1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Software
  5. WFT-2D
  6. User manual

Brocade Communications Systems WFT-2D User Manual

San user manual
Hide thumbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

Download this manual
53-1003154-01
®
11 July 2014
Brocade Network Advisor
SAN User Manual
Supporting Network Advisor 12.3.0

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems WFT-2D

Summary of Contents for Brocade Communications Systems WFT-2D

  • Page 1 53-1003154-01 ® 11 July 2014 Brocade Network Advisor SAN User Manual Supporting Network Advisor 12.3.0...
  • Page 2 Copyright © 2010-2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, MLX, SAN Health, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
  • Page 3 Title Publication number Summary of changes Date Brocade Network Advisor SAN User Manual 53-1002696-01  Updated for Network December 2012 Advisor 12.0.0. Brocade Network Advisor SAN User Manual 53-1002948-01 Updated for Network July 2013 Advisor 12.1.0. Brocade Network Advisor SAN User Manual 53-1003057-01 Updated for Network January 2014 Advisor 12.2.0.
  • Page 4 Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 5: Table Of Contents

    Contents About This Document How this document is organized ......xliii Supported hardware and software ......xlv What’s new in this document .
  • Page 6 Connecting to the database using the ODBC client (Linux systems) ....... . . 23 Changing the database user password .
  • Page 7 Troubleshooting host discovery......66 VM Manager discovery ........67 VM Manager discovery requirements .
  • Page 8 Name settings ......... . . 94 Setting names to be unique .
  • Page 9 Chapter 5 User Account Management Users overview .........139 Configuration requirements .
  • Page 10 Chapter 6 Web Client Web client overview ........165 License .
  • Page 11 Exporting the dashboard display ..... . .273 Printing the dashboard display ......273 Attaching and detaching the Dashboard tab .

  • Page 12: View Management

    User-defined performance monitors ......324 Monitor types ........324 Measures .
  • Page 13 Customizing the main window ......368 Zooming in and out of the Connectivity Map ... . .368 Showing levels of detail on the Connectivity Map .
  • Page 14 Testing the Call Home center connection ....403 Disabling a Call Home center ......403 Viewing Call Home status .

  • Page 15: Configuring

    Chapter 11 Server Management Console Server Management Console overview ..... .427 Launching the SMC on Windows ..... . .427 Launching the SMC on Linux .
  • Page 16 Launching a remote SMIA configuration tool....459 Service Location Protocol (SLP) support ....459 Home tab .
  • Page 17 Determining port status ......522 Viewing port optics........522 Port commissioning .
  • Page 18 Chapter 14 Storage Port Mapping Storage port mapping overview ......561 Creating a storage array ........562 Adding storage ports to a storage array .

  • Page 19: Configuring

    Role-based access control ....... .593 Host adapter management privileges ....593 Host adapter administrator privileges .
  • Page 20 QoS configuration ........620 Priority-based flow control .

  • Page 21: Virtual Fabrics

    Chapter 17 Security Management Layer 2 access control list management.....653 Fabric OS Layer 2 ACL configuration ....653 Creating a Layer 2 ACL from a saved configuration.

  • Page 22: Enabling

    Deregistering an authentication card ....700 Setting a quorum for authentication cards ....700 Using system cards .

  • Page 23: Configuring

    Copying the local CA certificate for a clustered ESKM/SKM appliance ....... .730 Adding ESKM/SKM appliances to the cluster .
  • Page 24 Configuring key vault settings for IBM Tivoli Key Lifetime Manager (TKLM) ......789 Configuring key vault settings for Key Management Interoperability Protocol.

  • Page 25: Exporting

    Creating a new master key ......849 Security settings ........850 Zeroizing an encryption engine .

  • Page 26: Creating

    Creating a member in a zone ......892 Removing a member from a zone..... . .893 Renaming a zone .
  • Page 27 Disabling failover on a Traffic Isolation zone ....920 Boot LUN zones .........921 Creating a Boot LUN zone .

  • Page 28: Displaying

    FCIP Fastwrite and Tape Acceleration ....948 FICON emulation features ....... .949 IBM z/OS Global Mirror (z Gm) emulation .
  • Page 29 Chapter 23 Fabric Binding Fabric Binding overview ........985 Viewing fabric binding membership .
  • Page 30 Chapter 25 FICON Environments FICON configurations ........1017 Configuring a switch for FICON operation .
  • Page 31 Chapter 27 Fibre Channel Troubleshooting FC troubleshooting ........1053 Tracing FC routes .
  • Page 32 Limitations of bottleneck detection ....1102 Enabling bottleneck alerts and configuring alert parameters ........1102 Inheriting alert parameters from a switch .
  • Page 33 XISL and backbone E_Port monitors ....1174 Flow Generator ........1177 Flow Generator setup .

  • Page 34: Creating

    Viewing configuration policy manager status ....1238 Viewing existing configuration policy managers ... . . 1239 Adding a configuration policy manager .

  • Page 35: Creating

    Configuring event actions for Snort messages ..1293 Pseudo events ........1295 Displaying pseudo event definitions .
  • Page 36 Chapter 33 Monitoring and Alerting Policy Suite Monitoring and Alerting Policy Suite overview ....1327 MAPS role-based access control..... . 1328 Enabling MAPS on a device.
  • Page 37 MAPS violations........1374 MAPS events .

  • Page 38: User Privileges

    Appendix A Application menus Dashboard main menus ....... . .1411 SAN main menus.
  • Page 39 Appendix F Regular Expressions Appendix G Troubleshooting Application Configuration Wizard troubleshooting ... 1502 Browser troubleshooting....... . 1502 Client browser troubleshooting .
  • Page 40 EE_MONITOR_STATS_30MIN_INFO ....1766 EE_MONITOR_STATS_2HOUR_INFO ....1766 EE_MONITOR_STATS_1DAY_INFO .
  • Page 41 ROLE_PRIVILEGE_INFO ......1818 PORT_PROFILE_INFO....... 1819 PORT_PROFILE_INTERFACE_INFO .
  • Page 42 VCS_CLUSTER_MEMBER_INFO..... . . 1863 RESET_VCS_LICENSED ......1864 TRILL_TRUNK_INFO .

  • Page 43: About This Document

    About This Document In this chapter • How this document is organized ....... . . xliii •...

  • Page 44: Access Levels

    • Chapter 14, “Storage Port Mapping,” provides instructions about how to create and assign properties to a storage device. • Chapter 15, “Host Management,” provides information on how to configure an HBA. • Chapter 16, “Fibre Channel over Ethernet,” provides information on how to configure FCoE. •...

  • Page 45: Supported Hardware And Software

    Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some devices but not to others, this guide identifies exactly which devices are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc.
  • Page 46 TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required Brocade M6505 embedded switch 24-port, 16 Gbps embedded switch Fabric OS v7.2.0 or later Brocade 6510 switch 48-port, 16 Gbps switch Fabric OS v7.0.0 or later Brocade 6520 switch 96-port, 16 Gbps switch Fabric OS v7.1.0 or later...
  • Page 47 TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required 1, 2 Brocade DCX with FC10-6 Blades 8-slot Backbone Chassis with FC 10 - 6 ISL Blade Fabric OS v6.2.0 1, 2 Brocade DCX with FS8-18 Blades 8-slot Backbone Chassis with Encryption Blade Fabric OS v6.1.1_enc or later 1, 2...

  • Page 48: What's New In This Document

    TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required 1, 2 FX8-24 Blade 8 Gbps Extension Blade Professional can discover but not manage this device. Use the device’s Element Manager, which can be launched from the Connectivity Map, to manage the device.

  • Page 49: Document Conventions

    Performance Data Configuring a monitor from a performance graph  IP real-time performance monitoring  Traffic flow dashboard monitors  VLAN Management VLAN Manager  Port VLAN  • Information that was deleted: License support for Ethernet fabrics For further information about new features and documentation updates for this release, refer to the release notes.

  • Page 50: Key Terms

    Key terms For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary http://www.snia.org/education/dictionary Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations.

  • Page 51: Other Industry Resources

    Other industry resources For additional resource information, visit the Technical Committee T11 website. This website provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.org Getting technical help...

  • Page 52: Document Feedback

    • Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the switch • Brocade 7600—On the bottom of the chassis • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX and DCX-4S—On the bottom right on the port side of the chassis 4.

  • Page 53: Getting Started

    Chapter Getting Started In this chapter • User interface components ........1 •...
  • Page 54 User interface components FIGURE 1 Main window 1. Menu bar — Lists commands you can perform on the Management application. The available commands vary depending on which tab (SAN or Dashboard) you select. For a list of available commands, refer to Appendix A, “Application menus”.

  • Page 55: Management Server And Client

    Management server and client Management server and client The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores device-related information; it does not have a user interface. To view information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines.

  • Page 56: Launching A Remote Client

    Management server and client 5. Click OK on the Login Banner dialog box. The Management application displays. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. Launching a remote client NOTE For higher performance, use a 64-bit JRE.

  • Page 57: Clearing Previous Versions Of The Remote Client

    Management server and client Click Login. 8. Click OK on the Login Banner dialog box. The Management application displays. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. Clearing previous versions of the remote client The remote client link in the Start menu does not automatically upgrade when you upgrade the Management application.

