control, application configuration and display options, server properties, as well as the application name, build, and copyright, complete the following steps. 1.
Page 517
SMI Agent Configuration Tool 1. Click the Authentication tab. FIGURE 190 Authentication tab 2. Select the Enable Client Mutual Authentication check box, as needed. If the check box is checked, CIM client mutual authentication is enabled. If the check box is clear (default), client mutual authentication is disabled.
Page 518
SMI Agent Configuration Tool Configuring CIMOM server authentication CIMOM server authentication is the authentication mechanism between the CIM client and the CIMOM Server. You can configure the CIMOM server to allow the CIM client to query the CIMOM server without providing credentials; however, the CIMOM server requires the Management application credentials to connect to the Management application server to retrieve the required data.
SMI Agent Configuration Tool CIMOM tab NOTE You must have SAN - SMI Operation Read and Write privileges to view or make changes on the CIMOM tab. For more information about privileges, refer to “User Privileges” on page 1451. The CIMOM tab enables you to configure the CIMOM server port, the CIMOM Bind Network Address, and the CIMOM log.
Page 520
SMI Agent Configuration Tool 4. Click Apply. NOTE Changes on this tab take effect after the next CIMOM server restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 12.X.X > Server Management Console). If you disabled SSL, a confirmation message displays.
Page 521
SMI Agent Configuration Tool Configuring the CIMOM log NOTE You must have SAN - SMI Operation Read and Write privileges to view or make changes on the CIMOM tab. For more information about privileges, refer to “User Privileges” on page 1451. To configure the CIMOM log, complete the following steps.
SMI Agent Configuration Tool Certificate Management tab NOTE You must have SMI Operation Read and Write privileges to view or make changes on the Certificate Management tab. For more information about privileges, refer to “User Privileges” on page 1451. The Certificate Management tab enables you to manage your CIM client and Indication authentication certificates.
Page 523
SMI Agent Configuration Tool 5. Click Import. The new certificate displays in the Certificates list and text box. If the certificate location is not valid, an error message displays. Click OK to close the message and reenter the full path to the certificate location. If you did not enter a certificate name, an error message displays.
SMI Agent Configuration Tool Deleting a certificate NOTE You must have SMI Operation Read and Write privileges to view or make changes to the Certificate Management tab. For more information about privileges, refer to “User Privileges” on page 1451. To delete a certificate, complete the following steps. 1.
Page 525
SMI Agent Configuration Tool 1. Click the Summary tab. FIGURE 193 Summary tab 2. Review the summary. NOTE When the CIMOM server is stopped, the server configuration information does not display on the Summary tab. The following information is included in the summary. TABLE 39 Field/Component Description...
Page 526
SMI Agent Configuration Tool TABLE 39 Field/Component Description Log Level Displays the log level for the Server Configuration and the Current Configuration. Options include the following: • 10000 — Off • 1000 — Severe • 900 — Warning • 800 — Info (default) •...
Chapter SAN Device Configuration In this chapter • Configuration file management ........475 •...
Page 528
Configuration file management • Defining a schedule (Configuration File > Schedule Backup) (refer to “Scheduling switch configuration backup” on page 479) • Defining adaptive backup (Discovery or Event-triggered) (refer to “Adaptive backup” page 477) Saving switch configurations on demand or manually Configuration files are uploaded from the selected switches and stored in individual files only for the Professional edition.
Configuration file management Adaptive backup Adaptive backup is triggered based on fabric discovery and when configuration change events is received from a switch. Discovery backup Switch or fabric discovery automatically triggers discovery backup for all switches in the fabric which have the correct user credentials. To discover a switch, refer to “Discovering fabrics”...
Page 530
Configuration file management To restore a switch configuration, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration File > Restore. The Restore Switch Configuration dialog box displays. FIGURE 195 Restore Switch Configuration dialog box 2.
Configuration file management Scheduling switch configuration backup NOTE The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. You can schedule a backup of one or more switch configurations. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all fabrics discovered.
Page 532
Configuration file management 3. Set the Schedule parameters. These include the following: The desired Frequency for backup operations (daily, weekly, monthly). The Day you want backup to run. If Frequency is Daily, the Day list is unavailable. If Frequency is Weekly, choices are days of the week (Sunday through Saturday). If Frequency is Monthly, choices are days of the month (1 through 31).
Page 533
Configuration file management FIGURE 197 Switch Configurations tab The Switch Configurations tab contains the following fields and components: • Trigger Backup on Events check box — Select to collect backup configurations triggered by events (refer to “Event -triggered backup”). Clear the check box to not collect backup configurations triggered by events.
Page 534
Configuration file management • Backup Date/Time — The date and time the last backup occurred. This is the backup that will be restored. • Name — The name of the switch that will be restored. • Configuration Type — The type of configuration for the switch (FC, DCB-running, or DCB-startup).
Configuration file management Restoring a configuration from the repository If you delete a fabric or switch from discovery, the configuration remains in the repository until you delete it manually. Stored configurations are linked to the switch WWN; therefore, if the IP address or switch name is changed and then rediscovered, the Configuration File Manager dialog box displays the new switch name and IP address for the old configuration.
Configuration file management • Backup Type — The type of backup used to obtain the configuration files from the device. Backup options include the following types: Discovery — The discovery backup is obtained after the discovery process. Event Triggered — Occurs when a trap is generated by the device during a configuration change.
Configuration file management FIGURE 199 Configuration file content 5. Click Close to close the dialog box. Searching the configuration file content NOTE This feature requires a Trial or Licensed version. To search the configuration file content, complete the following steps. 1.
Configuration file management FIGURE 200 Searching Configuration file content 6. Click Close to close the dialog box. Deleting a configuration NOTE This feature requires a Trial or Licensed version. NOTE Baseline configurations and the latest configurations will not be deleted. 1.
Configuration file management Exporting a configuration NOTE This feature requires a Trial or Licensed version. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration File > Configuration File Manager. The Configuration File Manager dialog box displays. 2.
Configuration file management Comparing switch configurations The Compare dialog box allows you to display the contents of two configurations side-by-side. To compare two configurations, perform the following steps. 1. Click the SAN tab. 2. Select Configure > Configuration > Configuration File Manager. The Configuration File Manager dialog box displays.
Page 541
Configuration file management • Change Navigator buttons/legend — The Change Navigator buttons and legends are enabled when there is at least one change between two compared files. Go to first change button ( ) — Click to move to the first change. Go to previous change button ( ) —...
Configuration file management Keeping a copy past the defined age limit NOTE This feature requires a Trial or Licensed version. 1. Select Configure > Configuration File > Configuration File Manager. The Configuration File Manager dialog box displays. 2. Select the check box under Keep for the configuration you want to preserve. The configuration will be kept until it is manually deleted, or until the Keep check box is cleared to enable the age limit again.
Page 543
Configuration file management FIGURE 202 Change Tracking tab The Change Tracking tab displays the following information: • Name — The switch name. • Fabric Name — The name of the fabric. • WWN — The world wide name of the switch selected to be the destination switch. •...
Configuration file management Replicating configurations NOTE This feature requires a Trial or Licensed version. You can replicate a switch SNMP configuration, the Fabric Watch configuration, Trace Destination configuration, or the entire configuration. 1. Select Configure > Configuration File > Replicate > Configuration. A wizard is launched to guide you through the process.
Page 545
Configuration file management TABLE 41 Step 3. Source Location Field/Component Description Configuration File Manager option Select to replicate the entire Configuration File Manager to the destination switches. Configuration from the switch option Select to assign a designated switch to the destination switch. File in text format option Select to choose a valid configuration file from the local file system by either typing in the complete path of the file in the text box or selecting...
Page 546
Configuration file management TABLE 42 Step 4. Source Configuration (Continued) Field/Component Description Port Type The type of port (for example, expansion port, node port, or NL_port). Product Type The type of product. Protocol The protocol for the port. Serial # The serial number of the switch.
Page 547
Configuration file management TABLE 43 Step 5. Destination Switches (Continued) Field/Component Description Product Type The type of product. Protocol The protocol for the port. Serial # The serial number of the switch. Speed Configured (Gbps) The actual speed of the port in Gigabits per second. State The port state, for example, online or offline.
Configuration file management Replicating security configurations NOTE This feature requires a Trial or Licensed version. You can replicate an AD/LDAP Server, DCC, IP, RADIUS Server, or SCC security policy. 1. Select Configure > Configuration File > Replicate > Security. A wizard is launched to guide you through the process. The first step of the wizard, Overview, displays.
Page 549
Configuration file management TABLE 47 Step 3. Select Source Switch (Continued) Field/Component Description Switch Name The name of the source switch to be replicated. Switch IP Address The IP address of the source switch to be replicated. Switch WWN The world wide name of the source switch to be replicated. Name The name of the selected switch.
Enhanced group management TABLE 48 Step 4. Select Destination Switches (Continued) Field/Component Description Contact The primary contact at the customer site. Description A description of the customer site. State The port state, for example, online or offline. Status The operational status of the port; for example, unknown or marginal. Right and left arrow buttons Click to move the switches back and forth between the Available Switches table and the Selected Switches table.
Firmware management Firmware management A firmware file repository (Windows systems only) is maintained on the server in the following location: C:\Program Files\Install_Directory\data\ftproot\Firmware\Switches\7.0\n.n.n\n.n.n The firmware repository is used by the internal FTP, SCP, or SFTP server that is delivered with the Management application software, and may be used by an external FTP server if it is installed on the same platform as the Management application software.
Page 552
Firmware management FIGURE 203 Download tab 3. Select one or more switches from the Available Switches table. The Available Switches table lists the switches that are available for firmware download. 4. Click the right arrow to move the switches to the Selected Switches table. If you select any switches that do not support firmware download, a message displays.
Page 553
Firmware management • Select the SCP Server option to download from the external SCP server. Continue with step NOTE The Management application only supports WinSSHD as the third-party Windows external SCP server. Firmware upgrade and downgrade through WinSSHD is only supported on devices running Fabric OS 6.0 or later.
Firmware management Displaying the firmware repository The firmware repository is available on the Firmware Management dialog box. The Management application supports .zip and .gz compression file types for firmware files. Initially, the firmware repository is configured to use the built-in FTP, SCP, or SFTP server. To use an external FTP server, refer to “Configuring an external FTP, SCP, or SFTP server”...
Firmware management • Release Notes View button — Click to view the release notes, if imported, which contain information about downloading firmware. For internal built-in FTP, SCP, or SFTP servers or external SCP or SFTP servers running on the same system as the Management application, if there is a space in the release note file name, you will not be able to view the release notes.
Firmware management 6. Enter or browse to the location of the MD5 file (.md5 file type). If the MD5 checksum file is located in the same directory as the firmware file and has the same file name (with the md5 extension), this field is auto-populated. The MD5 checksum file can be obtained from the Fabric OS product download site in the same location as the firmware file.
Switch password management Switch password management Switch password management enables you to change or reset the switch password for one or more users across multiple switches. NOTE You can change the switch password for root and factory users only by using the Change Password button because the current password is mandatory.
Page 558
Switch password management The Manage Switch Password dialog box includes the following components: • Available Switches table — Displays the switches available in the current view of the application. • Selected Switches table — Displays the selected switches. • Results table — Displays the users associated with the selected switches. 2.
Switch password management FIGURE 208 Change Password dialog box 6. Enter the current password in the Current Password field. Enter the new password in the New Password and Confirm Password fields. NOTE Passwords must be from 8 through 40 characters long and cannot contain a colon (:). 8.
Frame viewer 5. Select one or more users for whom you want to reset the switch password from the Results table and click Reset Password. The Reset Password dialog box displays (as shown in Figure 209). FIGURE 209 Reset Password dialog box 6.
Page 561
Frame viewer 2. Select one of the following options from the Show list: • Select Only Supported Products with Dropped Frames in the Log. The top table displays Fabric OS devices running 7.1.0 or later that support frame viewer and have dropped frames. •...
Frame viewer • Clear button — Select a device in the upper table and click to clear the discarded frames from the frame log (refer to “Clearing the discarded frame log” on page 511). All discarded frame records from the frame log on the switch are cleared. The Discarded Frames column value in the upper table updates “No”.
Frame viewer Destination – Destination name. If the device port is an HBA managed by the Management application, the host name displays. Destination Port – Destination port name. Destination Switch-Port – Destination Switch_Name – Port_Name. Destination FID – Destination fabric ID. ...
Ports Ports You can enable and disable ports, as well as view port details, properties, type, status, and connectivity. Viewing port connectivity The connected switch and switch port information displays for all ports. To view port connectivity, choose one of the following steps: •...
Page 565
Ports • Add Flow button — Select a port and click to add a flow definition (refer to “Provisioning flows” on page 1816). NOTE Flow Vision is supported on platforms running Fabric OS 7.2 and later. • Port connectivity table — Displays the ports connected to the selected fabric or device. Loop devices are displayed in multiple rows, one row for each related device port.
Page 566
Ports Device Port Type— The device port type; for example, U_Port (universal port), FL_Port (Fabric loop port), and so on. Device Node WWN — The world wide name of the device node. Device Symbolic Name — The symbolic name of the device node. Physical/Virtual/NPIV —...
Ports Connected Port Name — The name of the connected port. Connected User Port Number — The port number of the connected user port. Connected Port Area ID Port Index — The area ID and the port index of the connected port. Connected Port Speed —...
Page 568
Ports • • • < • > • <= • >= • contains • matches 4. Define a filter by entering a value that corresponds to the selected property in the Value column. 5. Repeat steps 2 through 4 as needed to define more filters. 6.
Ports Viewing port details To view port details, complete the following steps. 1. Right-click the port for which you want to view more detailed information on the Port Connectivity View dialog box and select Show Details. The Port Details dialog box displays(Figure 211).
Ports Port types On the Connectivity Map, right-click a switch icon and select Show Ports. The port types display showing which ports are connected to which products. NOTE Show Ports is not applicable when the map display layout is set to Free Form (default). NOTE This feature is only available for connected products.
Page 571
Ports 2. Review the following information: • Product properties for both devices. • Connection properties. • Selected connection port properties. Depending on the device type at either end of the connection, some of the following fields (Table 52) may not be available for all products. TABLE 52 Port connection properties Field...