  • Page 58: Launching The Configuration Wizard

    Management server and client FIGURE 3 Management application web client log in page 2. Enter your user name and password. NOTE Do not enter Domain\User_Name in the User ID field for LDAP server authentication. 3. Press Enter or click the log in arrow icon. 4.
  • Page 59 Management server and client 1. Choose one of the following options: • On Windows systems, select Start > Programs > Management_Application_Name 12.X.X > Management_Application_Name Configuration. • On UNIX systems, execute on the terminal. sh Install_Home/bin/configwizard 2. Click Next on the Welcome screen. 3.
  • Page 60 Management server and client • Options dialog box (does not display all IP addresses) • Firmware import and download dialog box • Firmware import for Fabric OS and Network OS products • FTP button in Technical Support Repository dialog box •...
  • Page 61 Management server and client d. Enter a port number in the Starting Port Number field (default is 24600). NOTE For Professional software, the server requires 15 consecutive free ports beginning with the starting port number. NOTE For Trial and Licensed software, the server requires 18 consecutive free ports beginning with the starting port number.

  • Page 62: Viewing Active Sessions

    Management server and client 11. Choose one of the following options: • If you configured authentication to CAC, enter your PIN in the CAC PIN field. • If you configured authentication to the local database, an external server (RADIUS, LDAP, or TACACS+) or a switch, enter your user name and password.

  • Page 63: Disconnecting Users

    Management server and client Disconnecting users To disconnect a user, complete the following steps. 1. Select Server > Active Sessions. The Active Sessions dialog box displays. 2. Select the user you want to disconnect and click Disconnect. 3. Click Yes on the confirmation message. The user you disconnected receives the following message: The Client has been disconnected by User_Name from IP_Address at Disconnected_Date_and_Time.

  • Page 64: Viewing Port Status

    Management server and client TABLE 2 Server Properties Field/Component Description Java VM Vendor The Java Virtual Machine vendor. Java VM Version The Java Virtual Machine version running on the server. Server Name The server’s name. OS Architecture The operating system architecture on the server. OS Name The name of the operating system running on the server.

  • Page 65: Server And Client Ports

    Management server and client FIGURE 7 Port Status dialog box 2. Review the port status details: • Name — The Port name. Options include CIM Indication for Event Handling, CIM Indication for HCM Proxy, FTP, SCP/SFTP, SNMP Trap, Syslog, Web Server (HTTP), and Web Server (HTTPS).
  • Page 66 Management server and client • Communication Path — The “source” to “destination” vaules. Client and Server refer to the Management application client and server unless stated otherwise. Product refers to the Fabric OS, Network OS, or IronWare devices. • Open in Firewall — Whether the port needs to be open in the firewall. TABLE 3 Port usage and firewall requirements Port Number Ports...
  • Page 67 Management server and client TABLE 3 Port usage and firewall requirements (Continued) Port Number Ports Transport Description Communication Path Open in Firewall HTTPS server HTTPS (HTTP over SSL) server Client-Server port if you use secure client - server communication HTTPS (HTTP over SSL) server Server–Product port if you use secure communication to the product...
  • Page 68 Management server and client TABLE 3 Port usage and firewall requirements (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 6343 sFlow Receives sFlow data from Product-Server products if you are monitoring with sFlow 24600 JBoss remoting connector port Use for service location.

  • Page 69: Accessibility Features For The Management Application

    Accessibility features for the Management application Accessibility features for the Management application Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. The following list includes the major accessibility features in the Management application: •...

  • Page 70: Look And Feel Customization

    Accessibility features for the Management application Look and feel customization You can configure the Management application to mimic your system settings as well as define the size of the font. ‘Look’ refers to the appearance of graphical user interface widgets and ‘feel’ refers to the way the widgets behave.

  • Page 71: Product Improvement

    Product improvement Changing the font size The Options dialog box enables you to change the font size for all components including the Connectivity map of the Management application interface. Font size changes proportionately in relation to the system resolution. For example, if the system resolution is 1024 x 768, the default font size would be 8 and large font size would be 10.

  • Page 72: Enabling Product Improvement Data Transfer

    Product improvement • Feature details Feature name Button identifier (such as OK, Help, or Cancel, and so on) Enabling product improvement data transfer To enable feature usage data transfer from the application, complete the following steps. 1. Select Server > Options. The Options dialog box displays.

  • Page 73: Postgresql Database

    PostgreSQL database • Last transfer timestamp must be greater than 24 hours to avoid frequent data uploads. • Data must be available for transfer. Data availability is determined by the difference between the last data transfer and the current data. 8.

  • Page 74: Connecting To The Database Using The Odbc Client (Windows Systems)

    PostgreSQL database 5. Enter your username (default is dcmuser) in the Username field. 6. Enter your password (password) in the Password field. Click OK on the New Server Registration dialog box. The pgAdmin III application displays. 8. To browse data in the database, complete the following steps. a.

  • Page 75: Connecting To The Database Using The Odbc Client (Linux Systems)

    PostgreSQL database 9. Click Finish. The PostgreSQL Unicode ODBC Driver (psqlODBC) Setup dialog box displays. 10. Enter a name for the data source in the Datasource field. 11. Enter the description of the database in the Description field. 12. Enter the name of the database in the Database field. 13.
  • Page 76 PostgreSQL database 3. Install the file to the usual location for your system’s application files (for example, /opt/PostgreSQL/psqlODBC) on the Installation Directory screen and click Next. NOTE If you select an invalid location, the ODBC driver is installed in a different location than where the ODBC executable drivers are located.

  • Page 77: Changing The Database User Password

    PostgreSQL database 4. On the Set up ODBC connection screen, complete the following steps. a. Click Browse. The datasource saved in the odbc.ini file is populated in the Datasource dialog box. b. Select the datasource and click OK on the Datasource dialog box. Click Next.

  • Page 78: Supported Open Source Software Products

    Supported open source software products If an error occurs and the password did not change, the following message displays: Error while updating password. Please try again. Press any key to continue. If the current password and new password are the same, the following message displays: Old and New passwords cannot be same.
  • Page 79 Supported open source software products TABLE 7 Open source software third-party software products Open Source Software License Type ApacheCommonsIO 1.4 Apache License v2.0 ApacheCommonsJXPath 1.3 Apache License v2.0 ApacheCommonsLang 2.4 Apache License v2.0 ApacheCommonsLogging 0.4 Apache License v2.0 ApacheCommonsMath 2.0 Apache License v2.0 ApacheCommonsNet 2.0 Apache License v2.0...
  • Page 80 Supported open source software products TABLE 7 Open source software third-party software products Open Source Software License Type JavaTar2.5andTarTool1.4 public domain JaxenXpathLibrary 1.1.1 Jaxen License JbcParser 3.7 Math Parser License JBossApplicationServer 7.2.0 GA LGPL JBossWeb 2.1.9 GNU Lesser General Public License version 3 JCalendar 1.3.3 LGPL v2.1 JCommon 1.0.16...

  • Page 81: San Feature-To-Firmware Requirements

    SAN feature-to-firmware requirements TABLE 7 Open source software third-party software products Open Source Software License Type XML RPC 1.2-B1 Open Source YourKitJavaProfiler 9.5.1 YourKit License SAN feature-to-firmware requirements Use the following table to determine whether the Management application SAN features are only available with a specific version of the Fabric OS firmware as well as if there are specific licensing requirements.
  • Page 82 SAN feature-to-firmware requirements TABLE 8 SAN feature to firmware requirements Feature Fabric OS Meta SAN Requires Fabric OS 5.2 or later for FC router and router domain ID configuration. Requires Fabric OS 6.0 or later in a mixed Fabric OS and M-EOS fabric. Requires Integrated Routing license.

  • Page 83: Patches

    Chapter Patches In this chapter • Installing a patch ..........31 •...

  • Page 84: Uninstalling A Patch

    Uninstalling a patch 5. Click Upgrade. If the patch process is interrupted (for example, loss of power), you must restart the patch process. The patch installer performs the following functions: • Extracts patch files to the Install_Home folder. • Creates a back up (zip) of the original files to be updated and copies the zip file to the Install_Home\patch-backup directory (for example, Install_Home\patch-backup\na_11-3-0a.zip).
  • Page 85 Uninstalling a patch 4. Open the restore.xml file from the extracted files. The artifacts (jar files, war files, and so on) you need to replace display as separate file tags in the restore.xml file. The location of each artifact in the extracted folder is detailed in the src value under each file tag.
  • Page 86 Uninstalling a patch Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 87: Discovery

    Chapter Discovery In this chapter • SAN discovery overview......... . 35 •...

  • Page 88: Fcs Policy And Seed Switches

    SAN discovery overview NOTE Professional Plus edition can discover up to 2,560 ports. NOTE Once a fabric is discovered an enclosure is formed for the Host having FDMI with symbolic name enabled.When FDMI name is same for the adapters (HBA and CNA) which are displayed through fabric discovery, auto enclosure will be displayed for the fabric/fabrics NOTE Professional Plus edition can discover, but not manage the Backbone chassis.Use the device’s...

  • Page 89: Discovering Fabrics

    SAN discovery overview TABLE 9 Backbone Chassis discovery Device Professional Professional Plus Enterprise 4-slot Backbone Chassis as seed switch 4-slot Backbone Chassis as member switch 16 Gbps 8-slot Backbone Chassis as seed switch 16 Gbps 8-slot Backbone Yes for discovery; Yes for discovery;...
  • Page 90 SAN discovery overview FIGURE 8 Discover Fabrics dialog box 2. Click Add to specify the IP addresses of the devices you want to discover. The Add Fabric Discovery dialog box displays. FIGURE 9 Add Fabric Discovery dialog box (IP Address tab) 3.
  • Page 91 SAN discovery overview NOTE The Backbone Chassis cannot be used as seed switch to discover and manage edge fabrics. You must discover a seed switch from each edge fabric to discover and manage the edge fabric. NOTE The Backbone Chassis can only discover and manage the backbone fabric. NOTE Professional and Professional Plus editions cannot manage the Backbone Chassis.
  • Page 92 SAN discovery overview • Select the Manual option to configure SNMP and complete the following steps. a. Click the SNMP tab. FIGURE 10 Add Fabric Discovery dialog box (SNMP - v1 tab) b. Enter the duration (in seconds) after which the application times out in the Time-out (sec) field.