Page 572
Ports TABLE 52 Port connection properties (Continued) Field Description dB Loss (dB) The power loss (dB) value between the source and destination ports. Only available when historical performance data collection is enabled. For Fabric OS devices, this field requires firmware version 6.2.2d, 6.3.2c, 6.4.1a, or 6.4.2 or later.
Page 573
Ports TABLE 52 Port connection properties (Continued) Field Description Manufacturer Plant The name of the manufacturing plant. Name The name of the switch. NPIV Enabled Whether the NPIV port is enabled. Parameter The parameter of the switch. Physical/Logical Whether the port is a physical port or a logical port. PID Format The port ID format of the switch.
Ports Determining inactive iSCSI devices For router-discovered iSCSI devices, you can view all of the inactive iSCSI devices in one list. To do this, use the Ports Only view and then sort the devices by FC Address. The devices that have an FC address of all zeros are inactive.
Page 575
Ports • Combined Status — Displays the current status of the port. NOTE Requires a 16 Gbps capable port running Fabric OS 7.0 or later. NOTE For devices running Fabric OS 7.1 or earlier, the device must have a Fabric Watch license and threshold monitoring configured for the port.
Port commissioning • Powered on Years (Hours) — The powered on time in years and hours for 16 Gbps capable ports. Empty for unsupported ports. NOTE Requires a 16 Gbps capable port running Fabric OS 7.0 or later. • FC Speed (GB/s) (Fabric OS 7.0 or later) — The FC port speed; for example, 4 Gbps. •...
Page 577
Port commissioning • Port commissioning is not supported on ports with Dense Wave Division Multiplexing (DWDM), Course Wave Division Multiplexing, or Time Division Multiplexing (TDM). • E_Port commissioning requires that the lossless feature is enabled on both the local switch and the remote switch.
Port commissioning Configuring port commissioning The following procedure provides an overview of the steps you must complete to configure port commissioning. 1. Make sure you meet the z/OS (mainframe operating system) requirements. For more information, refer to “z/OS requirements” on page 525. 2.
Page 579
Port commissioning FIGURE 215 Port Commissioning Setup dialog box 2. Enter the IP address (IPv4 or IPv6 format) or host name of the CIMOM server in the Network Address field. 3. (Optional) Enter a description of the CIMOM server in the Description field. The description cannot be over 1024 characters.
Port commissioning Viewing existing CIMOM servers NOTE Port commissioning is only supported on FICON devices running Fabric OS 7.1 or later. Before you can decommission or recommission an F_Port, you must register the CIMOM servers within the fabric affected by the action. For more information, refer to “Registering a CIMOM server”...
Port commissioning Not Reachable — CIMOM server not reachable. Wrong Namespace — CIMOM server namespace is incorrect. • Last Contacted — The last time you contacted the system. Updates when you test the reachability of the CIMOM server and when you contact the CIMOM server to respond to the F_Port decommission or recommission request.
Port commissioning Importing CIMOM servers and credentials You can import one or more CIMOM servers (system and credentials) using a CSV-formatted file. You can import a maximum of 2,000 CIMOM servers. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 215).
Port commissioning Changing CIMOM server credentials You can edit the CIMOM server credentials for one or more CIMOM servers at the same time. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 215). 2.
Port commissioning Deleting CIMOM server credentials 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 215). 2. Select one or more CIMOM servers from the Systems List and click the left arrow button. The details for the last selected CIMOM server row displays in the Add/Edit System and Credentials area.
Page 585
Port commissioning • Force — Select to force the port decommission. The Management application still contacts all registered CIMOM servers within the fabric affected by the action, but forces the port decommission regardless of the CIMOM server response. NOTE If the CIMOM server is not reachable or the credentials fail, F_Port decommissioning do not occur.
Port commissioning E_Port commissioning Although you can use any of the following methods to access the E_Port commissioning commands, individual procedures only include one method. • From the main menu, select the E_Port in the Product List, and then select Configure > Port Commissioning >...
Port commissioning Decommissioning an E_Port trunk Select the E_Port trunk in the Product List, and then select Configure > Port Commissioning > Decommission > Port or right-click E_Port trunk and select Decommission. The decommission request is sent to all the trunk members including the master, If a decommissioning request is triggered on a trunk level.
Port commissioning NOTE If the CIMOM server is not reachable or the credentials fail, port decommission does not occur. If all CIMOM servers are reachable, the Management application sends a CAL Request to decommission the port. If all the CIMOM servers are not reachable, decommissioning fails.
Page 589
Port commissioning Decommissioning all ports on a blade NOTE (Virtual Fabrics only) All ports on the blade must be managed by the Management application. NOTE Fabric tracking must be enabled (refer to “Enabling fabric tracking” on page 133) to maintain the decommissioned port details (such as port type, device port WWN, and so on).
Port commissioning Recommissioning all ports on a blade NOTE All ports on the blade must be managed by the Management application. Select a port on the blade for which you want to recommission all ports, and then select Configure > Port Commissioning > Recommission > All Ports on the Blade. NOTE You can only recommission ports from the logical switch, not the physical chassis.
Port commissioning • Configuration Name — Name of the deployment. For example, Decommission/Recommission - switch_name, Decommission/Recommission - switch_name - blade, or Decommission/Recommission - switch_name - Ports. • Product — The product name. • Status — The status of the deployment. For example, Success or Failed. •...
Page 592
Port commissioning • Configuration Name — Name of the deployment. For example, Decommission/Recommission - switch_name, Decommission/Recommission - switch_name - blade, or Decommission/Recommission - switch_name - Ports. • Product — The product name. • Status — The status of the deployment. For example, Allowed or Failed. •...
Port commissioning CIMCLI trouble shooting Use the following sections to obtain data to support trouble shooting. Obtaining FCPort and PCCUPort data To obtain CIMOM supporting documentation for troubles hooting, complete the following steps. 1. Log onto the TSO. NOTE You need a very large TSO user region size for the cimcli command. 2.
Page 594
Port commissioning 3. Enter a file name for the server support save file in the File Name field. The default file name is DCM-SS-Time_Stamp. 4. Select the Include Database check box to include the database in the support save and choose one of the following options.
Administrative Domain-enabled fabric support Administrative Domain-enabled fabric support The Management application provides limited support for AD-enabled fabrics. An Administrative Domain (Admin Domain or AD) is a logical grouping of fabric elements that defines which switches, ports, and devices you can view and modify. An Admin Domain is a filtered administrative view of the fabric.
Administrative Domain-enabled fabric support • If you try to enable Virtual Fabrics on an AD-enabled switch, that operation fails with the following message: “Failed to enable Virtual Fabric feature for Chassis (Remove All ADs before attempting to enable VF).” • Performs performance management (including Advance Performance Monitoring and Top Talkers) data collection and reports in a physical fabric context.
Administrative Domain-enabled fabric support TABLE 53 Feature support for AD-enabled fabrics (Continued) Feature AD context ADO AD255 Not supported All AD User interface impact Performance Management > Filters AD-enabled fabric from the Fabrics list. Configure Thresholds End-to-End Monitors Clear Counters Port Auto Disable Filters AD-enabled fabric from the dialog box.
Port Auto Disable Port Auto Disable NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. Port Auto Disable (PAD) allows you to enable and disable Port Auto Disable on individual FC_ports or on all ports on a selected device, as well as unblock currently blocked ports. Enabling port auto disable on a port or device configures ports to become blocked when any of the following five events occur: •...
Page 599
Port Auto Disable FIGURE 217 Port Auto Disable dialog box 2. Select a fabric from the Fabric list. An information message displays the number of block ports for the fabric, if any. 3. Select one of the following from the Show list to determine what ports to display: •...
Port Auto Disable • Port # — Displays the port number. • Port WWN — Displays the port world wide name. • Port Name — Displays the port name. • User Port # — Displays the user port number. • PID —...
Port Auto Disable Enabling Port Auto Disable on individual ports NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. To enable PAD on individual ports, complete the following steps. 1. Select Monitor > Port Auto Disable. The Port Auto Disable dialog box displays. 2.
Port Auto Disable Disabling Port Auto Disable on individual ports NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. To disable port auto disable on individual ports, complete the following steps. 1. Select Monitor > Port Auto Disable. The Port Auto Disable dialog box displays.
Port Auto Disable Stopping Port Auto Disable on a device NOTE Port Auto Disable requires devices running Fabric OS 7.2 or later. You can disable PAD at the device level. This allows you stop PAD for the device regardless of the individual port setting.
Port Auto Disable Unblocking ports NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. To unblock ports, complete the following steps. 1. Select Monitor > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to unblock ports from the Fabric list. 3.
Creating a new Host Creating a new Host To create a new Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. FIGURE 218 Host Port Mapping dialog box The Host Port Mapping dialog box includes the following details: •...
Renaming an HBA Host Renaming an HBA Host To rename a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Click the Host you want to rename in the Hosts table, wait a moment, and then click it again. The Host displays in edit mode.
Associating an HBA with a Host Associating an HBA with a Host ATTENTION Discovered information overwrites your user settings. To associate an HBA with a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays.
Page 609
Importing HBA-to-Host mapping 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure and well-formed WWNs, and counts number of errors. If more than 5 errors occur, import fails and a ‘maximum error count exceeded’ message displays.
Removing an HBA from a Host Removing an HBA from a Host To remove an HBA from a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2.
Page 611
Exporting Host port mapping 4. Browse to the location where you want to save the export file. Depending on your operating system, the default export location are as follows: • Desktop\My documents (Windows) • \root (Linux) 5. Enter a name for the files and click Save. 6.
Page 612
Exporting Host port mapping Brocade Network Advisor SAN User Manual 53-1003154-01...
Creating a storage array Creating a storage array To create a storage array, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays with the following information. •...
Unassigning a storage port from a storage array 4. Click the right arrow. The storage port is added to the Storage Array. 5. Click OK to save your work and close the Storage Port Mapping dialog box. If the storage device is part of more than one fabric, a message displays: The selected Storage_Name/Storage_WWN is part of more than one fabric.
Editing storage array properties 6. Click the right arrow button. The storage port moves from the Storage Ports table to the selected storage array. Click OK to save your work and close the Storage Port Mapping dialog box. Editing storage array properties To edit storage array properties, complete the following steps.
Viewing storage array properties 4. Review the properties. 5. Click OK on the Properties dialog box. 6. Click OK on the Storage Port Mapping dialog box. Viewing storage array properties To view storage array properties, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays.
Page 618
Importing storage port mapping 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure (first entry must be the storage node name (WWN) and second entry must be the storage array name), well formed WWNs, and counts number of errors If more than 5 errors occur, import automatically cancels.
Exporting storage port mapping Exporting storage port mapping The Storage Port Mapping dialog box enables you to export a storage port array. The export file uses the CSV format. The first row contains the headers (Storage Node Name (WWNN), Storage Array Name) for the file.
Page 620
Exporting storage port mapping Brocade Network Advisor SAN User Manual 53-1003154-01...
Supported adapters The Management application, in conjunction with HCM, provides end-to-end management capability. For information about configuring, monitoring, and managing individual adapters using the HCM GUI or the Brocade Command Utility (BCU), refer to the Adapters Administrator’s Guide. Supported adapters The following sections describe the supported adapter types: •...
Supported adapters Converged Network Adapters Table 57 describes available Converged Network Adapters (CNAs) for PCIe x 8 host bus interfaces, hereafter referred to as CNAs. These adapters provide reliable, high-performance host connectivity for mission-critical SAN environments. TABLE 57 Supported Fibre Channel CNA models Model number Port speed Number of ports...
HCM software AnyIO technology Although the Brocade 1860 Fabric Adapter can be shipped in a variety of small form-factor pluggable (SFP) transceiver configurations, you can change port function to the following modes using Brocade AnyIO technology, provided the correct SFP transceiver is installed for the port: •...
HCM software HCM features Common HBA and CNA management software features include the following: • Discovery using the agent software running on the servers attached to the SAN, which enables you to contact the devices in your SAN. • Configuration management, which enables you to configure local and remote systems. With HCM, you can configure the following items: Brocade 4 Gbps and 8 Gbps HBAs HBA ports (including logical ports, base ports, remote ports, and virtual ports) associated...
Host adapter discovery Host adapter discovery The Management application enables you to discover individual hosts, import a group of hosts from a CSV file, or import host names from discovered fabrics. The maximum number of host discovery requests that can be accepted is 1000. Host discovery requires HCM Agent 2.0 or later. ESXi host adapter discovery requires the vendor-specific HBA CIM provider to be installed on the ESXi host.
HCM and Management application support on ESXi systems 6. Enable or disable the vSphere client plug-in registration. If you enable this plug-in, events are forwarded from the Management application to the vCenter server. Click OK. The VMM discovery process begins. When complete, the vCenter server and all ESX and ESXi hosts managed by that vCenter display in the Host product tree.
HCM and Management application support on ESXi systems ESXi CIM listener ports The Management application server uses two CIM indication listener ports to listen for CIM indications. NOTE s Management Application does not support CIM indications for Emulex Adapters. • HCM Proxy Service CIM Indication Listener Port —...
Connectivity map 3. Select CIM server (ESXi only) as the Contact option. 4. (Optional) Select HTTP or HTTPS from the Protocol list. HTTPS is the default. 5. Click OK. Connectivity map The Connectivity Map, which displays in the upper right area of the main window, is a grouped map that shows physical and logical connectivity of Fabric OS components, including discovered and monitored devices and connections.
Adapter software If you create a new host and associate HBAs to it, and then you try to discover a host with the same HBAs using Host discovery, the HBAs discovered using host discovery must match the HBAs associated to the host exactly; otherwise, host discovery will fail. Instructions for mapping a host to HBAs are detailed in Chapter 13, “Host Port Mapping”.
Adapter software • Name — The name of the host. The first three digits indicate the host’s operating system; for example, WIN or LIN. • Operating System — The host operating system; for example, Microsoft Windows or Red Hat Linux. •...
Adapter software FIGURE 222 Driver Repository dialog box 2. Click Import on the Driver Repository dialog box. The Import Driver Repository dialog box displays. 3. Locate the driver file using one of the following methods: • Search for the file you want from the Look In list. •...
Page 633
Adapter software Importing a boot image into the repository Boot images are required for adapters that are shipped without a boot image or when it is necessary to overwrite images on adapters that contain older or corrupted boot image versions. 1.
Page 634
Adapter software 6. Locate the boot image file using one of the following methods: • Search for the file you want from the Look In list. Boot image files version 2.0.0.0 and 2.1.0.0 are .zip files and other boot image files are .tar files. •...