  • Page 93: Editing The Password For Multiple Devices

    SAN discovery overview Enter a user name in the User Name field. Enter a context name In the Context Name field. Select the authorization protocol in the Auth Protocol field. m. Enter the authorization password in the Auth Password field. •...

  • Page 94: Configuring Snmp Credentials

    SAN discovery overview 5. Enter the password for the switch in the Password field. 6. Click OK. on the Fabric_Name Edit Switches dialog box. The Credential Update Status dialog box displays. This dialog box displays the status of the change on the selected devices. If you selected a logical switch, the updated credentials will be applied to the other logical switches in the same chassis.

  • Page 95: Reverting To A Default Snmp Community String

    SAN discovery overview Select the SNMP version from the SNMP Version list. • If you selected v1, continue with step 8. • If you select v3, the SNMP tab displays the v3 required parameters. Go to step 12. To discover a Virtual Fabric device, you must configure SNMPv3 and your SNMP v3 user account must be defined as a Fabric OS switch user.

  • Page 96: Rediscovering A Fabric

    SAN discovery overview 4. Select the Automatic option. 5. Click OK on the Add Fabric Discovery dialog box. 6. Click Close on the Discover Fabrics dialog box. Rediscovering a fabric To refresh discovery of a fabric, complete the following steps. 1.

  • Page 97: Deleting A Fabric

    Viewing the fabric discovery state 4. Click OK on the confirmation message. The rediscovered fabric displays in the Discovered Fabrics table. 5. Click Close on the Discover Fabrics dialog box. Deleting a fabric To delete a fabric permanently from discovery, complete the following steps. 1.

  • Page 98: Troubleshooting Fabric Discovery

    Troubleshooting fabric discovery The Discovery Status field details the actual status message text, which varies depending on the situation. The following are samples of actual status messages: • Discovered: Seed Switch: Not registered for SNMP Traps • Discovered: Seed Switch: Not Manageable: Not registered for SNMP Traps •...
  • Page 99 Troubleshooting fabric discovery Problem Resolution If you exceed your managed count limit, the Perform one or more of the following actions to • Management application displays a “licensed “Changing your network size” • exceeded” message on the topology. “Remove a device from active discovery” •...

  • Page 100: Virtual Fabric Discovery Troubleshooting

    Troubleshooting fabric discovery Virtual Fabric discovery troubleshooting The following section state possible issues and the recommended solutions for Virtual Fabric discovery errors. Problem Resolution At the time of discovery, the seed switch is Virtual Fabric-enabled; however, the user does not have Make sure the user account has Chassis Admin role for the seed switch.

  • Page 101: San Fabric Monitoring

    SAN Fabric monitoring SAN Fabric monitoring NOTE Monitoring is not supported on Hosts. The upper limit to the number of HBA and CNA ports that can be monitored at the same time is 32. The same upper limit applies if switch ports and HBA ports are combined.

  • Page 102: Stop Monitoring Of Discovered Fabrics

    SAN Fabric monitoring Stop monitoring of discovered fabrics NOTE Monitoring is not supported on Hosts. When you stop monitoring a fabric, the Management application performs the following actions: • Stops all data collection for the fabric and all associated devices. •...
  • Page 103 SAN Fabric monitoring The following details the behavior that occurs when you unmonitor a switch: • If you unmonitor a switch, the switch does not display in the topology, but end devices connected to the switch continue to display in the product list and topology (with no connections).

  • Page 104: Resume Monitoring Of Discovered Fabrics

    SAN Fabric monitoring Resume monitoring of discovered fabrics NOTE Monitoring is not supported on Hosts. To monitor a fabric and all associated devices, complete the following steps. 1. Select Discovery > Fabrics. The Discover Fabrics dialog box displays. 2. Select the fabric you want to monitor from the Discovered Fabrics table. 3.

  • Page 105: San Seed Switch

    SAN Seed switch SAN Seed switch The seed switch must be running a supported Fabric OS version and must be HTTP-reachable. Sometimes, the seed switch is auto-selected, such as when a fabric segments or when two fabrics merge. Other times, you are prompted (an event is triggered) to change the seed switch, such as in the following cases: •...

  • Page 106: Seed Switch Requirements

    SAN Seed switch Seed switch requirements The seed switch must be running Fabric OS 5.0 or later. For a complete list of all supported Fabric OS hardware, refer to “Supported hardware and software” on page xlv. Seed switch failover The Management application collects fabric-wide data (such as, fabric membership, connectivity, name server information, zoning, and so on) using the seed switch.

  • Page 107: Host Discovery

    Host discovery 3. Click Seed Switch. If the fabric contains other switches that are running the latest version and are also HTTP-reachable from the Management application, the Seed Switch dialog box appears. Otherwise, a message displays that you cannot change the seed switch. 4.

  • Page 108: Discovering Hosts By Network Address Or Host Name

    Host discovery For Windows, the Emulex adapter discovery is based on Windows Management Instrumentation (WMI). Perform the following steps to configure HTTPS certificate validation. 1. Import the host certificate when the Enable Certificate Validation check box is selected. Discovery will occur successfully even without importing the certificate when the Enable Certificate Validation checkbox is not selected.
  • Page 109 Host discovery FIGURE 14 Add Host Adapters dialog box 3. (Optional) Enter a discovery request name (such as, Manual 06/12/2009) in the Discovery Request Name field. 4. Select Network Address from the list. 5. Enter the IP address (IPv4 or IPv6 formats) or host name in the Network Address field. 6.

  • Page 110: Importing Hosts From A Csv File

    Host discovery 10. Enter your user name in the User ID field. The HCM agent default is admin. Leave this field blank for the CIM server. 11. Enter your password in the Password field. The HCM agent default is password. Leave this field blank for the CIM server. 12.
  • Page 111 Host discovery 5. Browse to the CSV file location. The CSV file must meet the following requirements: • Comma-separated IP addresses or host names • No commas within the values • No escaping supported For example, XX.XX.XXX.XXX, XX.XX.X.XXX, computername.company.com 6. Click Open. The CSV file is imported to the Add Host Adapters dialog box.

  • Page 112: Importing Hosts From A Fabric

    Host discovery Importing Hosts from a fabric To discover a Host from a discovered fabric, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Click Add. The Add Host Adapters dialog box displays. FIGURE 16 Add Host Adapters dialog box 3.

  • Page 113: Importing Hosts From A Vm Manager

    Host discovery 8. Configure discovery authentication by choosing one of the following options: • To configure discovery with authentication, select the HTTPS option in Protocol • To configure discovery without authentication, select the HTTP option in Protocol. 9. Enter the port number in the Port field. The HCM agent default is 34568.

  • Page 114: Editing Host Adapter Credentials

    Host discovery 3. Enter a discovery request name (such as MyVMManager) in the Discovery Request Name field. 4. Select Hosts from VM Manager from the list. 5. Select All VM or an individual VM from the list. 6. Click Add. All hosts that are part of a discovered VM Manager and have a registered host name display in the list.
  • Page 115 Host discovery FIGURE 18 Edit Host Adapters dialog box 3. Configure Host credentials by choosing one of the following options: • To configure HCM agent credentials, select the HCM agent option. Go to step • To configure CIM server credentials, select the CIM server (ESXi only) option. Continue with step •...

  • Page 116: Removing A Host From Active Discovery

    Host discovery Removing a host from active discovery If you decide you no longer want the Management application to discover and monitor a specific host, you can delete it from active discovery. Deleting a host also deletes the host data on the server (both system-collected and user-defined data) except for user-assigned names for the device port, device node, and device enclosure information.

  • Page 117: Deleting A Host From Discovery

    Host discovery Deleting a host from discovery To delete a host permanently from discovery, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Select the host you want to delete permanently from discovery in the Previously Discovered Addresses table.

  • Page 118: Troubleshooting Host Discovery

    Host discovery • HCM Agent unknown failure • WMI authentication failed • WMI connection failed • WMI Unknown Error • Discovery ignored. One or more adapters in the host are already a part of Host group {} • Discovery ignored. One or more adapters in the host are already a part of auto/manual enclosure {}.

  • Page 119: Vm Manager Discovery

    VM Manager discovery VM Manager discovery The Management application enables you to discover VM managers. VM Manager discovery requires vCenter Server 4.0 or later. NOTE vCenter discovery time is dynamically determined based on the number of hosts being managed by the vCenter.
  • Page 120 VM Manager discovery FIGURE 19 Discover VM Managers dialog box 2. Click Add. The Add VM Manager dialog box displays. FIGURE 20 Add VM Manager dialog box 3. Enter the IP address or host name in the Network Address field. 4.

  • Page 121: Editing A Vm Manager

    VM Manager discovery 8. Select the Forward event to vCenter check box to enable event forwarding from the Management application to vCenter. Clear to disable event forwarding. 9. Click OK on the Add VM Manager dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A VM manager displays in Discovered VM Managers table with pending status.