Bulk port configuration Deleting a boot image from the repository 1. Select one or more boot images from the Boot Image File Name list on the Boot Image Repository dialog box. 2. Click Delete. The boot image is removed from the boot image repository. Backing up boot image files You can back up the boot image files from the repository using the Options dialog box.
Bulk port configuration Configuring host adapter ports To create, edit, duplicate, or delete port configurations, complete the following steps. Select Host > Adapter Ports from the Configure menu. The Configure Host Adapter Ports dialog box, shown in Figure 225, displays. FIGURE 225 Configure Host Adapter Ports dialog box Brocade Network Advisor SAN User Manual...
Page 637
Bulk port configuration Adding a port configuration The Add Port Configuration dialog box allows you to create a maximum of 50 customized port configurations which you can then select and assign to ports. 1. Click Add on the Configure Host Adapter Ports dialog box. The Add Port Configuration dialog box, shown in Figure 226, displays.
Page 638
Bulk port configuration Target Rate Limiting — Enable the Target Rate Limiting feature to minimize congestion at the adapter port. Limiting the data rate to slower targets ensures that there is no buffer-to-buffer credit back-pressure between the switch due to a slow-draining target. NOTE NOTE: Target Rate Limiting and QoS cannot be enabled at the same time.
Page 639
Bulk port configuration • Enter the minimum allowable output bandwidth in the Min Bandwidth (Mbps) box. The minimum bandwidth is 0 Mbps. A zero value of minimum bandwidth (the default) implies that no bandwidth is guaranteed for that vNIC. • BB Credit Recovery —...
Adapter port WWN virtualization Adapter port WWN virtualization Adapter port world wide name (WWN) virtualization enables the adapter port to use a switch-assigned WWN rather than the physical port WWN for communication, allowing you to preprovision the server with the following configuration tasks: •...
Page 641
Adapter port WWN virtualization Enabling the FAWWN feature on a switch or AG ports 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port from the Fabric Assigned WWN - Configuration list. 3.
Page 642
Adapter port WWN virtualization Manually assigning a FAWWN to a switch or AG port 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port or AG port from the Fabric Assigned WWN - Configuration list. 3.
Adapter port WWN virtualization FAWWNs on attached AG ports The Configure Fabric Assigned Assigned WWNs dialog box, shown in Figure 228, enables you to configure the Fabric Assigned WWN feature on a selected attached Access Gateway (AG) port. 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN.
Page 644
Adapter port WWN virtualization 5. Enter a valid world wide name (WWN), with or without colons, for the Access Gateway node. Optionally, you can select an existing AG Node WWN from the list. The AG Node WWN box includes all discovered AG Node WWNs that are connected to the selected switch. 6.
Role-based access control Role-based access control The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to assign users to a role within the resource group. The Management application provides one preconfigured resource group (All Fabrics). When you create a resource group, all available roles are automatically assigned to the resource group.
Host performance management Host performance management Real-time performance enables you to collect data from managed HBA and CNA ports. You can use real-time performance to configure the following options: • Select the polling rate from 20 seconds up to 1 minute. •...
Host security authentication TABLE 59 Counters (Continued) FC port measures HBA port measures CNA port measures Transmitted FCoE pause frames Received FCS error frames Transmitted FCS error frames Received alignment error frames Received length error frames Received code error frames Instructions for generating real-time performance data are detailed in “Generating a real-time performance graph”...
Page 648
Host security authentication FIGURE 229 Fibre Channel Security Protocol Configuration dialog box 3. Configure the following parameters on the Fibre Channel Security Protocol Configuration dialog box: a. Select the Enable Authentication check box to enable the authentication policy. If authentication is enabled, the port attempts to negotiate with the switch. If the switch does not participate in the authentication process, the port skips the authentication process.
supportSave on adapters supportSave on adapters Host management features support capturing support information for managed Brocade adapters, which are discovered in the Management application. You can trigger supportSave for multiple adapters at the same time. supportSave cannot be used to collect support information for ESXi hosts managed by a CIM Server.
Host fault management Filtering event notifications The Management application provides notification of many different types of SAN events. If a user wants to receive notification of certain events, you can filter the events specifically for that user. NOTE The e-mail filter in the Management application is overridden by the firmware e-mail filter. When the firmware determines that certain events do not receive e-mail notification, an e-mail notification is not sent for those events even when the event type is added to the Selected Events table in the Define Filter dialog box.
Backup support Backup support The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary. Configuring backup to a hard drive NOTE Configuring backup to a hard drive requires a hard drive. The drive should not be the same physical drive on which your operating system or the Management application is installed.
Backup support Enabling backup Backup is enabled by default. However, if it has been disabled, complete the following steps to enable the function. 1. Select Server > Options. The Options dialog box displays. 2. Select Server Backup in the Category list. 3.
Enhanced Ethernet features DCBX protocol Data Center Bridging Exchange (DCBX) protocol allows enhanced Ethernet devices to convey and configure their DCB capabilities and ensures a consistent configuration across the network. DCBX protocol is used between DCB devices, such as a converged network adapter (CNA) and an FCoE switch, to exchange configuration with directly connected peers.
FCoE protocols supported Ethernet jumbo frames The basic assumption underlying FCoE is that TCP/IP is not required in a local data center network and the necessary functions can be provided with Enhanced Ethernet. The purpose of an “enhanced” Ethernet is to provide reliable, lossless transport for the encapsulated Fibre Channel traffic.
FCoE licensing FCoE licensing The FCoE license enables Fibre Channel over Ethernet (FCoE) functionality on the following supported DCB switches: • Network OS 10 GbE 24-port 8 GbE 8 FC port switch • Network OS VDX 6710, 6720, and 6730 switches •...
DCB configuration management 2. Highlight a discovered DCB switch from the Available Switches list, and click the right arrow button to move the switch to the Selected Switches list. 3. Highlight the selected switch and click OK to start the configuration. The running configuration is saved to the selected switch, effective on the next system startup.
Switch policies Switch policies You can configure and enable a number of DCB policies on a switch, port, or link aggregation group (LAG). The following switch policy configurations apply to all ports in a LAG: • DCB map and Traffic Class map •...
DCB configuration DCB configuration To launch the DCB Configuration dialog box, select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. NOTE For FOS DCB devices, the Protocol Down Reason column, shown in Figure 231, displays the values only for the external ports of embedded platforms but not for the internal ports.
Page 660
DCB configuration FIGURE 232 Edit Switch dialog box - QoS tab 4. Select DCB from the Map Type list. 5. Configure the following DCB Map parameters in the DCB Map area: • Name - Enter a name to identify the DCB map. •...
Page 661
DCB configuration 6. Click the right arrow button to add the map to the DCB Maps list. If a DCB map exists with the same name, a validation dialog box launches and you are asked if you want to overwrite the map. Click OK.
Page 662
DCB configuration Click OK after changing the attributes of the current deployment. The Deployment Status dialog box displays. 8. Click Start on the Deployment Status dialog box to save the changes to the switch. 9. Click Close to close the Deployment Status dialog box. Configuring the DCB interface with the DCB map and global LLDP profile To configure the DCB interface, complete the following steps.
Page 663
DCB configuration The Web Tools application displays. You can also launch Web Tools by clicking the Element Manager button on the DCB Configuration dialog box. 3. Click the DCB tab. 4. Click the VLAN tab. 5. Click Add. The VLAN Configuration dialog box displays. 6.
DCB configuration Adding a LAG Link aggregation, based on the IEEE 802.3ad protocol, is a mechanism to bundle several physical ports together to form a single logical channel or trunk. The collection of ports is called a link aggregation group (LAG). NOTE An internal port cannot be part of a LAG.
Page 665
DCB configuration FIGURE 234 Add LAG dialog box 4. Configure the following LAG parameters: NOTE Ports with 802.1x authentication or ports that are enabled in L2 mode or L3 mode are not supported in a LAG. • LAG ID - Enter the LAG identifier, using a value from 1 through 63. Duplicate LAG IDs are not allowed.
DCB configuration • Type - Sets the limit on the size of the LAG. The type values include Standard, where the LAG is limited to 16 ports, and Brocade LAG, where the LAG is limited to 4 ports. The default is Standard. NOTE You cannot create Fabric OS-type LAGs from different anvil chips.
Page 667
DCB configuration FIGURE 235 Edit Switch dialog box 4. Configure the policies for the Edit Switch dialog box tabs, which are described in the following sections: • “QoS configuration” on page 620 • “FCoE provisioning” on page 626 • “VLAN classifier configuration” on page 628 •...
DCB configuration Editing a DCB port 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a DCB port from the Products/Ports list. 3. Click Edit. The Edit Port dialog box displays, as shown in Figure 236.
DCB configuration 5. When you have finished configuring the policies, apply the settings to the DCB port. NOTE Clicking Cancel when there are pending changes launches a pop-up dialog box. 6. Click OK when you have finished modifying the DCB port parameters. The Deploy to Ports dialog box displays.
Page 670
DCB configuration 4. Configure the following LAG parameters, as required: NOTE Ports with 802.1x authentication or ports that are enabled in L2 mode or L3 mode are not supported in a LAG. • LAG ID - The LAG identifier, which is not an editable field. •...
DCB configuration 8. Click Start on the Deployment Status dialog box to save the changes to the selected LAG or LAGs. NOTE If the primary or secondary IP address already exists on another interface, an error message displays in the Status area. 9.
QoS configuration QoS configuration QoS configuration involves configuring packet classification, mapping the priority and traffic class, controlling congestion, and scheduling. The configuration of these QoS entities consists of DCB Map and Traffic Class Map configuration. In a Data Center Bridging (DCB) configuration, Enhanced Transmission Selection (ETS) and priority-based flow control (PFC) are configured by utilizing a priority table, a priority group table, and a priority traffic table.
QoS configuration Creating a DCB map The procedure in this section applies only for Fabric OS versions earlier than Fabric OS 7.0. When you create a DCB map, each of the Class of Service (CoS) options (0-7) must be mapped to at least one of the Priority Group IDs (0-7) and the total bandwidth percentage must equal 100.
QoS configuration • Precedence - Enter a value from 1 through 100. This number determines the map’s priority. • Priority Flow Control check box - Check to enable priority-based flow control on individual priority groups. • CoS - Click the CoS cell to launch the Edit CoS dialog box, where you can select and assign one or more priorities (PG ID 15.0 through 15.7).
QoS configuration • Precedence - Enter a value from 1 through 100. This number determines the map’s priority. • % Bandwidth - Enter a bandwidth value for priority group IDs 0-7. The total of all priority groups must equal 100 percent. •...
QoS configuration Assigning a DCB map to a port or link aggregation group The Edit Port dialog box - QoS tab allows you to assign DCB maps to ports and LAGs on a selected switch. NOTE QoS maps are created using the Edit Switch dialog box, accessible from the DCB Configuration dialog box.
QoS configuration 6. Click the Traffic Class cell in a CoS row and directly enter a value from 0-7. You can leave the cell empty to indicate zero (0). Click the right arrow button to add the map to the Traffic Class Maps list. If the name of the Traffic Class map already exists, an overwrite warning message displays.
FCoE provisioning 8. Click Start on the Deployment Status dialog box to save the changes to the selected devices. Assigning a Traffic Class map to a port or link aggregation group You can assign a Traffic Class map to a port or ports under the LAG; however, a port does not require a Traffic Class map be assigned to it.
FCoE provisioning Changing the VLAN ID on the default FCoE map You can change the VLAN ID on the default FCoE map only when no ports or LAGs are participating as members of the switch. You must first manually remove the FCoE map option for each of the port members before you change the VLAN ID on the switch.
VLAN classifier configuration 3. Click the FCoE tab on the Edit Port dialog box. The Edit Port dialog box, FCoE tab displays the following parameters: • FCoE Map field — Displays the name of the FCoE map (read-only). • VLAN ID list — The FCoE VLAN identifier associated with the FCoE map. The values range from 2 through 3583, and 1002 is the default.
VLAN classifier configuration Adding a VLAN classifier rule The Edit Switch dialog box, VLAN Classifiers tab allows you to create rules and group them into VLAN classifiers, which can then be applied to access port and LAG VLAN members and converged port VLAN members.
VLAN classifier configuration FIGURE 240 Add Rules dialog box The Rule ID field is pre-populated with the next available rule ID number. 5. Keep the rule ID number as it is, or change the number using a value from 1 through 256. 6.
VLAN classifier configuration • IP — 0x8881 • IPv6 — 0x86DD 4. Select an encapsulation type from the list. Options include Ethv2, nosnapllc, and snapllc. The Encapsulation list only accepts a value when Protocol is selected as the rule type. 5.
LLDP-DCBX configuration Deleting a VLAN classifier group 1. Click the VLAN Classifiers tab on the Edit Switch dialog box. The Edit Switch dialog box, VLAN Classifiers tab displays. 2. Select a classifier from the VLAN Classifiers list. 3. Click Delete. The VLAN classifier group is deleted.
LLDP-DCBX configuration FIGURE 241 Edit Switch dialog box - LLDP-DCBX tab Adding an LLDP profile NOTE When a TE port is selected to assign to an LLDP profile, a yellow banner displays with the following error message: “LLDP-DCBX is disabled on this switch. The configuration becomes functional when LLDP-DCBX is enabled on the switch.”...
LLDP-DCBX configuration • Check the profile parameters that you want to display as part of the LLDP profile from the Advertise list: Port description - The user-configured port description. System name - The user-configured name of the local system. ...
LLDP-DCBX configuration 3. Click the LLDP-DCBX tab on the Edit Switch dialog box. 4. Select an existing LLDP profile from the LLDP Profiles list in the upper right pane. NOTE You cannot delete <Global Configurations>. You can, however, edit global configurations. For more information, refer to “Product configuration templates”...
802.1x authentication 802.1x authentication 802.1x is a standard authentication protocol that defines a client-server-based access control and authentication protocol. 802.1x restricts unknown or unauthorized clients from connecting to a LAN through publicly accessible ports. NOTE 802.1x is not supported for internal ports. A switch must be enabled for 802.1x authentication before you configure its parameters.
802.1x authentication Setting 802.1x parameters for a port The 802.1x parameters can be configured whether or not the feature is enabled on the switch. The default parameters are initially populated when 802.1x is enabled, but you can change the default values as required.