  • Page 122: Excluding A Host From Vm Manager Discovery

    VM Manager discovery 9. Refresh the Discover VM Managers list by clicking Refresh. 10. Click Close on the Discover VM Managers dialog box. Excluding a host from VM manager discovery To exclude host from VM manager discovery complete the following steps. 1.

  • Page 123: Rediscovering A Previously Discovered Vm Manager

    VM Manager discovery Rediscovering a previously discovered VM manager To return a VM manager to active discovery, complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select the VM manager you want to return to active discovery in the Previously Discovered Addresses table.

  • Page 124: Troubleshooting Vm Manager Discovery

    VM Manager discovery The following are samples of actual ESX host status messages: • Active • Discovery pending, • Excluded, • Conflict – Existing Host <hostname> 3. Refresh the Discover VM Managers list by clicking Refresh. 4. Click Close on the Discover VM Managers dialog box. Troubleshooting VM manager discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly.

  • Page 125: Application Configuration

    Chapter Application Configuration In this chapter • Server Data backup..........75 •...
  • Page 126 Configurable preferences • SAN End Node Display — Use to display (or turn off display of) end nodes on the Connectivity map for newly discovered fabrics. Disabling end node display limits the Connectivity map to switch members only. For more information, refer to “SAN End node display”...

  • Page 127: Server Data Backup

    Server Data backup Server Data backup The Management application helps you to protect your data by backing it up automatically. Backup is a service process that periodically copies and stores application files to an output directory. The output directory is relative to the server and must use a network share format to support backup to the network.

  • Page 128: Configuring Backup

    Server Data backup Backup directory structure overview The Management server backs up data to two alternate folders. For example, if the backup directory location is D:\Backup, the backup service alternates between two backup directories, D:\Backup\Backup and D:\Backup\BackupAlt. The current backup is always D:\Backup and contains a complete backup of the system.
  • Page 129 Server Data backup • Select the Include Technical Support directory check box, if necessary. Only available if the Include FTP Root directory check box is clear. • Select the Include Upload Failure Data Capture directory check box, if necessary. Only available if the Include FTP Root directory check box is clear.

  • Page 130: Enabling Backup

    Server Data backup 9. Backup data to a CD by completing the following steps. NOTE This is not recommended on a permanent basis. CDs have a limited life, and may only last a month. An error message occurs if your Management application can no longer backup to the disc.

  • Page 131: Viewing The Backup Status

    Server Data backup 3. Clear the Enable Backup check box. 4. Click Apply or OK. Viewing the backup status The Management application enables you to view the backup status at a glance by providing a backup status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the backup function.

  • Page 132: Starting Immediate Backup

    Server Data backup Starting immediate backup NOTE You must have backup privileges to use the Backup Now function. For more information about privileges, refer to “User Privileges” on page 1451. To start the backup process immediately, complete one of the following procedures: Using the Backup Icon, right-click the Backup icon and select Backup Now.

  • Page 133: Server Data Restore

    Server Data restore Server Data restore NOTE You cannot restore data from a previous version of the Management application. NOTE You cannot restore data from a higher or lower configuration (Trial or Licensed version) of the Management application. NOTE You cannot restore data from a different package of the Management application. The Management application helps you to protect your data by backing it up automatically.

  • Page 134: Restoring Data To A New Server

    SAN data collection 6. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console. For the restored data to take effect, re-launch the Configuration Wizard using the instructions in “Launching the Configuration Wizard”...
  • Page 135 SAN data collection events is the lazy polling interval plus the short tick interval. To increase polling efficiency, you can configure both the short tick interval (Check for state change every option) and the lazy polling interval (If no state change, poll switch every option) on the Options dialog box. For step-by-step instructions, refer to “Configuring asset polling”...

  • Page 136: Product Communication Protocols

    Product communication protocols • MetaSANCollector – Collects data about the IFLs (Inter Fabric Links) on the switch. • FlowCollector – Collects data about the flow definitions on the switch. Also collects the subflows for each flow definition. This collector requires the Fabric Insight license on the switch.

  • Page 137: San Display Settings

    SAN display settings TABLE 15 Product communication protocols Protocol Description Management application use Communicates with device type File Transfer Protocol (FTP) is a standard Used for firmware download. Fabric OS network protocol used to transfer files from For Fabric OS devices, used to collect Network OS one host to another host over a TCP-based technical support information.

  • Page 138: Resetting Your Display

    SAN display settings FIGURE 23 Options dialog box (SAN Display pane) 3. Click Set Up FICON Display. Any table that contains end device descriptions move the following nine columns to the beginning of the table: Attached Port #, FC Address, Serial #, Tag, Device Type, Model, Vendor, Port Type, and WWN.
  • Page 139 SAN display settings Importing the OUI file To import the OUI file, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Display in the Category list. The SAN Display pane displays. 3. Click Import OUI . 4.

  • Page 140: San End Node Display

    SAN End node display FIGURE 24 Product Type Mapping dialog box NOTE You can search for an OUI by using a search string in the Search list or with the Organization drop down. 4. Select the product type for a particular OUI file and change to Target, Initiator, or Default. 5.

  • Page 141: San Ethernet Loss Events

    SAN Ethernet loss events FIGURE 25 Options dialog box (SAN End Node Display pane) 2. Select SAN End Node Display in the Category list. 3. Select the Show connected end nodes when new fabric is discovered check box to display end nodes on your system.

  • Page 142: Disabling San Ethernet Loss Events

    Event storage settings Disabling SAN Ethernet loss events To disable Ethernet loss events, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Ethernet Loss Events in the Category list. 3. Clear the Enable events for ethernet loss check box. 4.

  • Page 143: Storing Historical Events Purged From Repository

    Flyover settings 4. Enter then number of days (1 through 365) you want to store events in the Maximum Days field. The events are purged at midnight on the last day of the retention period regardless of the number of maximum events. 5.
  • Page 144 Flyover settings FIGURE 28 Options dialog box (Flyovers pane, Product tab) a. Select the type from the Type list, if necessary. protocol b. Select each property you want to display in the product flyover from the Available Properties table. Depending on which protocol you select, some of the following properties may not be available: FC (default) •...
  • Page 145 Flyover settings Add connection properties you want to display on flyover by selecting the Connection tab (Figure 29) and completing the following steps. FIGURE 29 Options dialog box (Flyovers pane, Connection tab) a. Select the type from the Type list, if necessary. protocol Depending on which protocol you select, some properties may not be available for all protocols.

  • Page 146: Turning Flyovers On Or Off

    Name settings • • Name Port# • • Node WWN Port Type • • FCoE Index # Click the right arrow to move the selected properties to the Selected Properties table. d. Use the Move Up and Move Down buttons to reorder the properties in the Selected Properties table.

  • Page 147: Setting Names To Be Non-Unique

    Name settings To edit duplicate names, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Names in the Category list. The SAN Names pane displays (Figure 30). FIGURE 30 Options dialog box (SAN Names pane) 3.

  • Page 148: Fixing Duplicate Names

    Name settings Fixing duplicate names To fix duplicated names, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Click Fix Duplicates. The Duplicated Names dialog box displays (Figure 31). FIGURE 31 Duplicated Names dialog box The Duplicated Names dialog box contains the following information: •...

  • Page 149: Viewing Names

    Name settings 3. Select one of the following options. • If you select Append Incremental numbers for all repetitive names, the names are edited automatically using incremental numbering. • If you select I will fix them myself, edit the name in the Name field. 4.

  • Page 150: Adding A Name To An Existing Device

    Name settings • Display table — This table displays the following information: Description–A description of the device.  Name–The name of the device. Enter a name for the device.  Operational Status–The operational status of the device (discovered, operational, and ...

  • Page 151: Adding A Name To A New Device

    Name settings If you set names to be unique on the Options dialog box and the name you entered already exists, the entry is not accepted. To search for the device already using the name, refer to “Searching for a device by name” on page 101 or “Searching for a device by WWN”...

  • Page 152: Removing A Name From A Device

    Name settings Removing a name from a device 1. Select Configure > Names. The Configure Names dialog box displays. 2. In the Display table, select the name you want to remove. 3. Click Remove. An application message displays asking if you are sure you want clear the selected name. 4.

  • Page 153: Importing Names

    Name settings Importing Names If the name length exceeds the limitations detailed in the following table, you must edit the name (in the CSV file) before import. Names that exceed these limits will not be imported. If you migrated from a previous version, the .properties file is located in the Install_Home\migration\data folder. TABLE 16 Name length limitations Device...

  • Page 154: Searching For A Device By Wwn

    Miscellaneous security settings 5. Click Search. All devices with the specified name (or partial name) are highlighted in the Display table. You may need to scroll to see all highlighted names. If the search finds no devices, a ‘no item found’ message displays. 6.

  • Page 155: Configuring The Server Name

    Miscellaneous security settings Configuring the server name To configure the server name, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Security Misc in the Category list. The Security Misc pane displays (Figure 33).

  • Page 156: Enforcing Md5 File During Import

    Miscellaneous security settings Enforcing MD5 file during import NOTE The MD5 checksum file is required when you load Fabric OS firmware into the Management application version 12.0 or later. You can configure the Management application to enforce the MD5 checksum file import during the import of the Fabric OS image into the firmware repository.

  • Page 157: Disabling The Login Banner

    Syslog Registration settings 4. Enter the message you want to display every time a user logs into this server in the Banner Message field. This field contains a maximum of 2048 characters. 5. Click Apply or OK to save your work. Disabling the login banner To disable the login banner display, complete the following steps.