Switch, port, and LAG deployment • Port Control - Select an authorization mode from the list to configure the ports for authorization. Options include auto, force-authorized, or force-unauthorized and the default value is auto. 6. When you have finished the configuration, click OK to launch the Deploy to Ports dialog box. Refer to “Switch, port, and LAG deployment”...
Page 691
Switch, port, and LAG deployment FIGURE 243 Deploy to Products dialog box FIGURE 244 Deploy to Ports dialog box Brocade Network Advisor SAN User Manual 53-1003154-01...
Page 692
Switch, port, and LAG deployment FIGURE 245 Deploy to LAGs dialog box 4. Click one of the following deployment options: • Deploy now • Save and deploy now • Save deployment only • Schedule 5. Click one of the following save configuration options: •...
Page 693
Switch, port, and LAG deployment 8. Select one or more of the following configurations, to be deployed on the selected targets. NOTE These configurations can be pushed to target DCB switches, FOS version 6.3.1_cee or 6.3.1_del. For switches: • QoS, DCB Map •...
Switch, port, and LAG deployment Source to target switch Fabric OS version compatibility for deployment Table 62 lists the restrictions that exist when deploying source switches to target switches. TABLE 62 Source to target switch Fabric OS version compatibility Source Fabric OS version and device Target Fabric OS version supported Comments Fabric OS DCB switch and...
DCB performance DCB performance Performance monitoring provides details about the quantity of traffic and errors a specific port or device generates on the fabric over a specific time frame. You can also use Performance features to indicate the devices that create the most traffic and to identify the ports that are most congested.
Page 696
DCB performance Generating a real-time performance graph from the IP tab To generate a real-time performance graph for a Network OS or FOS DCB switch, complete the following steps. 1. Click the IP tab. 2. Select a DCB port from the DCB Configuration dialog box, and select Real Time Graph from the Performance list.
DCB performance Historical performance graph The Historical Performance Graph dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance graph You can generate a historical performance graph by selecting both Network OS and FOS DCB devices from the IP Tab or by selecting only Network OS DCB devices from the IP tab.
FCoE login groups FCoE login groups The FCoE Configuration dialog box allows you to manage the FCoE login configuration parameters on the DCB switches in all discovered fabrics. FCoE login configuration is created and maintained as a fabric-wide configuration. With the FCoE license, the FCoE Configuration dialog box displays virtual FCoE port information and enables you to manage the virtual port information.
FCoE login groups • Click Edit to launch the Edit Login Group dialog box, where you can edit the login group parameters. See “Editing an FCoE login group” on page 648. • Click Delete to remove the login group from the list. See “Deleting one or more FCoE login groups”...
FCoE login groups 5. Select one of the following Available Member options: • Port WWN — Click to enter the world wide name (WWN) of the port to associate with the selected switch. The member port WWN text field allows a maximum of 16 digits. •...
FCoE login groups • Rename the login group by entering the new name into the Name field. The Allow All option must be selected to rename the login group. • Select one of the following options to add or remove login members into the Available Members list.
Virtual FCoE port configuration 4. Click Start to apply the changes, or click Close to abort the operation. The FCoE login management feature is disabled and all login groups on the selected switch are deleted. The value in the FCoE Login Management State column for the selected switch is Disabled and no login groups appear under the switch after the FCoE Configuration dialog box refresh operation.
Page 703
Virtual FCoE port configuration • There is a dynamic binding between the virtual FCoE port and the physical port or LAG. • There is a static binding between the virtual FCoE port and the physical port or lag and there are end devices connected to it.
Virtual FCoE port configuration Clearing a stale entry A stale entry is a device that logged in and logged off but, because a port went down after an FLOGI was received, the device failed to receive the message. The entry in the FCoE Connected Devices table becomes stale and you must clear it manually.
Chapter Security Management In this chapter • Layer 2 access control list management ......653 •...
Page 706
Layer 2 access control list management Creating a standard Layer 2 ACL configuration (Fabric OS) To create a standard Layer 2 ACL configuration, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.
Page 707
Layer 2 access control list management 11. Click OK on the Device_Name - Layer 2 ACL Configuration dialog box. The Deploy to Products - Layer 2 ACL dialog box displays. To save the configuration, refer to “Saving a security configuration deployment” on page 664 Editing a standard Layer 2 ACL configuration (Fabric OS) To create a standard Layer 2 ACL configuration on a Fabric OS device, complete the following steps.
Page 708
Layer 2 access control list management 4. To edit an existing ACL rule, complete the following steps. a. Select the rule you want to edit in the ACL Entries list and click the left arrow button. b. Complete step 5 through step 9 “Creating a standard Layer 2 ACL configuration (Fabric...
Page 709
Layer 2 access control list management 5. Enter a sequence number for the ACL in the Sequence field. 6. Select Permit or Deny from the Action list. In the Source list, select one of the following options: • • Host •...
Page 710
Layer 2 access control list management Editing an extended Layer 2 ACL configuration (Fabric OS) To edit an extended Layer 2 ACL configuration on a Fabric OS device, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.
Page 711
Layer 2 access control list management 5. To add a new ACL rule, complete step 4 through step 12 “Creating an extended Layer 2 ACL configuration (Fabric OS)” on page 656. The new ACL entry displays in the ACL Entries list. To add additional ACL entries, repeat step 6.
Layer 2 access control list management • Select Deployment_Name (a user-configured deployment) to assign a user-configured deployment on the port. 5. Select the ACL you want to assign to the port from the second Assign ACL list. 6. Select the Write to Product check box to create the selected ACL on the device if it does not already exist.
Layer 2 access control list management Deleting a Layer 2 ACL configuration from the application To delete a Layer 2 ACL configuration from the application, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.
Security configuration deployment Security configuration deployment Figure 256 shows the standard interface used to deploy security configurations. FIGURE 256 Deploy to Product/Ports dialog box Before you can deploy a security configuration, you must create the security configuration. For step-by-step instructions, refer to the following sections: Security Management enables you to configure, persist, and manage a security configuration as a “deployment configuration object”.
Security configuration deployment Deploying a security configuration on demand To deploy a security configuration immediately, complete the following steps. FIGURE 257 Deploy to Product/Ports dialog box 1. Choose one of the following options: • Deploy now — Select to deploy the configuration immediately on the product or port without saving the deployment definition.
Security configuration deployment Saving a security configuration deployment To save a security configuration deployment, complete the following steps. FIGURE 258 Deploy to Product/Ports dialog box 1. Select the Save deployment only option to save the deployment definition for future deployment. 2.
Security configuration deployment Scheduling a security configuration deployment To schedule a security configuration deployment, complete the following steps. FIGURE 259 Deploy to Product/Ports dialog box 1. Select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays. 2.
Page 718
Security configuration deployment 10. Choose one of the following options to configure the frequency at which deployment runs for the schedule: • To configure deployment to run only once, refer to “Configuring a one-time deployment schedule” on page 666. • To configure hourly deployment, refer to “Configuring an hourly deployment schedule”...
Page 719
Security configuration deployment Configuring a daily deployment schedule To configure a daily deployment schedule, complete the following steps. 1. Select Daily from the Frequency list. 2. Select the time of day you want deployment to run from the Time (hh:mm) lists. Where the hour value is from 1 through 12, the minute value is from 00 through 59, and the day or night value is AM or PM.
Page 720
Security configuration deployment Brocade Network Advisor SAN User Manual 53-1003154-01...
Fibre Channel routing overview • Any of the following blades on a Backbone chassis: 4 Gbps Router, Extension Blade FC 8 GB 16-port Blade FC 8 GB 32-port Blade FC 8 GB 32-port Enhanced Blade (16 Gbps 4-slot or 16 Gbps 4-slot Backbone Chassis only) FC 8 GB 48-port Blade - The shared ports area (ports 16-47) cannot be used as EX_Ports.
Guidelines for setting up Fibre Channel routing Figure 260 on page 671 shows a metaSAN with a backbone fabric and three edge fabrics. The backbone consists of one 4 Gbps Router, Extension Switch connecting hosts in Edge fabrics 1 and 3 with storage in Edge fabric 2 and the backbone fabric.
Connecting edge fabrics to a backbone fabric Connecting edge fabrics to a backbone fabric The following procedure explains how to set up FC-FC routing on two edge fabrics connected through an FC router using E_Ports and EX_Ports. NOTE To configure an EX_Port, switches running Fabric OS 7.0.0 or earlier must have an FCR license. Switches running Fabric OS 7.0.1 or later configured in Brocade Native mode (IM0) or Brocade NOS mode (IM5) do not require an FCR license.
Page 725
Connecting edge fabrics to a backbone fabric FIGURE 261 Router Configuration-Connect Edge Fabric dialog box 3. Select the FC router from the Available Routers list. 4. Click the right arrow button to move the FC router you selected to the Selected Router list. 5.
Configuring routing domain IDs 9. Configure LSAN zones in each fabric that will share devices. For specific instructions, refer to “Configuring LSAN zoning” on page 911. Configuring routing domain IDs Logical (phantom) domains are automatically created to enable routed fabrics. Two types of logical domains are created: •...
Virtual Fabrics overview Terminology for Virtual Fabrics Table 63 lists definitions of Virtual Fabrics terms. TABLE 63 Virtual Fabrics terms Term Definition Physical chassis The physical switch or chassis from which you create logical switches and fabrics. Logical switch A collection of ports that act as a single Fibre Channel (FC) switch. When Virtual Fabrics is enabled on the chassis, there is always at least one logical switch: the default logical switch.
Virtual Fabrics requirements Virtual Fabrics requirements To configure Virtual Fabrics, you must have at least one Virtual Fabrics-enabled physical chassis running Fabric OS 6.2.0 or later in your SAN. Use one of the following options to discover a Virtual Fabrics-enabled physical chassis on the Management application topology: •...
Page 730
Virtual Fabrics requirements TABLE 65 Blade and port types supported on logical switches for backbone chassis Logical switch type Ports • Default logical switch Extension Blade — E_Ports, F_Ports, GE_Ports, and VE_Ports • Application Platform Blade — E_Ports and F_Ports •...
FICON best practices for Virtual Fabrics FICON best practices for Virtual Fabrics Use the following recommended best practices and considerations for configuring Virtual Fabrics in a FICON environment when following the procedures under “Configuring Virtual Fabrics” page 680: • When configuring the logical switch in the New Logical Fabric Template or New Logical Switch dialog box (Fabric tab), use the following parameters.
Configuring Virtual Fabrics • When the Logical Switch Change Conformation and Status dialog box displays after configuring logical switches through the Logical Switches dialog box, be sure the following parameters are selected: Re-Enable ports after moving them. Unbind Port Addresses while moving them QoS disable the ports while moving them.
Configuring Virtual Fabrics d. Enable all of the base switches. This forms the base fabric. Right-click each base switch in the Connectivity Map or Product List and select Enable/Disable > Enable. 3. Set up logical switches in each physical chassis. a.
Configuring Virtual Fabrics Disabling Virtual Fabrics ATTENTION Disabling Virtual Fabrics deletes all logical switches, returns port management to the physical chassis, and reboots the physical chassis. If these logical switches are participating in a fabric, all affected fabrics will be disrupted. 1.
Page 735
Configuring Virtual Fabrics 2. Select the physical chassis from which you want to create a logical switch in the Chassis list. You can display all logical switches from all chassis by selecting the Show Logical Switches from all Chassis check box. 3.
Page 736
Configuring Virtual Fabrics • Logical switches in an edge fabric connected to an FC router • A logical switch in InteropMode 2 or InteropMode 3 • The logical switch has VE_Ports and is running Fabric OS 6.4.x or earlier • The logical switch has lossless DLS and is running Fabric OS 7.0.x or earlier NOTE For switches running Fabric OS 7.0.0 or later, VE_Ports on the 8 Gbps Extension Blade are...
Configuring Virtual Fabrics Finding the physical chassis for a logical switch The Management application enables you to locate the physical chassis in the Product List from which the logical switch was created. To find the physical chassis for a logical switch, right-click the logical switch in the Connectivity Map or Product List and select Virtual Fabric >...
Configuring Virtual Fabrics Click the right arrow button to move the selected ports to the logical switch. If you selected the Addressing check box, enter the starting port address in the Bind Port Address dialog box. The ports display in the selected logical switch node in the Existing Logical Switches list. 8.
Configuring Virtual Fabrics Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box. The Re-Enable ports after moving them and QoS disable the ports while moving them check boxes are selected by default.
Configuring Virtual Fabrics Configuring fabric-wide parameters for a logical fabric When you create a logical switch, you must assign it to a fabric and configure fabric-wide parameters. All the switches in a fabric must have the same fabric-wide settings. Instead of configuring these settings separately on each logical switch, you can create a logical fabric template, which defines the fabric-wide settings for a logical fabric.
Configuring Virtual Fabrics NOTE When you close the Logical Switches dialog box, the logical fabric templates are automatically deleted. Create the logical switches first, before closing the dialog box, to use the template. Applying logical fabric settings to all associated logical switches You can apply a selected logical switch configuration to all logical switches in the same fabric.
Configuring Virtual Fabrics 5. Change the FID in the Logical Fabric ID field. 6. Click OK on the Edit Properties dialog box. The logical switch displays under the new logical fabric node in the Existing Logical Switches list. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box.
Page 743
Configuring Virtual Fabrics Click OK on the Edit Properties dialog box. The Base Switch column in the Existing Logical Switches list now displays Yes for the logical switch. 8. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box.
Page 744
Configuring Virtual Fabrics Brocade Network Advisor SAN User Manual 53-1003154-01...
Encryption user privileges • “Blade processor links” on page 707 describes the steps for interconnecting encryption switches or blades in an encryption group through a dedicated LAN. This must be done before the encryption engines are enabled. Security parameters and certificates cannot be exchanged if these links are not configured and active.
Smart card usage • Establishing a trusted link with the NetApp LKM/SSKM key vault. • Decommissioning a LUN. When a quorum of authentication cards is registered for use, authentication must be provided before you are granted access. Registering authentication cards from a card reader To register an authentication card or a set of authentication cards from a card reader, have the cards physically available.
Page 750
Smart card usage 3. Locate the Authentication Card Quorum Size and select the quorum size from the list. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Smart card usage Registering authentication cards from the database Smart cards that are already in the Management program’s database can be registered as authentication cards. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Smart card usage Deregistering an authentication card Authentication cards can be removed from the database and the switch by deregistering them. Complete the following procedure to deregister an authentication card. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Smart card usage Using system cards System cards are smart cards that can be used to control activation of encryption engines. You can choose whether the use of a system card is required or not. Encryption switches and blades have a card reader that enables the use of a system card.
Smart card usage Enabling or disabling the system card requirement To use a system card to control activation of an encryption engine on a switch, you must enable the system card requirement. If a system card is required, it must be read by the card reader on the switch.
Smart card usage Deregistering system cards System cards can be removed from the database by deregistering them. Use the following procedure to deregister a system card: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Page 756
Smart card usage FIGURE 272 Smart Card Asset Tracking dialog box The Smart Cards table lists the known smart cards and the details for the smart cards. These details include the following: • Card ID: Lists the smart card ID, prefixed with an ID that identifies how the card id used. For example, rc.123566b700017818, where rc stands for recovery card.
Page 757
Smart card usage • Delete button: Deletes a selected smart card from the Management application database. NOTE You can remove smart cards from the table to keep the Smart Cards table at a manageable size, but removing the card from the table does not invalidate it; the smart card can still be used.
Smart card usage Editing smart cards Smart cards can be used for user authentication, master key storage and backup, and as a system card for authorizing use of encryption operations. 1. From the Encryption Center dialog box, select Smart Card > Edit Smart Card from the menu task bar to display the Edit Smart Card dialog box.
Network connections Network connections Before you use the encryption setup wizard for the first time, you must have the following required network connections: • The management ports on all encryption switches and DCX Backbone Chassis CPs that have Encryption Blades installed must have a LAN connection to the SAN management program, and must be available for discovery.
Encryption node initialization and certificate generation Configuring blade processor links To configure blade processor links, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.
Key Management Interoperability Protocol Setting encryption node initialization Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a configuration. Encryption nodes may also be initialized from the Encryption Center dialog box. 1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from the menu task bar.
Key Management Interoperability Protocol Configuration parameters The encryption group object has three additional properties that can be configured when the key vault (KV) type is KMIP. These additional properties must be set by the user: • High availability • User credentials •...
Key Management Interoperability Protocol Key vault type and vendor The key vault type for any KMIP-compliant key vault is shown on the switch as “KMIP” in the groupcfg output. The key vault vendor or key manager name is displayed under “Server SDK Version”.
Supported encryption key manager appliances Authentication Quorum Size: Authentication Cards not configured NODE LIST Total Number of defined nodes: Group Leader Node Name: 10:00:00:05:1e:53:ae:4c Encryption Group state: CLUSTER_STATE_CONVERGED Crypto Device Config state: In Sync Encryption Group Config state: In Sync Node Name IP address Role...
Steps for connecting to a DPM appliance Steps for connecting to a DPM appliance All switches that you plan to include in an encryption group must have a secure connection to the RSA Data Protection Manager (DPM). The following is a suggested order of steps needed to create a secure connection to the DPM.
Steps for connecting to a DPM appliance 4. Do one of the following: • If a CSR is present, click Export. • If a CSR is not present, select a switch from the Encryption Center Devices table, then select Switch > Init Node from the menu task bar. This generates switch security parameters and certificates, including the KAC CSR.
Steps for connecting to a DPM appliance In the example above, the certificate validity is active until “Dec 4 18:03:14 2010 GMT.” After the KAC certificate has expired, the registration process must be redone. NOTE In the event that the signed KAC certificate must be re-registered, you will need to log in to the key vault web interface and upload the new signed KAC certificate for the corresponding switch Identity.
Page 768
Steps for connecting to a DPM appliance Open another web browser window, and start the RSA management user interface. You will need the URL, and have the proper authority level, user name, and password. NOTE The Identity Group name used in the next step might not exist in a freshly installed DPM. To establish an Identity Group name, click the Identity Group tab, and create a name.
Steps for connecting to a DPM appliance Uploading the KAC certificate onto the DPM appliance (manual identity enrollment) NOTE The switch will not use the Identity Auto Enrollment feature supported with DPM 3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x server with the switch as described in this section.
Steps for connecting to an LKM/SSKM appliance FIGURE 276 Encryption Group Properties with Key Vault Certificate 2. Select Load from File and browse to the location on your client PC that contains the downloaded CA certificate in .pem format. Steps for connecting to an LKM/SSKM appliance The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network appliance.
Steps for connecting to an LKM/SSKM appliance Launching the NetApp DataFort Management Console The NetApp DataFort Management Console (DMC) must be installed on your PC or workstation to complete certain procedures described in this chapter. Refer to the appropriate DMC product documentation for DMC installation instructions.
Steps for connecting to an LKM/SSKM appliance Obtaining and importing the LKM/SSKM certificate Certificates must be exchanged between the LKM/SSKM appliance and the encryption switch to enable mutual authentication. You must obtain a certificate from the LKM/SSKM appliance and import it into the encryption Group Leader. The encryption Group Leader exports the certificate to other encryption group members.
Steps for connecting to an LKM/SSKM appliance Exporting and registering the switch KAC certificates on LKM/SSKM 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.
Steps for connecting to an LKM/SSKM appliance Data Encryption Keys The following sections describe Data Encryption Key (DEK) behavior during DEK creation, retrieval, and updates as they relate to disk keys and tape pool keys, and tape LUN and DF-compatible tape pool support: Disk keys and tape pool keys (Brocade native mode support) Data Encryption Key (DEK) creation, retrieval, and update for disk and tape pool keys in Brocade...
Steps for connecting to an ESKM/SKM appliance LKM/SSKM key vault deregistration Deregistration of either the primary or secondary LKM/SSKM key vault from an encryption switch or blade is allowed independently. • Deregistration of Primary LKM/SSKM: You can deregister the Primary LKM/SSKM from an encryption switch or blade without deregistering the backup or secondary LKM/SSKM for maintenance or replacement purposes.
Steps for connecting to an ESKM/SKM appliance • Enable an SSL connection. Refer to “Enabling SSL on the Key Management System (KMS) Server” on page 729. • Configure a cluster of ESKM/SKM appliances for high availability. Refer to the following sections: “Creating an ESKM/SKM High Availability cluster”...
Steps for connecting to an ESKM/SKM appliance Registering the ESKM/SKM Brocade group user name and password The Brocade group user name and password you created when configuring a Brocade group on ESKM/SKM must also be registered on each encryption node. NOTE This operation can be performed only after the switch is added to the encryption group.
Steps for connecting to an ESKM/SKM appliance • Different user names and passwords can never be used within the same encryption group, but each encryption group may have its own user name and password. • If you change the user name and password, the keys created by the previous user become inaccessible.
Steps for connecting to an ESKM/SKM appliance FIGURE 279 Creating an HP ESKM/SKM local CA 5. Under Certificates & CAs, select Trusted CA Lists to display the Trusted Certificate Authority List Profiles. 6. Click on Default under Profile Name. In the Trusted Certificate Authority List, click Edit. 8.
Page 780
Steps for connecting to an ESKM/SKM appliance 3. Enter the required information under Create Certificate Request. Enter a Certificate Name and Common Name. The same name may be used for both. Enter your organizational information. Enter the E-mail Address where you want messages to the Security Officer to go. Enter the Key Size.
Steps for connecting to an ESKM/SKM appliance Enabling SSL on the Key Management System (KMS) Server The KMS Server provides the interface to the client. Secure Sockets Layer (SSL) must be enabled on the KMS Server before this interface will operate. After SSL is enabled on the first appliance, it will be enabled automatically on the other cluster members.
Steps for connecting to an ESKM/SKM appliance Copying the local CA certificate for a clustered ESKM/SKM appliance Before adding an ESKM/SKM appliance to a cluster, you must obtain the local CA certificate from the original ESKM/SKM or from an ESKM/SKM that is already in the cluster. 1.
Steps for connecting to an ESKM/SKM appliance 15. Click Browse, then select the Cluster Key File you saved. 16. Enter the cluster password, then click Join. 17. After adding all members to the cluster, delete the cluster key file from the desktop. 18.
Steps for connecting to an ESKM/SKM appliance Importing a signed KAC certificate into a switch After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported into the switch. NOTE This operation can be performed only after the switch is added to the encryption group. 1.
Steps for connecting to an ESKM/SKM appliance Data Encryption Keys The following sections describe Data Encryption Key (DEK) behavior during DEK creation, retrieval, and updates as they relate to disk keys and tape pool keys, and tape LUN and DF-compatible tape pool support: Disk keys and tape pool keys support Data Encryption Key (DEK) creation, retrieval, and update for disk and tape pool keys are as...
Steps for connecting to a TEKA appliance ESKM/SKM key vault deregistration Deregistration of either the primary or secondary ESKM/SKM key vault from an encryption switch or blade is allowed independently. • Deregistration of primary ESKM: You can deregister the primary ESKM/SKM from an encryption switch or blade without deregistering the backup or secondary ESKM/SKM for maintenance or replacement purposes.
Steps for connecting to a TEKA appliance Setting up TEKA network connections Communicating to TEKA is enabled over an SSL connection. Two IP addresses are needed. One IP address is used for the management interface, and a second IP address is used for communication with clients.
Steps for connecting to a TEKA appliance Creating a client on TEKA This step assumes the group brocade has been created by an administrator. If the group brocade does not exist, you must log in to TEKA as officer and create the group, then assign the group to a manager.
Steps for connecting to a TEKA appliance 6. Click Add Client. Enter the user name from step 3 in the Name field. 8. Enter a password in the Password and Verify Password fields. 9. Select the group brocade from the group pull-down menu, then click Add Client. A TEKA client user is created and is listed in the table.
Steps for connecting to a TEKA appliance The following rules apply for TEKA: • The key vault user name and user group name are generated on the switch. To view those values, select Switch > Properties, then click Key Vault User Name. •...
Steps for connecting to a TKLM appliance FIGURE 285 Import Signed Certificate dialog box 2. Browse to the location where the signed certificate is stored, then click OK. The signed certificate is stored on the switch. Steps for connecting to a TKLM appliance All switches you plan to include in an encryption group must have a secure connection to the Tivoli Key Lifecycle Manager (TKLM).
Steps for connecting to a TKLM appliance 11. Import the server CA certificate and register TKLM on the encryption Group Leader nodes. Refer to “Importing the TKLM certificate into the group leader” on page 742. 12. Enable the encryption engines. Exporting the Fabric OS node self-signed KAC certificates Each Fabric OS node generates a self-signed KAC certificate as part of the node initialization process as described under...
Steps for connecting to a TKLM appliance 3. Click Add on the Devices table menu task bar, which adds the entry to the table. 4. Under Device Serial Number, enter the serial number that is displayed for each node that you are adding to the device group.
Steps for connecting to a TKLM appliance Exporting the TKLM self-signed server certificate The TKLM self-signed server certificate must be exported in preparation for importing and registering the certificate on a Fabric OS encryption Group Leader node. 1. Enter the TKLM server wsadmin CLI. For Linux (in ./wsadmin.sh): <installed directory>/IBM/tivoli/tiptklmV2/bin/wsadmin.sh -username TKLMAdmin -password <password>...
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 286 Import Signed Certificate dialog box 3. Browse to the location where the signed certificate is stored, then click OK. The signed certificate is stored on the switch. Steps for connecting to a KMIP-compliant SafeNet KeySecure With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP) KeySecure Management Console can be used on the switch.
Steps for connecting to a KMIP-compliant SafeNet KeySecure Setting FIPS compliance 1. From the KeySecure Management Console, select the Security tab, then select Advanced Security, > High Security. The High Security Configuration page displays. (Refer to Figure 287.) FIGURE 287 KeySecure High Security Configuration page 2.
Steps for connecting to a KMIP-compliant SafeNet KeySecure Creating a local CA 1. From the KeySecure Management Console, select the Security tab, then select CAs & SSL Certificates > Local CAs. The Certificate and CA Configuration page displays. (Refer to Figure 288.) FIGURE 288...
Steps for connecting to a KMIP-compliant SafeNet KeySecure Creating a server certificate 1. From the Security tab, select CAs & SSL Certificates > SSL Certificates. The Certificate and CA Configuration page displays. (Refer to Figure 290.) FIGURE 290 KeySecure Certificate and CA Configuration page 2.
Page 799
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 291 KeySecure Certificate and CA Configuration page - Certificate List 3. Verify the server certificate status is shown as Request Pending. 4. Click on the server certificate name that you just created (Safenet75ServerCert), which displays the certificate contents.
Page 800
Steps for connecting to a KMIP-compliant SafeNet KeySecure 5. Copy the certificate contents. 6. From the Security tab, select CAs & SSL Certificates > Local CAs. The Certificate and CA Configuration page displays. Under Local Certificate Authority List, select the CA certificate you just created (SafeNetCA), then click Sign Request.
Page 801
Steps for connecting to a KMIP-compliant SafeNet KeySecure 8. Select Server as the Certificate Purpose and verify the Certificate Duration length. The default is 3649 days. 9. Paste the server certificate contents that you copied (refer to step 5) in the Certificate Request text box, then click Sign Request.
Page 802
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 296 KeySecure Certificate and CA Configuration page - Certificate Installation 14. After the page refreshes, the new certificate information is displayed in the Certificate List table. (Refer to Figure 297.) FIGURE 297 KeySecure Certificate and CA Configuration page - Certificate List 15.
Steps for connecting to a KMIP-compliant SafeNet KeySecure Creating a cluster 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Cluster. The Cluster Configuration page displays. (Refer to Figure 298.) FIGURE 298 KeySecure Cluster Configuration page 2.
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 299 KeySecure Cluster Configuration page - Cluster Members 4. Under Cluster Settings, click Download Cluster Key. (Refer to Figure 300.) You are prompted to enter a local file name. FIGURE 300 KeySecure Cluster Configuration page - Cluster Settings Configuring a Brocade group on the KeySecure A Brocade group is configured on the KeySecure for all keys created by encryption switches and...
Steps for connecting to a KMIP-compliant SafeNet KeySecure 3. Select Local Users & Groups under Users & Groups. 4. Select Add under Local Users. 5. Create a Brocade user name and password. 6. Select the User Administration Permission and Change Password Permission check boxes, then click Save.
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 302 Key Vault Credentials dialog box The dialog box contains the following information: • Primary Key Vault: Primary Key Vault is preselected. KMIP key vaults are clustered, so only one set of credentials is needed. •...