  • Page 158: Configuring The Syslog Listing Port Number

    SNMP Trap Registration settings Configuring the Syslog listing port number 1. Select Server > Options. The Options dialog box displays. 2. Select Syslog Registration in the Category pane. The Syslog Registration pane displays (Figure 34). 3. Enter the Syslog listening port number of the Server in the Syslog Listening Port (Server) field, if necessary.

  • Page 159: Snmp Trap Forwarding Credential Settings

    SNMP Trap forwarding credential settings 3. Enter the SNMP listening port number of the Server in the SNMP Listening Port (Server) field, if necessary. The default SNMP listening port number is 162 and is automatically populated. 4. Click Apply or OK to save your work. SNMP Trap forwarding credential settings You can configure SNMP credentials for the traps forwarded by the server.

  • Page 160: Configuring Snmp V3 Credentials

    Software Configuration Configuring SNMP v3 credentials To configure a SNMP v1 or v2c credentials, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Trap Forwarding Credentials in the Category pane. The Trap Forwarding Credentials pane displays (Figure 36).

  • Page 161: Certificates

    Software Configuration Certificates Certificate management allows you to enable certificate validation between the Management application server and products when HTTPS is enabled and between server and client when SSL is enabled on server. For more information about product communication, refer to “Product communication settings”...
  • Page 162 Software Configuration The Certificates pane contains the following fields and components: • Enable certificate validation check box — Select to enable certificate validation. Clear to disable certificate validation • Keystore Certificates drop-down list — Select one of the following options: View —...
  • Page 163 Software Configuration FIGURE 38 Name Details - Certificate dialog box The Details - Certificate Name dialog box contains the following fields: • Left-side text box — Name of the Issuer. • Right-side table — Displays the following certificate details: Version — Version of the certificate. ...
  • Page 164 Software Configuration 5. Enter a unique alias for the certificate in the Alias Name field. 6. Click OK. Click Apply or OK to save your work. Deleting a truststore certificate 1. Select Server > Options. The Options dialog box displays. 2.
  • Page 165 Software Configuration Viewing a keystore certificate 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select View from the Keystore Certificate list. The Details - Certificate Name dialog box displays with the following fields: •...
  • Page 166 Software Configuration Replacing a keystore certificate NOTE Changes to this option take effect after an application restart. 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select Replace from the Keystore Certificate list. The Replace Keystore Certificate dialog box displays.

  • Page 167: Client Export Port Settings

    Software Configuration Enabling and disabling certificate validation The Management application server only validates the certifying authority and the date in the certificate. Certificate validation requires HTTPS connections between the server and the switches. To configure product communication to HTTPS, refer to “Product communication settings”...

  • Page 168: Client/Server Ip

    Software Configuration 4. Click Apply or OK to save your work. NOTE Changes to this option take effect after a client restart. 5. Click OK on the “changes take effect after client restart” message. Client/Server IP You can configure connections between the client or switches and the Management application server.
  • Page 169 Software Configuration FIGURE 40 Options dialog box (Client/Server IP option) 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step • Select a specific IP address. Continue with step • Select localhost. Continue with step When Server IP Configuration is set to All, you can select any available IP address as the Return Address.
  • Page 170 Software Configuration Configuring an explicit server IP address If you selected a specific IP address from the Server IP Configuration screen during installation and the selected IP address changes, you will not be able to connect to the server. To connect to the new IP address, you must manually update the IP address information.
  • Page 171 Software Configuration 8. Verify the IP address on the Server Configuration Summary screen and click Next. 9. Click Finish on the Start Server screen. 10. Click Yes on the restart server confirmation message. 11. Choose one of the following options: •...

  • Page 172: Memory Allocation Settings

    Software Configuration 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step • Select a specific IP address. Continue with step • Select localhost. Continue with step 4. Select the return IP address in the Client - Server IP Configuration Return Address list. When Server IP Configuration is set to All, you can select any available IP address as the Return Address.
  • Page 173 Software Configuration • Medium SAN — 90 products, 5,000 ports • Large SAN — 200 products, 15,000 ports NOTE For full performance management and dashboard functionality, the Large option of the SAN Enterprise edition only supports 5000 switch ports on a 32-bit system. Memory and asset polling values change to the new default values when you change the SAN Network size.
  • Page 174 Software Configuration • Small: 768 MB • Medium: 1024 MB • Large: 1024 MB For all 64-bit servers, the default minimum server heap size for all network sizes is 2048 MB. NOTE There is no restriction on the maximum value for server heap size in a 64-Bit server. The correct server heap size value must be given according to the RAM present in the server.
  • Page 175 Software Configuration • Medium/2000–5000 ports: 900 seconds • Large/5000 or more ports: 1800 seconds 5. Click Apply or OK to save your work. NOTE Changes to this option take effect after an application restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 12.X.X >...

  • Page 176: Product Communication Settings

    Software Configuration Product communication settings You can configure HTTP or HTTPS connections between the products and the Management application server. Configuring SAN communication To configure connections between the SAN devices and the Management application server, complete the following steps. 1. Select Server > Options. The Options dialog box displays.

  • Page 177: Ftp/Scp/Sftp Server Settings

    Software Configuration 4. To connect using HTTPS (HTTP over SSL), complete the following steps. a. Select the Connect using HTTPS (HTTP over SSL) only option. b. Enter the connection port number in the Port # field. Continue with step The default HTTPS port number is 443. 5.
  • Page 178 Software Configuration Secure Copy (SCP) is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. You must configure SCP on your machine to support Technical Support and firmware download. NOTE SCP is supported on Fabric OS devices running 5.3 and later.
  • Page 179 Software Configuration 4. Select the Built-in FTP Server check box. 5. Change your password by entering a new password in the Password and Confirm Password fields. The default password is passw0rd (where 0 is a zero). 6. Click Test to test the FTP server. An “FTP Server running successfully”...
  • Page 180 Software Configuration Click Test to test the server. An “SCP/SFTP Server running successfully” or an error message displays. If you receive an error message, make sure your credentials are correct, the SCP/SFTP server is stopped, the remote directory path exists, and you have the correct access permission; then try again.
  • Page 181 Software Configuration Enter a user name in the Remote Host User Name field. d. Enter the path to the remote host in the Remote Directory Path field. Use a slash (/) or period (.) to denote the root directory. e. Enter the password in the Password Required for FTP field. 5.

  • Page 182: Server Port Settings

    Software Configuration • If you are using the internal FTP server, select the Use built-in FTP/SCP/SFTP Server option. For step-by-step instructions about configuring the built-in server, refer to “Configuring an internal FTP server” on page 126. • If you are using the external FTP server, select the Use external FTP/SCP/SFTP Server option.

  • Page 183: Support Mode Settings

    Software Configuration 4. Enable HTTP redirection to HTTPS by selecting the Redirect HTTP Requests to HTTPS check box. When you enable HTTP redirection, the server uses port 80 to redirect HTTP requests to HTTPS. Make sure that port 80 is available before you enable HTTP redirection. 5.
  • Page 184 Software Configuration 4. Select the Log server support data - Log Level list, and select the type of log data you want to configure. Log level options include: All, Fatal, Error, Warn, Info, Debug, Trace, and Off. Default is Info. 5.

  • Page 185: Fips Support

    FIPS Support 3. Select the maximum number of days to retain the server log file in the Log Purging Limit field. Valid values are 1 through 90. Default is 14. The log files are purged at 1:00 AM on the day after the retention period ends. 4.

  • Page 186: Disabling Fabric Tracking

    Fabric tracking • Do not show me this again check box — Select if you do not want to see this dialog box again when you enable or disable fabric tracking or accept changes for a switch or fabric. • Switches —...

  • Page 187: Accepting Changes For A Fabric

    Fabric tracking Accepting changes for a fabric 1. Accept the changes to a fabric by choosing one of the following options: • Select a fabric on the Product List or Connectivity Map and select Monitor > Accept Changes. • Right-click a fabric on the Product List or Connectivity Map and select Accept Changes. The accept changes summary message displays (Figure 48).

  • Page 188: Accepting Changes For All Fabrics

    Fabric tracking Accepting changes for all fabrics 1. Accept the changes to all fabrics by choosing one of the following options: • Click in the white space on the Connectivity Map and select Monitor > Accept All Changes. • Right-click in the white space on the Connectivity Map and select Accept All Changes. The accept changes summary message displays (Figure 49).

  • Page 189: Accepting Changes For A Switch, Access Gateway, Or Phantom Domain

    Fabric tracking Accepting changes for a switch, access gateway, or phantom domain 1. Accept the changes to a switch, access gateway, or phantom domain by choosing one of the following options: • Select the switch, access gateway, or phantom domain on the Product List or Connectivity Map and select Monitor >...
  • Page 190 Fabric tracking Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 191: User Account Management

    Chapter User Account Management In this chapter • Users overview..........139 •...
  • Page 192 Users overview FIGURE 50 Users dialog box - Users tab The Users dialog box contains the following fields and components: • Authentication-Primary — The primary authentication server type configured through the Server Management Console. • Secondary — The secondary authentication server type configured through Server Management Console.
  • Page 193 Users overview • Users table — The configured users. User ID — The unique name used to identity a user.  Full Name — The user’s full name.  Roles — List of roles the user belongs to separated by commas. ...
  • Page 194 Users overview • Roles table — Lists the default system roles and any user-defined roles. Name — The unique name of the role.  Default system roles for SAN only environments include: SAN System Administrator Network Administrator Security Administrator Zone Administrator Operator Security Officer Host Administrator...