Page 807
Steps for connecting to a KMIP-compliant SafeNet KeySecure 6. The Certificate and CA Configuration page displays. Under Local Certificate Authority List, select the local CA name, and verify that its CA Status is shown as Active. 8. Click Sign Request. The Sign Certificate Request page displays.
Steps for connecting to a KMIP-compliant SafeNet KeySecure Importing a signed KAC certificate into a switch After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported into the switch. NOTE This operation can be performed only after the switch is added to the encryption group. 1.
Steps for connecting to a KMIP-compliant SafeNet KeySecure Backing up the certificates 1. From the KeySecure Management Console, select the Device tab, then select Maintenance > Backup & Restore > Create Backup. The Backup and Restore page displays. (Refer to Figure 305.) FIGURE 305...
Page 810
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 306 Backup and Restore page - Device items 5. Select the items for backup, then click Continue. The Create Backup page displays, which is used for setting backup details. (Refer to Figure 307.) FIGURE 307...
Steps for connecting to a KMIP-compliant SafeNet KeySecure Configuring the KMIP server 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Key Server > Key Server. The Cryptographic Key Server Configuration page displays. (Refer to Figure 308.) FIGURE 308...
Steps for connecting to a KMIP-compliant SafeNet KeySecure Adding a node to the cluster Perform the following steps on the secondary KeySecure node when adding it to the cluster. 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration >...
Page 813
Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 310 KeySecure Cluster Configuration page - Cluster Members 6. Verify that both KeySecure nodes are shown as Active. From the Devices tab, select Maintenance > Backup and Restore > Restore Backup. The Backup and Restore page displays.
Steps for connecting to a KMIP-compliant keyAuthority 8. Under Restore Backup, select Upload from browser, then enter a file name or browse to the file location. 9. Enter the Backup Password in the field provided, then click Restore. 10. After the certificate is restored to the secondary node from the previously backed-up primary node, select Maintenance >...
Encryption preparation Encryption preparation Before you use the encryption setup wizard for the first time, you should have a detailed configuration plan in place and available for reference. The encryption setup wizard assumes the following: • You have a plan in place to organize encryption devices into encryption groups. •...
Creating a new encryption group Creating a new encryption group The following steps describe how to start and run the encryption setup wizard and create a new encryption group. NOTE When a new encryption group is created, any existing tape pools in the switch are removed. 1.
Page 817
Creating a new encryption group FIGURE 314 Configure Switch Encryption wizard - welcome screen 4. From the Configure Switch Encryption welcome screen, click Next to begin. The Designate Switch Membership dialog box displays (Figure 315). The dialog box contains the following options: •...
Page 818
Creating a new encryption group 5. For this procedure, verify that Create a new encryption group containing just this switch is selected, then click Next. NOTE If you are adding a switch to an encryption, refer to “Adding a switch to an encryption group” page 801.
Page 819
Creating a new encryption group Click Next. The Select Key Vault. dialog box displays. (Refer to Figure 317.) FIGURE 317 Select Key Vault dialog box Using this dialog box, you can select a key vault for the encryption group that contains the selected switch.
Page 820
Creating a new encryption group Thales e-Security keyAuthority (TEKA): If an encryption group contains mixed firmware nodes, the Encryption Group Properties Key Vault Type name is based on the firmware version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or later, the Key Vault Type is displayed as “Thales e-Security keyAuthority (TEKA).”If a switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as “Thales Key Manager (TEMS)”.
Creating a new encryption group 8. Select the Key Vault Type. Configuration options vary based on the key vault type you choose. To complete the wizard steps, proceed to the section that describes your particular key vault type. For DPM key vault setting instructions, see “Configuring key vault settings for RSA Data Protection Manager (DPM)”...
Page 822
Creating a new encryption group 1. Enter the IP address or host name for the primary key vault. If you are clustering DPM appliances for high availability, IP load balancers are used to direct traffic to the appliances. Use the IP address of the load balancer. 2.
Page 823
Creating a new encryption group FIGURE 320 Specify Master Key File Name dialog box Enter the location of the file where you want to store back up master key information, or browse to the desired location. 8. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Page 824
Creating a new encryption group FIGURE 321 Select Security Settings dialog box 10. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 825
Creating a new encryption group FIGURE 322 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 323.) FIGURE 323 Configuration Status dialog box 12. Review the post-configuration instructions, which you can copy to a clipboard or print for later, then click Next.
Creating a new encryption group FIGURE 324 Next Steps dialog box 13. Review the post-configuration instructions, which you can copy to a clipboard or print for later, then click Finish to exit the wizard. Configuring key vault settings for NetApp Link Key Manager (LKM/SSKM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard.
Page 827
Creating a new encryption group FIGURE 325 Select Key Vault dialog box for LKM/SSKM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate, or browse to the desired location.
Page 828
Creating a new encryption group FIGURE 326 Specify Public Key Certificate (KAC) File Name dialog box 4. Specify the location of the file where you want to store the public key certificate that is used to authenticate connections to the key vault. The certificate stored in this file is the switch’s public key certificate.
Page 829
Creating a new encryption group FIGURE 327 Select Security Settings dialog box 6. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 830
Creating a new encryption group FIGURE 328 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 329.) FIGURE 329 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step.
Page 831
Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. See “Understanding configuration status results” on page 800 for more information. 8. Verify the information is correct, then click Next. The Next Steps dialog box displays.
Creating a new encryption group Configuring key vault settings for HP Enterprise Secure Key Manager (ESKM/SKM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard. If you have not already done so, go to “Creating a new encryption group”...
Page 833
Creating a new encryption group FIGURE 332 Specify Certificate Signing Request File Name dialog box 6. Enter the location of the file where you want to store the certificate information, or browse to the desired location, then click Next. The Specify Master Key File Name dialog box displays. (Refer to Figure 333.) FIGURE 333...
Page 834
Creating a new encryption group 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays. (Refer to Figure 334.) FIGURE 334 Select Security Settings dialog box 9. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above.
Page 835
Creating a new encryption group FIGURE 335 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 336.) FIGURE 336 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step.
Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. See “Understanding configuration status results” on page 800 for more information. 11. Review important messages, then click Next. The Next Steps dialog box displays.
Page 837
Creating a new encryption group FIGURE 338 Select Key Vault dialog box for TEKA 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate, or browse to the desired location.
Page 838
Creating a new encryption group FIGURE 339 Specify Master Key File Name dialog box 6. Enter the name of the file used for backing up the master key or browse to the desired location. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Page 839
Creating a new encryption group 9. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 840
Creating a new encryption group FIGURE 342 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Creating a new encryption group FIGURE 343 Next Steps dialog box 12. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 13. Click Finish to exit the Configure Switch Encryption wizard. 14. Refer to “Understanding configuration status results”...
Page 842
Creating a new encryption group FIGURE 344 Select Key Vault dialog box for TKLM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the desired location.
Page 843
Creating a new encryption group FIGURE 345 Specify Public Key Certificate (KAC) File Name dialog box 5. Enter the name of the file where the switch’s public key certificate is stored, or browse to the desired location, then click Next. The Specify Master Key File Name dialog box displays.
Page 844
Creating a new encryption group Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays. (Refer to Figure 347.) FIGURE 347...
Page 845
Creating a new encryption group FIGURE 348 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 349.) FIGURE 349 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step.
Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. 11. Click Next. The Next Steps dialog box displays. (Refer to Figure 350.) Instructions for installing public key certificates for the encryption switch are displayed.
Page 847
Creating a new encryption group • With the introduction of Fabric OS 7.2.0, KMIP with TEKA 4.0 is also supported, but must be configured using the CLI. All nodes in a keyAuthority encryption group must be running Fabric OS 7.2.0 or later. For configuration instructions, refer to the Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments.
Page 848
Creating a new encryption group • Username: Activates the Primary and Backup Key Vault User Names for completion. • None: Deactivates Primary and Backup Key Vault User Names and password fields. 6. Select the Certificate Type. Options are: • CA Signed: The switch KAC certificate is signed by a CA, imported back on the switch and registered as a KAC certificate.
Page 849
Creating a new encryption group FIGURE 353 Specify Master Key File Name dialog box 9. Enter the name of the file used for backing up the master key, or browse to the desired location. 10. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
Page 850
Creating a new encryption group FIGURE 354 Select Security Settings dialog box 12. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
Page 851
Creating a new encryption group FIGURE 355 Confirm Configuration dialog box 14. Confirm the encryption group name and switch public key certificate file name you specified are correct, then click Next. The Configuration Status dialog box displays. (Refer to Figure 356.) FIGURE 356 Configuration Status dialog box...
Creating a new encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Adding a switch to an encryption group 3. Register the key vault. The Management application registers the key vault using the cryptocfg reg keyvault command. 4. Enable the encryption engines. The Management application initializes an encryption switch using the cryptocfg initEE [<slotnumber>] and cryptocfg regEE [<slotnumber>] commands.
Page 854
Adding a switch to an encryption group FIGURE 358 Configure Switch Encryption wizard - welcome screen 3. Click Next. The Designate Switch Membership dialog box displays. (Refer to Figure 359.) FIGURE 359 Designate Switch Membership dialog box 4. For this procedure, select Add this switch to an existing encryption group, then click Next. The Add Switch to Existing Encryption Group dialog box displays.
Page 855
Adding a switch to an encryption group The dialog box contains the following information: • Encryption Groups table: Enables you to select an encryption group in which to add a switch. • Member Switches table: Lists the switches in the selected encryption group. NOTE If you are creating a new encryption group, refer to “Creating a new encryption group”...
Page 856
Adding a switch to an encryption group FIGURE 361 Specify Public Key Certificate (KAC) File Name dialog box 6. Enter the location where you want to store the public key certificate that is used to authenticate connections to the key vault, or browse to the desired location, then click Next. The Confirm Configuration dialog box displays.
Page 857
Adding a switch to an encryption group The Configuration Status dialog box displays. (Refer to Figure 363.) FIGURE 363 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
Page 858
Adding a switch to an encryption group FIGURE 364 Error Instructions dialog box 8. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 9. Click Finish to exit the Configure Switch Encryption wizard. Brocade Network Advisor SAN User Manual 53-1003154-01...
Replacing an encryption engine in an encryption group Replacing an encryption engine in an encryption group To replace an encryption engine in an encryption group with another encryption engine within the same DEK Cluster, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
High availability clusters High availability clusters A high availability (HA) cluster consists of exactly two encryption engines configured to host the same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single fabric. One encryption engine can take over encryption and decryption tasks for the other encryption engine if that member fails or becomes unreachable.
High availability clusters Creating HA clusters For the initial encryption node, perform the following procedure. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select an encryption group from the Encryption Center Devices table, then select Group > HA Cluster from the menu task bar.
High availability clusters 3. Click the right arrow to add the encryption engine to the selected HA cluster. 4. Click OK. Removing engines from an HA cluster Removing the last engine from an HA cluster also removes the HA cluster. If only one engine is removed from a two-engine cluster, you must either add another engine to the cluster, or remove the other engine.
Configuring encryption storage targets Failback option The Failback option determines the behavior when a failed encryption engine is restarted. When the first encryption engine comes back online, the encryption group’s failback setting (auto or manual) determines how the encryption engine resumes encrypting and decrypting traffic to its encryption targets.
Configuring encryption storage targets 5. Confirmation 6. Configuration Status Important Instructions Adding an encryption target 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select a group, switch, or engine from the Encryption Center Devices table to which to add the target, then select Group/Switch/Engine >...
Page 866
Configuring encryption storage targets The dialog box contains the following information: • Encryption engine: The name of the encryption engine. The list of engines depends on the scope being viewed: If an encryption group was selected, the list includes all engines in the group. If a switch was selected, the list includes all encryption engines for the switch.
Page 867
Configuring encryption storage targets 6. Select a target from the list. (The Target Port WWN and Target Node WWN fields contain all target information that displays when using the nsShow command.) You can also enter WWNs manually, for example, to specify a target that is not on the list. Select a target type from the Type list, then click Next.
Page 868
Configuring encryption storage targets NOTE You must enter the host node world wide name before clicking Add, to add the WWN to the Selected Hosts table. • Node WWN text box: Type a world wide name for a host node. NOTE You must also enter the host port world wide name before clicking Add to add the node WWN to the Selected Hosts table.
Page 869
Configuring encryption storage targets FIGURE 372 Name Container dialog box 10. Enter the container name. The container name is a logical encryption name to specify a name other than the default. You can use a maximum of 31 characters. Letters, digits, and underscores are allowed.
Page 870
Configuring encryption storage targets The Confirmation screen contains the following information: • Encryption Engine: The slot location of the encryption engine. • Container Name: The logical encryption name used to map storage targets and hosts to virtual targets and virtual initiators. •...
Page 871
Configuring encryption storage targets 13. Review any post-configuration instructions or messages, which you can copy to a clipboard or print for later, then click Next. The Next Steps screen displays. (Refer to Figure 375.) Post-configuration instructions for installing public key certificates for the encryption switch are displayed. These instructions are specific to the key vault type.
Configuring hosts for encryption targets Configuring hosts for encryption targets Use the Encryption Target Hosts dialog box to edit (add or remove) hosts for an encrypted target. NOTE Hosts are normally selected as part of the Configure Switch Encryption wizard, but you can also edit hosts later using the Encryption Target Hosts dialog box.
Page 873
Configuring hosts for encryption targets FIGURE 377 Encryption Target Hosts dialog box NOTE Both the Hosts in Fabric table and the Selected Hosts table now contain a Port ID column to display the 24-bit PID of the host port. 4. Select one or more hosts in a fabric using either of the following methods: a.
Adding target disk LUNs for encryption Adding target disk LUNs for encryption You can add a new path to an existing disk LUN or add a new LUN and path by launching the Add New Path wizard. NOTE Before you can add a target disk LUN for encryption, you must first configure the Storage Arrays. For more information, see “Configuring storage arrays”...
Page 875
Adding target disk LUNs for encryption • Encryption path table: Should be LUN/Path identified by the following: LUN Path Serial # Target Port Initiator Port Container Name Switch Name Fabric State Thin Provision LUN Encryption Mode Encrypt Existing Data Key ID •...
Page 876
Adding target disk LUNs for encryption 4. Select the target port from the Target Port table, then click Next. The Select Initiator Port dialog box displays. (Refer to Figure 380.) FIGURE 380 Select Initiator Port dialog box The dialog box is used to select an initiator port when configuring multiple I/O paths to a disk LUN.
Page 877
Adding target disk LUNs for encryption FIGURE 381 Select LUN dialog box The dialog box is used to select a LUN when configuring multiple I/O paths to a disk LUN. The dialog box contains the following information: • Storage Array The storage array selected from the LUN view prior to launching the Add New Path wizard.
Page 878
Adding target disk LUNs for encryption 9. Click Finish. The new LUN path is added to the Encryption Disk LUN View table. 10. Click OK on the LUN view to commit the operation. NOTE With the introduction of Fabric OS v7.1.0, the maximum number of uncommitted configuration changes per disk LUN (or maximum paths to a LUN) is 512 transactions.
Adding target disk LUNs for encryption Configuring storage arrays The storage array contains a list of storage ports that will be used later in the LUN centric view. You must assign storage ports from the same storage array for multi-path I/O purposes. On the LUN centric view, storage ports in the same storage array are used to get the associated CryptoTarget containers and initiators from the database.
Adding target disk LUNs for encryption SRDF pairs Remote replication is implemented by establishing a synchronized pair of SRDF devices connected by FC or IP links. A local source device is paired with a remote target device while data replication is taking place.
Adding target tape LUNs for encryption Note the following when using the New LUN option: • Both LUNs that form an SRDF pair must be added to their containers using the New LUN option. • For any site, all paths to a given SRDF device must be configured with the New LUN option. •...
Page 882
Adding target tape LUNs for encryption FIGURE 384 Encryption Targets dialog box 3. Select a target tape storage device from the Encryption Targets table, then click LUNs. The Encryption Target Tape LUNs dialog box displays. (Refer to Figure 385.) FIGURE 385 Encryption Target Tape LUNs dialog box 4.
Page 883
Adding target tape LUNs for encryption FIGURE 386 Add Encryption Target Tape LUNs dialog box 5. Select a host from the Host list. Before you encrypt a LUN, you must select a host, then either discover LUNs that are visible to the virtual initiator representing the selected host, or enter a range of LUN numbers to be configured for the selected host.
Moving targets • Enable Write Early Ack: When selected, enables tape write pipelining on this tape LUN. Use this option to speed long serial writes to tape, especially for remote backup operations. • Enable Read Ahead: When selected, enables read pre-fetching on this tape LUN. Use this option to speed long serial read operations from tape, especially for remote restore operations.
Configuring encrypted tape storage in a multi-path environment Configuring encrypted tape storage in a multi-path environment This example assumes one host is accessing one storage device using two paths: • The first path is from Host Port A to Target Port A, using Encryption Engine A for encryption. •...
Tape LUN write early and read ahead Tape LUN write early and read ahead The tape LUN write early and read ahead feature uses tape pipelining and prefetch to speed serial access to tape storage. These features are particularly useful when performing backup and restore operations, especially over long distances.
Tape LUN statistics FIGURE 388 Encryption Target Tape LUNs dialog box - Setting tape LUN read ahead and write early 4. In the Enable Write EarlyAck and Enable Read Ahead columns, when the table is populated, you can set these features as desired for each LUN: •...
Tape LUN statistics Viewing and clearing tape container statistics You can view LUN statistics for an entire crypto tape container or for specific LUNs. To view or clear statistics for tape LUNs in a container, follow these steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Tape LUN statistics • Uncompressed blocks: The number of uncompressed blocks written to tape. • Compressed blocks: The number of compressed blocks written to tape. • Uncompressed Bytes: The number of uncompressed bytes written to tape. • Compressed Bytes: The number of compressed bytes written to tape. •...
Tape LUN statistics 4. Select the LUN or LUNs for which to display or clear statistics, then click Statistics. The Tape LUN Statistics dialog box displays. (Refer to Figure 392.) The statistic results based on the LUN or LUNs you selected is displayed. Tape LUN statistics are cumulative. FIGURE 392 Tape LUN Statistics dialog box The dialog box contains the following information:...
Page 891
Tape LUN statistics NOTE You can also select a group, switch, or engine from the Encryption Center Devices table, then click the Targets icon. The Encryption Targets dialog box displays. (Refer to Figure 393.) A list of configured CryptoTarget containers is displayed. FIGURE 393 Encryption Targets dialog box 3.
Encryption engine rebalancing • Uncompressed Bytes: The number of uncompressed bytes written to tape. • Compressed Bytes: The number of compressed bytes written to tape. • Host Port WWN: The WWN of the host port that is being used for the write operation. 4.
Master keys Rebalancing an encryption engine To re-balance an encryption engine, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select an engine, then select Engine > Re-Balance from the menu task bar. A warning message displays, noting the potential disruption of disk and tape I/O, and that the operation may take several minutes.
Master keys Active master key The active master key is used to encrypt newly created data encryption keys (DEKs) prior to sending them to a key vault to be stored. You can restore the active master key under the following conditions: •...
Master keys • Create new master key: Enabled when no master key exists, or the previous master key has been backed up. Refer to “Creating a new master key” on page 849. You must create a new master key when the status is Required but not created. NOTE If a master key was not created, Not Used is displayed as the status and the Master Key Actions list is unavailable.
Master keys 6. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. Re-enter the passphrase for verification, then click OK. ATTENTION Save the passphrase. This passphrase is required if you ever need to restore the master key from the file.
Master keys 6. Re-enter the passphrase for verification, then click OK. A dialog box displays that shows the Key ID. The Key ID identifies the storage location in the key vault. Store both the Key ID and the passphrase in a secure place. Both will be required to restore the master key in the future.
Master keys 8. Enter the mandatory last name and first name of the person to whom the card is assigned. 9. Enter a Card Password. 10. Re-enter the password for verification. 11. Record and store the password in a secure location. 12.
Master keys FIGURE 398 Restore Master Key for Encryption Group dialog box - Restore from file 4. Choose the active or alternate master key for restoration, as appropriate. 5. Select File as the Restore From location. 6. Enter a file name, or browse to the desired location. Enter the passphrase.
Master keys FIGURE 399 Restore Master Key for Encryption Group dialog box - Restore from key vault 4. Choose the active or alternate master key for restoration, as appropriate. 5. Select Key Vault as the Restore From location. 6. Enter the key ID of the master key that was backed up to the key vault. Enter the passphrase.
Master keys FIGURE 400 Restore Master Key for Encryption Group dialog box - Restore from smart cards 4. Choose the active or alternate master key for restoration, as appropriate. 5. Select A Recovery Set of Smart Cards as the Restore From location. 6.
Security settings Security settings Security settings help you identify if system cards are required to initialize an encryption engine and also determine the number of authentication cards needed for a quorum. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Using the Encryption Targets dialog box NOTE Zeroizing an engine affects the I/Os, but all target and LUN configurations remain intact. Encryption target configuration data is not deleted. You can zeroize an encryption engine only if it is enabled (running), or disabled but ready to be enabled.
Redirection zones To access the Encryption Targets dialog box, complete the following steps. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select a group, switch, or engine from the Encryption Center Devices table, then select Group/Switch/Engine >...
Disk device decommissioning Disk device decommissioning A disk device needs to be decommissioned when any of the following occurs: • The storage lease expires for an array, and devices must be returned or exchanged. • Storage is reprovisioned for movement between departments. •...
Disk device decommissioning Decommissioning disk LUNs Use the following procedure to decommission a disk LUN. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select a group, switch, or engine from the Encryption Center Devices table that contains the storage device to be configured, then select Group/Switch/Engine >...
Page 907
Disk device decommissioning In order to delete keys from the key vault, you need to know the Universal ID (UUID). To display vendor-specific UUIDs of decommissioned key IDs, complete the following procedure: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Rekeying all disk LUNs manually Displaying Universal IDs In order to delete keys from the key vaults, you need to know the Universal ID (UUID) associated with the decommissioned disk LUN key IDs. To display the Universal IDs, complete the following procedure: 1.
Rekeying all disk LUNs manually Setting disk LUN Re-key All To rekey all disk LUNs on an encryption node, complete these steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.
Rekeying all disk LUNs manually FIGURE 405 Pending manual rekey operations Viewing disk LUN rekeying details You can view details related to the rekeying of a selected target disk LUN from the LUN Re-keying Details dialog box. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Rekeying all disk LUNs manually 4. Click Add. The Add Disk LUNs dialog box displays. This dialog box includes a table of all LUNs in the storage device that are visible to the hosts. 5. Click Re-keying Details. The LUN Re-keying Details dialog box displays. The dialog box contains the following information: •...
Page 912
Rekeying all disk LUNs manually FIGURE 407 Re-Key Sessions Status dialog box The dialog box contains the following information: • LUN #: The LUN number. • LUN Serial #: The LUN serial number. • Re-Key Session #: The number assigned to the rekeying session. •...
Thin provisioned LUNs 3. Click Refresh periodically to update the display. Thin provisioned LUNs With the introduction of Fabric OS 7.1.0, the switch can discover if a disk LUN is a thin provisioned LUN. Support for a thin provisioned LUN is limited to disk containers only. Thin provisioned LUNs can be created with the new LUN option.
Viewing time left for auto rekey thin-provisioned LUNs results in an attempt by the encryption switch to overwrite data up to the size of the logical size of the thin-provisioned LUN, rather than limiting FTE/rekeying to the size of the physically allocated LUN size or to the data that has been written.
Viewing and editing switch encryption properties FIGURE 408 Encryption Targets Disk LUNs dialog box - Time left for auto rekey Viewing and editing switch encryption properties To view switch encryption properties, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
Page 916
Viewing and editing switch encryption properties FIGURE 409 Encryption Switch Properties dialog box The dialog box contains the following information: • Switch Properties table: A list of properties associated with the selected switch • Name: The name of the selected switch •...
Page 917
Viewing and editing switch encryption properties • Encryption Group: The name of the encryption group to which the switch belongs • Encryption Group Status: Status options are: OK/Converged: the Group Leader can communicate with all members Degraded: the Group Leader cannot communicate with one or more members. The following operations are not allowed: key vault changes, master key operations, enable/disable encryption engines, Failback mode changes, HA Cluster creation or addition (removal is allowed), tape pool changes, and any configuration changes for...
Page 918
Viewing and editing switch encryption properties • Primary Key Vault Link Key Status/Backup Key Vault Link Key Status: Status options are: Not Used: The key vault type is not LKM/SSKM. No Link Keys, ready to establish: No access request has been sent to an LKM/SSKM, or a previous request was not accepted.
Viewing and editing switch encryption properties • Re-Balance Recommended: Indicates if LUN rebalancing is recommended for an encryption engine that is hosting both disk and tape LUNs. Options are Yes and No. • System Card Status: The current status of system card information for the encryption engine.
Viewing and editing encryption group properties Enabling and disabling the encryption engine state from Properties To enable the encryption engine, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.
Viewing and editing encryption group properties FIGURE 411 Encryption Group Properties dialog box The dialog box contains the following information: • General tab: For a description of the dialog box, refer to “General tab” on page 869. • Members tab: For a description of the dialog box, refer to “Members tab”...
Page 922
Viewing and editing encryption group properties FIGURE 412 Encryption Group Properties dialog box - General tab The dialog box contains the following information: • Encryption Group Name: The name of the encryption group. • Group Status: The status of the encryption group. Options are: OK-Converged: The Group Leader can communicate with all members.
Page 923
Viewing and editing encryption group properties • Key Vault Type: Options are: RSA Data Protection Manager (DPM): If an encryption group contains mixed firmware nodes, the Encryption Group Properties Key Vault Type name is based on the firmware version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or later, the Key Vault Type is displayed as “RSA Data Protection Manager (DPM).”If a switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as “RSA Key Manager (RKM)”.
Page 924
Viewing and editing encryption group properties • Backup Key Vault Connection Status: The status of the backup key vault link. Options are: Connected Unknown/Busy Not configured Not responding Failed authentication • High Availability Mode: (For KMIP key vault type.) Options are: Opaque: Both the primary and secondary key vaults are registered on the switch.
Viewing and editing encryption group properties Members tab The Members tab lists group switches, their role, and their connection status with the Group Leader. The table columns are not editable. The tab displays the configured membership for the group and includes the following: •...
Page 926
Viewing and editing encryption group properties FIGURE 413 Encryption Group Properties dialog box - Members tab Members tab Remove button You can click the Remove button to remove a selected switch or group from the encryption group table. • You cannot remove the Group Leader unless it is the only switch in the group. If you remove the Group Leader, the Management application also removes the HA cluster, the target container, and the tape pool (if configured) that are associated with the switch.
Viewing and editing encryption group properties The consequences of removing the last switch in a group (which will be the Group Leader) are all switch removal consequences noted above, plus the following: • The encryption group is deleted. • All configured tape pools are deleted. Table 67 explains the impact of removing switches.
Page 928
Viewing and editing encryption group properties FIGURE 414 Encryption Group Properties dialog box - Security tab The dialog box contains the following information: • Master Key Status: Displays the status of the master key. Possible values are: Not used: Displays when LKM/SSKM is the key vault. Required but not created: Displays when a master key needs to be created.
Viewing and editing encryption group properties • Registered Authentication Cards table: Lists the registered authentication cards. Group Card #: The number of cards that are registered. Card ID: The card serial number. First Name and Last Name: The first and last name of the person assigned to the card. The names are identified when the authentication card is first registered.
Page 930
Viewing and editing encryption group properties • Non-HA Encryption Engines table: Displays a list of encryption engines that are not configured for high-availability clustering • High-Availability Clusters table: A list of encryption engines that have been selected for high-availability clustering. •...
Viewing and editing encryption group properties Link Keys tab NOTE The Link Keys tab displays only if the key vault type is NetApp LKM/SSKM. Connections between a switch and an NetApp LKM/SSKM key vault require a shared link key. Link keys are used only with LKM/SSKM key vaults.
Viewing and editing encryption group properties FIGURE 416 Encryption Group Properties dialog box - Link Keys tab Tape Pools tab Tape pools are managed from the Tape Pools tab. From the Tape Pools tab, you can add, modify, and remove tape pools. •...
Page 933
Viewing and editing encryption group properties FIGURE 417 Encryption Group Properties dialog box - Tape Pools tab Tape pools overview Tape cartridges and volumes can be organized into a tape pool (a collection of tape media). The same data encryption keys are used for all cartridges and volumes in the pool. Tape pools are used by backup application programs to group all tape volumes used in a single backup or in a backup plan.