  • Page 195: User Accounts

    User accounts User accounts NOTE You must have User Management Read and Write privileges to add new accounts, set passwords for accounts, and apply roles to the accounts. For a list of privileges, refer to “User Privileges” page 1451. Management application user accounts contain the identification of the Management application user, as well as privileges, roles, and AORs assigned to the user.
  • Page 196 User accounts 4. Enter a password for the user in the Password and Confirm Password fields. Passwords displays as dots (.). For password policy details, refer to “Viewing your password policy” on page 162. 5. Select the Account Status - Enable check box to enable the account of the user. Account Status is enabled by default.

  • Page 197: Editing A User Account

    User accounts Editing a user account To make changes to an existing user account, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user account you want to edit and click Edit under the Users table. The Edit User dialog box displays.

  • Page 198: Copying And Pasting User Preferences

    User accounts Copying and pasting user preferences You can copy user preference settings, such as window and dialog box sizes, table column and sort order, as well as other customizations, and all the user-defined views (including fabrics and hosts) from the selected user account to one or more other user accounts. If the fabric and hosts from the original user account are not included in the other user's AOR, then the copied fabrics and hosts do not display in the other user's views.

  • Page 199: Importing A User Account

    User accounts 5. Click Save.The file is saved to the location you selected. If the export is successful, the following message displays: User profile data exported successfully to <Flavor>-UserProfile-<Time stamp>.zip Importing a user account To import a user account, complete the following steps. 1.

  • Page 200: Removing Roles And Areas Of Responsibility From A User Account

    User accounts Removing roles and areas of responsibility from a user account To remove roles and AORs from an existing user account, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user account you want to edit and click Edit under the Users table. The Edit User dialog box displays.

  • Page 201: Deleting A User Account

    Roles Deleting a user account NOTE You cannot delete the default "Administrator" user account. To permanently delete a user account from the server, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user you want to delete in the Users table and click Delete. 3.

  • Page 202: Editing A Role

    Roles 2. Click Add under the Roles table. The Add Role dialog box displays. FIGURE 52 Add Role dialog box 3. Enter a name of the role in the Name field. 4. (Optional) Enter a short description for the role in the Description field. 5.

  • Page 203: Copying A Role

    Roles 4. Click OK to save the role and close the Edit Role dialog box. If you make changes to the user’s role or AOR while the user is logged in, a confirmation message displays. When you click OK on the confirmation message, the user is logged out and must log back in to see the changes.

  • Page 204: Removing Privileges From A Role

    Roles 2. Click Add, Edit, or Duplicate under the Roles table. The Add Roles, Edit Roles, or Duplicate Roles dialog box displays. 3. Add read and write access by selecting the features to which you want to allow read and write access in the Available Privileges list and click the right arrow button to move the features to the Read &...

  • Page 205: Areas Of Responsibility

    Areas of responsibility Areas of responsibility NOTE You must have User Management Read and Write privileges to view, add, modify, or delete operational areas of responsibility. An area of responsibility (AOR) allows you to place Fabricsand Hosts into management groups that can be assigned to an Management application user.

  • Page 206: Editing An Aor

    Areas of responsibility FIGURE 53 Users dialog box - Users tab 3. Enter a name of the AOR in the Name field. 4. (Optional) Enter a short description for the AOR in the Description field. 5. Assign or remove products as needed. For step-by-step instructions, refer to “Assigning products to an AOR”...

  • Page 207: Copying An Aor

    Areas of responsibility 4. Click OK to save the AOR and close the Edit AOR dialog box. If you make changes to the user’s role or AOR while the user is logged in, a confirmation message displays. When you click Yes on the confirmation message, the user is logged out and must log back in to see the changes.

  • Page 208: Removing Products From An Aor

    Areas of responsibility 2. Click Add, Edit, or Duplicate under the AOR table. The Add AOR, Edit AOR, or Duplicate AOR dialog box displays. 3. Click the Fabrics tab. 4. Select the fabrics you want to assign to the AOR in the Available Fabrics table and click the right arrow button to move the products to the Selected Products table.

  • Page 209: Password Policies

    Password policies Password policies NOTE You must have User Management Read and Write privileges to configure password policy. Passwords are an important aspect of computer security. They are the front line of protection for user accounts. The purpose of the password policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.
  • Page 210 Password policies d. Enter the minimum number of lowercase characters required in the Lower Case Characters field. Only enabled when the Empty Password - Allow check box is clear. Valid values are 0 through 127. The default is 0. e. Enter the minimum number of digits required in the Number of Digits field. Only enabled when the Empty Password - Allow check box is clear.

  • Page 211: Viewing Password Policy Violators

    User profiles 10. Click Yes on the confirmation message. 11. Click Close to close the Users dialog box. Viewing password policy violators To view password policy violators, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2.

  • Page 212: Viewing Your User Profile

    User profiles Viewing your user profile To view your user profile, complete the following steps. To edit your user profile, refer to “Editing your user profile” on page 160. 1. Select Server > User Profile. The User Profile dialog box displays the following information: •...

  • Page 213: Changing Your Password

    User profiles 3. Change your password in the Password and Confirm Password fields. Passwords display as dots (.). 4. Change your user profile description in the Description field. 5. Change your phone number in the Phone Number field. 6. Select the E-mail Notification Enable check box to enable e-mail notification. Clear the E-mail Notification Enable check box to disable e-mail notification.

  • Page 214: Viewing Your Password Policy

    User profiles Viewing your password policy To view your password policy, complete the following steps. 1. Select Server > User Profile. The User Profile dialog box displays. 2. Click Password Policy - View to display your password policy. The View Password Policy dialog box displays. •...

  • Page 215: Configuring E-Mail Notification

    User profiles Configuring e-mail notification To configure and enable e-mail notification, complete the following steps. 1. Select Server > User Profile. The User Profile dialog box displays. 2. Select the E-mail Notification - Enable check box to enable e-mail notification. 3.
  • Page 216 User profiles Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 217: Web Client Overview

    Chapterpage Web Client In this chapter • Web client overview..........165 •...

  • Page 218: License

    Dashboard • “Inventory expand navigation bar” on page 211 • “Reports expand navigation bar” on page 234 3. Right pane — Displays the detail for the feature selected in the left pane. For more information, refer to: • “Dashboard” on page 166 •...

  • Page 219: Dashboard Expand Navigation Bar

    Dashboard The dashboard refreshes every ten seconds regardless of the size of your network. Note that data may become momentarily out of sync between the dashboard and other areas of the application. For example, if you remove a product from the network while another user navigates from the dashboard to a more detailed view of the product, the product may not appear in the detailed view.

  • Page 220: Dashboard Toolbar

    Dashboard Dashboard toolbar The dashboard toolbar (Figure 56) is located above the status widgets or performance monitors and provides a information about the selected dashboard as well as buttons to perform various functions. FIGURE 56 Dashboard toolbar The dashboard toolbar contains the following fields and components: 1.

  • Page 221: Accessing A Dashboard

    Dashboard customization Accessing a dashboard NOTE If you change the dashboard in the Java client, change is reflected in the web client and vice versa. To access a specific dashboard, complete the following steps. 1. Click the Dashboard icon. The Dashboard expand navigation bar displays. 2.
  • Page 222 Dashboard customization FIGURE 57 Scope dialog box 2. Select a network from the Network Scope list. The default network scope is All. The available network scopes include the following options: • All products and fabrics • Any SAN fabric If you select a fabric scope, dashboard widgets displays data for all products and ports in the fabric.

  • Page 223: Setting The Time Interval

    Dashboard customization Setting the time interval Setting the global time interval in the dashboard toolbar configures the data display time range for all the applicable widgets. Time interval in the Scope list allows you to select a specific time range for which you want to display data in the dashboard.

  • Page 224: Default Dashboards

    Dashboard customization Default dashboards The Management application provides preconfigured dashboards which provide high-level overview of the network, the current states of managed devices, and performance of devices, ports, and traffic on the network. Product Status and Traffic The Product Status and Traffic dashboard provides the following preconfigured status widgets and performance monitors: •...

  • Page 225: Status Widgets

    Dashboard customization Shared Dashboards The Shared Dashboards list includes all user-defined dashboards that have been shared with other users in the Java Client. Shared dashboards display in the following format: dashboard_name (user_name). The Shared Dashboards list does not display until a dashboard is shared with other users in the Java Client.

  • Page 226: Events Widget

    Dashboard customization • Type — The port type. • Identifier — The port identifier, such as port name, number, address, WWN, user port number, or zone alias. • Port Number — The port number. • State — Whether the port is online or offline. •...
  • Page 227 Dashboard customization TABLE 18 Event severity color codes Color Severity Grey Notice Blue Info The Events widget only includes events from products that are in your AOR. Double-click a bar in the graph to navigate to the Events page with only the selected event type (Emergency, Alert, and so on) displaying.
  • Page 228 Dashboard customization • Bar chart — Displays each group as a separate bar on the graph. Displays the current state of all Host products discovered for a group in various colors on each bar. Tooltips showing the number of devices in that state are shown when you pause on the bar. Double-click a bar in the graph to navigate to the Host Inventory Detailed View page.
  • Page 229 Dashboard customization SAN Inventory widget The SAN Inventory widget (Figure 59) displays the SAN products inventory as stacked bar graphs. FIGURE 59 SAN Inventory widget The SAN Inventory widget includes the following data: • Widget title — The name of the widget. •...
  • Page 230 Dashboard customization Customizing the SAN Inventory widget You can customize the SAN Inventory widget to display the product inventory for a specific group. The group type and number of devices in the group displays to the left of the associated bar; for example, v7.0.0 [3], where v7.0.0 is the firmware number and [3] is the number of devices running that firmware level.
  • Page 231 Dashboard customization SAN Status widget The SAN Status widget displays the device status as a pie chart. If you discover a DCB switch from the SAN tab, the switch status displays in both the SAN Status and IP Status widgets. However, if you discover a DCB switch from the IP tab, the switch status only displays in the IP Status widget.
  • Page 232 Dashboard customization Status widget The Status widget (Figure 61) displays the number of products managed and the number of events within the selected event time range FIGURE 61 Status widget The Status widget displays the following items for each product license: •...

  • Page 233: Monitoring And Alerting Policy Suite Widgets

    Dashboard customization Monitoring and Alerting Policy Suite widgets NOTE MAPS is only supported on a licensed version of the Management application with SAN management. NOTE MAPS is only supported on FC devices running Fabric OS 7.2.0 or later with the Fabric Vision license. NOTE MAPS is not supported on DCB devices.
  • Page 234 Dashboard customization The Out of Range Violations widget includes the following fields and components: • Widget title — The widget title. • Widget summary — The color of the worst severity and the number of products with that severity displays below the widget title. •...
  • Page 235 Dashboard customization • Product — The product affected by this monitor. Click to launch the Product page for this device (refer to “Product summary view” on page 216). When you launch the Product page, the detailed view closes. • Object Name (MAPS and Fabric Watch support) — The object name (such as switch name, port name, FRU name, and so on).

  • Page 236: Performance Monitors

    Dashboard customization • State changes — The state of the port has changed for one of the following reasons: The port has gone offline. The port has come online. The port is faulty. • SFP Current — The amount of supplied current to the SFP transceiver. •...

  • Page 237: Ports

    Dashboard customization TABLE 19 Preconfigure performance monitors Monitor title Description Data collectors Top Port Encode Error Out Table view of the encode error out measure. There are four All SAN FC port collector versions of this monitor based on the type of port: All ports, initiator ports, ISL ports, and Target ports.
  • Page 238 Dashboard customization Top Port Alignment Errors monitor The Top Port Alignment Errors performance monitor displays the top ports with alignment errors in a table. The Top Port Alignment Errors performance monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 239 Dashboard customization Top Port C3 Discards monitor The Top Port C3 Discards monitor displays the top ports with Class 3 frames discarded in a table. There are four port widgets: All, ISL, Initiator, and Target. The Top Port C3 Discards monitor includes the following data: •...
  • Page 240 Dashboard customization Top Port C3 Discards RX TO monitor The Top Port C3 Discards RX TO monitor displays the top ports with receive Class 3 frames received at this port and discarded at the transmission port due to timeout in a table. The Top Port C3 Discards RX TO monitor includes the following data: •...
  • Page 241 Dashboard customization Top Port CRC Errors monitor The Top Port CRC Errors monitor displays the top ports with frames that contain cyclic redundancy check (CRC) errors in a table. The Top Port CRC Errors monitor includes the following data: • Widget title —...
  • Page 242 Dashboard customization Top Port Encode Error Out monitor The Top Port Encode Error Out monitor displays the top ports with encoding errors outside of frames in a table. The Top Port Encode Error Out monitor includes the following data: • Widget title —...
  • Page 243 Dashboard customization Top Port Link Failures monitor The Top Port Link Failures monitor displays the top ports with link failures in a table. The Top Port Link Failures monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 244 Dashboard customization Top Port Link Resets monitor The Top Port Link Resets monitor displays the top ports with link resets in a table. The Top Port Link Resets monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 245 Dashboard customization Top Port Overflow Errors monitor The Top Port Overflow Errors performance monitor displays the top ports with overflow errors in a table. The Top Port Overflow Errors performance monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 246 Dashboard customization Top Port Receive EOF monitor The Top Port Receive EOF performance monitor displays the top ports with received end-of-frames in a table. The Top Port Receive EOF performance monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 247 Dashboard customization Top Port Runtime Errors monitor The Top Port Runtime Errors performance monitor displays the top ports with runtime errors in a table. The Top Port Runtime Errors performance monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 248 Dashboard customization Top Port Sync Losses monitor The Top Port Sync Losses monitor displays the top ports with synchronization failures in a table. The Top Port Sync Losses monitor includes the following data: • Widget title — The name of the widget. •...
  • Page 249 Dashboard customization Top Port Too Long Errors monitor The Top Port Too Long Errors performance monitor displays the top ports with frames longer than the maximum frame size allowed errors in a table. The Top Port Too Long Errors performance monitor includes the following data: •...
  • Page 250 Dashboard customization Top Port Traffic monitor The Top Port Traffic monitor (Figure 63) displays the top ports with receive and transmit traffic in a table. FIGURE 63 Top Port Traffic monitor The Top Port Traffic monitor includes the following data: •...
  • Page 251 Dashboard customization • Port Number — The port number. • State — The port state (for example, Enabled). • Status — The port status (for example, Up). 2. Click the close (X) button. Top Port Underflow Errors monitor The Top Port Underflow Errors performance monitor displays the top ports with underflow errors in a table.
  • Page 252 Dashboard customization 2. Click the close (X) button. Top Port Utilization Percentage monitor The Top Port Utilization monitor (Figure 64) displays the top port utilization percentages in a table. FIGURE 64 Top Port Utilization monitor The Top Port Utilization monitor includes the following data: •...
  • Page 253 Dashboard customization A more detailed widget displays which includes the following data: • Scope — The scope configured for the dashboard. • Port — The port affected by this monitor. Click to launch the Port Page (refer to “Port summary view” on page 225).
  • Page 254 Dashboard customization Viewing additional details for the Bottom Port Utilization Percentage monitor 1. Click the View Details icon. FIGURE 67 Bottom Port Utilization Detailed View A more detailed widget displays which includes the following data: • Scope — The scope configured for the dashboard. •...
  • Page 255 Dashboard customization Top Product CPU Utilization monitor The Top Product CPU Utilization monitor (Figure 68) displays the top product CPU utilization percentages in a table. FIGURE 68 Top Product CPU Utilization monitor The Top Product CPU Utilization monitor includes the following data: •...
  • Page 256 Dashboard customization • Product — The product affected by this monitor. Click to launch the Product page for this device (refer to “Product summary view” on page 216). When you launch the Port page, the detailed view closes. • Min — The minimum value of the measure in the specified time range. •...
  • Page 257 Dashboard customization • Memory Utilization Percentage — The top memory utilization percentages. Pause on a rown to display the minimum, current, and maximum vaules for the selected row. This field also displays minimum (black) and maximum (red) pointers. Viewing additional details for the Top Product Memory Utilization monitor 1.
  • Page 258 Dashboard customization Top Product Response Time monitor The Top Product Response Time monitor (Figure 72) displays the top product response time in a table. FIGURE 72 Top Product Response Time monitor The Top Product Response Time monitor includes the following data: •...
  • Page 259 Dashboard customization • Product — The product affected by this monitor. Click to launch the Product page for this device (refer to “Product summary view” on page 216). When you launch the Product page, the detailed view closes. • Min — The minimum value of the measure in the specified time range. •...
  • Page 260 Dashboard customization • Temperature — The top temperatures. Pause on a rown to display the minimum, current, and maximum vaules for the selected row. This field also displays minimum (black) and maximum (red) pointers. • Fabric — The fabric to which the device belongs. Viewing additional details for the Top Product Temperature monitor 1.
  • Page 261 Dashboard customization Top Products with Unused Ports monitor The Top Products with Unused Ports monitor (Figure 68) displays the top products with ports not in use in a table. FIGURE 76 Top Product CPU Utilization monitor The Top Products with Unused Ports monitor includes the following data: •...

  • Page 262: Inventory

    Inventory • Product Type — The type of product (for example, switch). • State — The product state (for example, Offline). • Status — The product status (for example, Reachable). • Tag — The product tag. • Serial # — The serial number of the product. •...

  • Page 263: Inventory Expand Navigation Bar

    Inventory Inventory expand navigation bar The Inventory expand navigation bar (Figure 55) is located on the left side of the page and provides a list of discovered fabric and products. FIGURE 78 Expand navigation bar The expand navigation bar contains a list of discovered fabrics and products. Click a fabric to display the Fabric Page in the center pane (“Fabric summary view”...
  • Page 264 Inventory • Fabric Page — Displays the name of the selected fabric. • Refreshed time — Displays the time of the last application update. • Show/Hide pane arrow — Click to show or hide the Properties pane. FIGURE 81 Switch Details table The Switch Details table displays the following details for switches in the fabric: •...
  • Page 265 Inventory • Connected Switch — Displays the name of the switch connected to the port. • Symbolic Name — Displays the symbolic name (nickname) for the HBA port. • Port Type — Displays the port type; for example, N_Port. • Host Name —...
  • Page 266 Inventory The Events table displays the following details for events triggered in the fabric: • Collapse/Expand button — Click to collapse or expand the view. • All — Displays the total number of events triggered. • Emergency icon — Displays the total number of Emergency events triggered. Click to only display Emergency events in the table.

  • Page 267: Viewing Fabric Properties

    Inventory Viewing fabric properties To view fabric properties, complete the following steps. 1. Click the Inventory icon. 2. Select a fabric in the Product List pane. The fabric summary displays with two panes: Fabric Page and Properties. The fabric properties displays on the right side of the page. FIGURE 85 Fabric Properties pane The fabric properties pane contains the following fields:...