Page 934
Viewing and editing encryption group properties NOTE If groups are not visible in the Encryption Center Devices table, select View > Groups from the menu task bar. 3. Click Add. The Add Tape Pool dialog box displays. (Refer to Figure 418.) The Name tape pool label type is the default;...
Viewing and editing encryption group properties 6. Enter the number of days to use a key before obtaining a new one, if you choose to enforce a key lifespan. The default is Infinite (a blank field or a value of 0), which is the recommended setting.
Encryption-related acronyms in log messages NOTE You cannot replace an encryption engine if it is part of an HA cluster. Encryption-related acronyms in log messages Fabric OS log messages related to encryption components and features may have acronyms embedded that require interpretation. Table 68 lists some of those acronyms.
Zoning overview Blue Zone Server 2 Server 1 Storage 2 Red Zone Storage 1 RAID Green Zone Storage 3 Server 3 FIGURE 421 Zoning NOTE Zone objects based on physical port number or port ID (D,I ports) are not supported in Network OS fabrics.
Zoning overview • QoS zones Assign high or low priority to designated traffic flows. Quality of Service (QoS) zones are standard zones with additional QoS attributes that you select when you create the zone. • Traffic Isolation zones (TI zones) Isolate inter-switch traffic to a specific, dedicated path through the fabric.
Zone database size Zoning naming conventions The naming rules for zone names, zone aliases, and zone configuration names vary with the type of fabric. The following conventions apply: • Names must start with an alphabetic character and may contain alphanumeric characters and the underscore ( _ ) character.
Zoning configuration Zoning configuration At a minimum, zoning configuration entails creating zones and zone members. However, you can also create zone aliases, zone configurations, and zone databases. You can define multiple zone configurations, deactivating and activating individual configurations as your needs change. Zoning configuration can also involve enabling or disabling the default zone.
Zoning configuration 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4.
Zoning configuration Adding members to a zone Use this procedure to add a member to a zone when the member is listed in the Potential Members list of the Zone DB tab. Enterprise and Professional Plus editions: For instructions to add a member to a zone when the member is not listed in the Potential Members list, refer to the procedure “Creating a member in a zone”...
Zoning configuration 9. Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Creating a member in a zone Use this procedure to add a member to a zone when the member is not listed in the Potential Members list of the Zone DB tab.
Zoning configuration Removing a member from a zone Use the following procedure to remove one or more members from a zone or zones. Note that the member is not deleted; it is only removed from the zone. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays.
Zoning configuration Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Deleting a zone 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3.
Zoning configuration 5. (Optional) Type a new name for the zone and press Enter to save the name. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors. Click OK and enter a different name or accept the default name assigned to the zone.
Zoning configuration 6. Make sure the appropriate fabric is named on the Zoning Policies dialog box. Perform one of the following actions based on the task you want to complete: • To enable the default zone, click Enable, and then click OK. •...
Zoning configuration Editing a zone alias 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a fabric from the Zoning Scope list. 4.
Zoning configuration 6. Select one or more objects that you want to remove from the alias in the Alias list. (Press SHIFT or CTRL and click each member to select more than one member.) You can select objects from different zone aliases. Right-click one of the selected objects and select Remove.
Zoning configuration 3. Select a fabric from the Zoning Scope list. 4. Select Alias from the Type list. 5. Right-click the zone alias you want to delete and select Delete. 6. Click Yes on the confirmation message. The selected zone alias is deleted from the Alias list. Click OK or Apply on the Zoning dialog box to save your changes.
Zoning configuration Add zones to the zone configuration. For step-by-step instructions, refer to “Adding zones to a zone configuration” on page 900. 8. Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Viewing zone configuration properties 1.
Zoning configuration Removing a zone from a zone configuration Use the following procedure to remove a zone from a zone configuration. Note that the zone is not deleted; it is only removed from the zone configuration. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays.
Zoning configuration 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. (Optional) Select a zone database from the Zone DB list (Enterprise and Professional Plus editions only).
Zoning configuration • The selected fabric is not supported by the Management application. • The selected fabric is no longer discovered. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Active Zone Configuration tab. 3.
Zoning configuration 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Select one or more zone configurations in the Zone Configurations list that you want to delete, then right-click and select Delete.
Zoning configuration 6. Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Creating an offline zone database Offline zone databases are supported only in Enterprise and Professional Plus editions. Use this procedure to create a zone database and save it offline.
Zoning configuration Deleting an offline zone database 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning databases for the selected entity.
Zoning configuration 5. If the active zone configuration names are the same in each fabric, then load the offline repository, and activate the zone configuration on each fabric. 6. If the active configuration names are different in each fabric, rename the zone configurations to be the same, and copy the zones.
Page 960
Zoning configuration 4. Select a database from the Editable Zone DB list. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases. In the Editable Zone DB area, each element type and element display with an icon indicator (Table 69) to show the...
Zoning configuration Creating a common active zone configuration in two fabrics Before you can merge two fabrics, the defined and active zone configurations in both fabrics must match. Refer to “Merging two zone databases” on page 907 for instructions on how to merge the zone databases in two fabrics.
Zoning configuration Exporting an offline zone database NOTE You cannot export an online zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select an offline zone database from the Zone DB list. 3. Select Export from the Zone DB Operation list. The Export Zone DB dialog box displays.
LSAN zones LSAN zones Connecting to another network through a Fibre Channel (FC) router, you can create an LSAN zone to include zone objects on other fabrics. No merging takes place across the FC router when you create an LSAN zone. Supported configurations for LSAN zoning LSAN zoning is available only for backbone fabrics and any directly connected edge fabrics.
LSAN zones 8. Review the information in the Activate LSAN Zones dialog box. LSAN zones that contain online members are automatically included in the Destination Fabrics list. For LSAN zones that contain offline members, you can click the right arrow button to assign these zones to fabrics in the Destination Fabrics list.
LSAN zones 9. Click OK to activate the LSAN zones. A message displays informing you about the effects of LSAN zone activation and asking whether you want to proceed. Click Yes to confirm the activation, or click No to cancel the activation.
LSAN zones 9. Click OK to activate the LSAN zones. A message displays informing you about the effects of LSAN zone activation and asking whether you want to proceed. Click Yes to confirm the activation, or click No to cancel the activation.
LSAN tagging 10. Click OK to continue. All LSAN zones are activated on the selected fabrics and saved to their respective zone databases. 11. Click OK to close the Zoning dialog box. Activating LSAN zones 1. Select a backbone fabric from the Connectivity Map or Product List. 2.
Traffic Isolation zones Traffic Isolation zones A Traffic Isolation zone (TI zone) is a special zone that isolates inter-switch traffic to a specific, dedicated path through the fabric. A TI zone contains a list of E_Ports, followed by a list of N_Ports. When the TI zone is activated, the fabric attempts to isolate all inter-switch traffic between N_Ports to only those E_Ports that have been included in the zone.
Traffic Isolation zones 8. Click OK or Apply to save your changes. The Traffic Isolation zones are saved, but are not activated. The Traffic Isolation zones are activated when you activate a zone configuration in the same zone database. Creating a Traffic Isolation zone Traffic Isolation zones are configurable only on a Fabric OS device.
Traffic Isolation zones 4. (Optional) If you want to show all discovered fabrics in the Potential Members list, right-click in the Potential Members list and select Display All. 5. Select one or more Traffic Isolation zones to which you want to add members in the Zones list. (Press SHIFT or CTRL and click each zone name to select more than one zone.) 6.
Traffic Isolation zones Disabling a Traffic Isolation zone NOTE Traffic Isolation zones are configurable only on a Fabric OS device. Traffic Isolation zones are enabled by default when you create them. Use this procedure to disable a Traffic Isolation zone. To apply the settings and deactivate the zone, you must activate a zone configuration in the same zone database.
Boot LUN zones • If you create a TI zone with E_Ports only, failover must be enabled. If failover is disabled, the specified ISLs will not be able to route any traffic. • Ensure that there are multiple paths between switches. Disabling failover locks the specified route so that only TI zone traffic can use it.
Boot LUN zones 4. Launch the New Boot LUN Zone dialog box by performing one of the following options: • Select New Boot LUN Zone from the New Zone list. • Right-click a zone in the Zones list and select New Boot LUN Zone. The New Boot LUN Zone dialog box displays.
Zoning administration A message displays that a Boot LUN zone already exists and asks whether you want to overwrite the existing zone. 9. Click Yes. The existing Boot LUN zone is replaced by the version you just created. Deleting a Boot LUN zone Boot LUN zones are deleted the same way that standard zones are deleted.
Page 976
Zoning administration FIGURE 423 Compare/Merge Zone DBs dialog box 3. Select a database from the Reference Zone DB list. 4. Select a database from the Editable Zone DB list. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases.
Zoning administration Select the Differences only check box to display only the differences between the selected databases. 8. Select the Sync Scroll Enable check box to synchronize scrolling between the selected databases. 9. Click Previous or Next to navigate line-by-line in the Editable Zone DB area. 10.
Zoning administration 3. Enter the maximum number of zone database changes that can be made for that fabric before a zone configuration is activated. To set a limit, enter a positive integer. To allow unlimited changes, enter 0. 4. Repeat step 2 step 3 for each fabric on which you want to set limits.
Zoning administration 3. Select a zone database that you have checked out (your user name is in the Current User column) in the Zone DB list. 4. Select Undo CheckOut from the Zone DB Operation list. 5. Click Yes in the confirmation message. This removes the user names of users currently logged in to the client from the Current User column for this zone database.
Zoning administration Finding zones in a zone configuration Use this procedure to locate all instances of a zone in the Zone Configurations list on the Zone DB tab. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2.
Zoning administration 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Right-click in the Potential Members list and select List Zone Members. The List Zone Members dialog box displays.
Zoning administration 5. Click OK on the Offline Device Management dialog box. A warning message displays informing you that the selected zone members will be replaced from all zones and aliases in the selected zone DB. 6. Click OK on the message. Click OK or Apply on the Zoning dialog box to save your changes.
Zoning administration 2. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 3. Select Offline Utility from the Zone DB Operation list. The Offline Device Management dialog box displays.
Page 984
Zoning administration 8. Click OK on the Offline Device Management dialog box. A warning message displays informing you that the selected zone members will be removed from all zones and aliases in the selected zone DB. 9. Click OK on the message. 10.
FCIP services licensing FCIP services licensing Most of the FCIP extension services described in this chapter require the High Performance Extension over FCIP/FC license. FICON emulation features require additional licenses. The following features and licensing apply to the 8 Gbps Extension platforms. •...
FCIP platforms and supported features FCIP platforms and supported features The following Fabric OS platforms that support FCIP: • The 8 Gbps Extension Switch. • The 8 Gbps Extension blade (8-slot Backbone Chassis, 4-slot Backbone Chassis). NOTE The 8 Gbps Extension blade is supported in 16 Gbps Backbone and Director Chassis, IPv6 addressing is not supported in conjunction with IPsec on all platforms in Fabric OS version v7.0, but will be supported in a later version.Table 70...
FCIP trunking The way FCIP tunnels and virtual ports map to the physical GbE ports depends on the switch or blade model. The 8 Gbps Extension Switch and 8 Gbps Extension Blade tunnels are not tied to a specific GbE port, and may be assigned to any virtual port within the allowed range. The mapping of GbE ports to tunnels and virtual port numbers is summarized in Table TABLE 71...
FCIP trunking FCIP tunnel restrictions for FCP and FICON emulation features Multiple FCIP tunnels are not supported between pairs of Extension Switches and Blades when any of the FICON or FCP emulation features are enabled on the tunnel unless TI Zones or LS/LF configurations are used to provide deterministic flows between the switches.
FCIP trunking FCIP circuit failover capabilities Each FCIP circuit is assigned a metric, which is used in managing failover for FC traffic. Typically, the metric will be either 0 or 1. If a circuit fails, FCIP Trunking tries first to retransmit any pending send traffic over another lowest metric circuit.
FCIP trunking The following actions occur during circuit failures: • If either circuit 0 or circuit 1 fails, traffic flows over the remaining circuit while the failed circuit is being recovered. The available bandwidth is still considered to be 1.5 Gbps. •...
Page 992
FCIP trunking • A valid failover group requires at least one metric 0 circuit and at least one metric 1 circuit. If you do not configure these, a warning will display. If there is no metric 0 circuit and only a metric 1 circuit, the metric 1 circuit will be used, regardless of whether there are metric 0 circuits in another failover group.
Page 993
FCIP trunking Table 74 illustrates circuit failover in a tunnel with circuits in failover groups and circuits that are not part of failover groups. In this configuration, all data is initially load balanced over circuit.1, circuit 2, and circuit 3 (when they are all active). The following occurs during circuit failover: •...
Adaptive Rate Limiting Adaptive Rate Limiting Adaptive Rate Limiting (ARL) is performed on FCIP tunnel connections to change the rate in which the FCIP tunnel transmits data through the TCP connections. This feature is available only on the 8 Gbps Extension Switches and 8 Gbps Extension Blades. ARL uses information from the TCP connections to determine and adjust the rate limit for the FCIP tunnel dynamically.
IPsec and IKE implementation over FCIP 4. Click Advanced Settings. The Advanced Settings dialog box is displayed. This dialog box has a Transmission tab, Security tab, and FICON Emulation tab. Configure QoS percentages on the Transmission tab (Figure 428). FIGURE 428 Advanced Settings Transmission Tab 5.
IPsec and IKE implementation over FCIP IPsec for the 4 Gbps platforms IPsec uses some terms that you should be familiar with before beginning your configuration. These are standard terms, but are included here for your convenience. Term Definition Advanced Encryption Standard. FIPS 197 endorses the Rijndael encryption algorithm as the approved AES for use by US Government organizations and others to protect sensitive information.
QOS, DSCP, and VLANs IPSec for the 8 Gbps platforms The 8 Gbps platforms use AES-GCM-ESP as a single, pre-defined mode of operation for protecting all TCP traffic over an FCIP tunnel. AES-GCM-ESP is described in RFC-4106. Key features are listed below: •...
QOS, DSCP, and VLANs DSCP quality of service Layer three class of service DiffServ Code Points (DSCP) refers to a specific implementation for establishing QoS policies as defined by RFC2475. DSCP uses six bits of the Type of Service (TOS) field in the IP header to establish up to 64 different values to associate with data traffic priority.