  • Page 268: Product Summary View

    Inventory Product summary view The Product summary displays the Product List, summary, and properties panes for the selected product. Viewing the product summary To view product properties, complete the following steps. 1. Click the Inventory icon. 2. Select a product in the Product List pane. The product summary displays with two panes: Product Page and Properties.
  • Page 269 Inventory FIGURE 88 Product Performance area The Product Performance area displays the following information for the selected product: • Collapse/Expand button — Click to collapse or expand the view. • Avg. CPU Utilization — Displays the average percentage of CPU utilization in graphical format.
  • Page 270 Inventory • Show/Hide Legend button — Click to show or hide the performance graph legend. • Close Performance button — Click to close the performance graph or table. • Update button — Select or clear the ports in the table and click to update the graph or table.
  • Page 271 Inventory • Table button — Click to show the performance data in a table. The table includes the flow measures you selected and the time the flow measure was collected. • Unnamed check box — Select the check box for each flow you want to include in the graph. Select the check box in the table header to select all flows in the table.
  • Page 272 Inventory • Time — Displays the time on the server when the violation was reported. • Rule Condition — Displays the conditions defined in the MAPS policy that was triggered. • Product — Displays the name of the product. • Object Name —...
  • Page 273 Inventory • Severity — Displays the severity icon for the event. When the same event (Warning or Error) occurs repeatedly, the Management application automatically eliminates the additional occurrences. • Time — Displays the time and date the event last occurred on the server. •...
  • Page 274 Inventory FIGURE 92 Settings dialog box 5. Select one or more of the following measures you want to include in the graph from the Measures list: • • Alignment Errors Port Utilization Percentage • • Bad Packets Received Receive EOF •...
  • Page 275 Inventory • 3 Days — Displays data for 3 days. • 1 Week — Displays data for 1 week. • 1 Month — Displays data for 30 days. Click Apply. The port performance graph displays in the Port Details area. 8.
  • Page 276 Inventory Click Apply. The Flows performance graph displays in the Flows area. 8. Add flows to the graph by selecting the check box for each flow you want to include in the graph. Select the check box in the table header to select all flows in the table. Remove flows from the graph by clearing the check box.

  • Page 277: Port Summary View

    Inventory • Name — Displays the name of the product. • Fabric — Displays the fabric name in which the product is located. • IP Address — Displays the IP address of the product. • WWN — Displays the WWN of the product. •...
  • Page 278 Inventory FIGURE 94 Port summary 4. Review the port summary data. The Ports Details area displays the following data for the selected product: • Collapse/Expand button — Click to collapse or expand the view. • Performance graph/table — Displays the performance data when configured. To configure a graph or table, refer to “Configuring a port measure performance graph”...
  • Page 279 Inventory • Performance graph/table — Displays the performance data when configured. • Show/Hide Legend button — Click to show or hide the performance graph legend. • Close Performance button — Click to close the performance graph or table. • Update button — Select or clear a flow and click to update the graph or table. •...
  • Page 280 Inventory FIGURE 95 Violations table The Violations table displays the Monitoring and Alerting Suite (MAPS) violations for the product over the selected time duration. • show arrow — Click to display the following additional detail for the associated violation: Time — Displays the time on the server when the violation was reported. Product —...

  • Page 281: Viewing Port Properties

    Inventory Fabric Name — Displays the Fabric name to which the object belongs. Category — Displays the MAPS category (such as Port, Switch Status, Fabric, FRU, Security, Resource, FCIP, and Traffic/Flows). Rule Name — Displays the name of the rule. A rule associates a condition with actions that need to be triggered when the specified condition is evaluated to be true.
  • Page 282 Inventory FIGURE 96 Port Properties pane 4. Review the port properties data. The port Properties pane displays on the right side of the page. For FC and GigE port properties, the Highlights area displays the following data for the selected port.

  • Page 283: Events

    Events • Port Type — Displays the type of port, for example, U_port. • Port WWN — Displays the port’s world wide name. • Protocol — Displays the network protocol, for example, Fibre Channel. • Long Distance Settings — Displays whether the connection is considered to be normal or longer distance.

  • Page 284: Table Functions

    Events • All — Displays the total number of events triggered. • Emergency icon — Displays the total number of Emergency events triggered. Click to only display Emergency events in the table. • Alert icon — Displays the total number of Alert events triggered. Click to only display Alert events in the table.

  • Page 285: Reports

    Reports Icon Description Previous page — Click to return to the previous page in the report. Unavailable when you are on the first page of the report. Next page — Click to move to the next page in the report. Unavailable when you are on the last page of the report.

  • Page 286: Reports Expand Navigation Bar

    Reports Reports expand navigation bar The Reports expand navigation bar (Figure 55) is located on the left side of the page and provides a list of reports. When you select a report group or report in the Reports expand navigation bar, the the Reports, Schedules, and Templates tabs refresh to include the selected subset of reports.

  • Page 287: Generating A Report

    Reports Icon Description Next page — Click to move to the next page. Unavailable when you are on the last page. Last page — Click to move to the last page. Unavailable when you are on the last page. Generating a report You can generate a report from the Generated Reports tab in the Reports page.

  • Page 288: Generated Reports

    Reports FIGURE 101 Select Switch dialog box 3. Double-click the fabric or switch in the Available list to move it to the Selected list. You can only select one fabric or switch on which you want to run a report. Remove the fabric or switch from the Selected list by double-clicking the fabric or switch.
  • Page 289 Reports Viewing generated reports 1. Click the Reports icon. 2. Click the Generated Reports tab. A list of generated reports display in the right pane. The Reports tab contains the following information in table format: • Name — The name of the generated report. The generated report name uses the following format: <template_name>_<generated_by_user>_<date_and_time>.

  • Page 290: Report Schedules

    Reports Deleting reports, schedules, or templates You can delete generated reports, schedules, and report templates from the respective tab. You can only delete items that you create or generate. You cannot delete default templates. 1. Select the appropriate tab. 2. Select one or more items that you want to remove from the list and click Delete. 3.
  • Page 291 Reports Configuring a new schedule You can schedule one or more reports to generate at a specific frequency. 1. Click the Reports icon. 2. Click the Schedules tab. A list of scheduled reports display. FIGURE 104 Schedules tab The Schedules tab contains the following information in table format: •...
  • Page 292 Reports FIGURE 105 Add Schedule dialog box - General tab 4. Enter a unique name for the schedule in the Name field. The name can be up to 128 characters. 5. Select the report templates that you want to include in the schedule from the Available Templates list.
  • Page 293 Reports FIGURE 106 Add Schedule dialog box - Schedule Settings tab 10. Select the frequency (Hourly, Daily (default), Weekly, Monthly, and Yearly) from the Frequency list. Depending on the frequency you select, different date and time fields display. 11. Enter the time (hour and minutes) that you want to generate the report in the Time field. 12.
  • Page 294 Reports FIGURE 107 Select Fabric dialog box 3. Double-click the fabric that you want to include in the report. 4. Click Ok on the Select Fabric dialog box. Selecting switches The Switch Report requires that you select a switch from a list of discovered switches. 1.
  • Page 295 Reports 3. Double-click the switch that you want to include in the report. 4. Click Ok on the Select Switch dialog box. Viewing reports from a schedule 1. Click the Reports icon. 2. Click the Schedule tab. 3. Click the date and time of the reports in the Last Used column. The Last Run Reports for Schedule dialog box displays.
  • Page 296 Reports Editing a schedule You can edit existing schedules or create a new schedule from an existing schedule. 1. Click the Reports icon. 2. Click the Schedules tab. A list of scheduled reports display. 3. Select the schedule you want to edit and click Edit. The Edit Schedule dialog box displays with the current configuration of the selected schedule.

  • Page 297: Report Templates

    Reports Activating a schedule To activate a schedule, complete the following steps. 1. Click the Reports icon. 2. Click the Schedules tab. A list of scheduled reports display. 3. Select the schedule you want to activate and click Activate. Deactivating a schedule To deactivate a schedule, complete the following steps.
  • Page 298 Reports Viewing report templates You can import external report design (.rptdesign) files into the Management application. The report title must be unique. 1. Click the Reports icon. The Reports page displays with two panes: Templates list and Reports tabs. 2. Click All Templates in the Templates list. 3.
  • Page 299 Reports • “Zone Summary reports” on page 257 • “Host Adapter Inventory reports” on page 259 • “Host Adapter with Unsupported and Faulty SFP reports” on page 260 Exporting report templates You can only export a non-default report template that you previously imported. You can only export one report template at a time.

  • Page 300: Default Reports

    Reports Removing a report from the shared templates You can only stop sharing reports that you create. 1. Click the Reports icon. 2. Click the Templates tab. A list of existing report templates display. 3. Select one or more reports that you want to remove from the shared templates and click Un-Share.

  • Page 301: Fabric Summary Report

    Reports Fabric Summary report The Fabric Summary report provides a summary of the discovered fabrics, switches and Access Gateway (AG) devices associated with the fabric as well as ISL and trunk details. Table 20 describes the fields and components of the Fabric Summary Report. For general report content and table functions, refer to “Report content and functions”...
  • Page 302 Reports TABLE 20 Fabric Summary report fields and components (Continued) Field/Component Description State The state for the switch. For example, online or offline. Operational Status The operational status of the switch. For example, healthy, operational, degraded, marginal, down, failed, unknown, or unreachable. Previous Operational Status The previous operational status of the switch.
  • Page 303 Reports TABLE 20 Fabric Summary report fields and components (Continued) Field/Component Description Switch Name The name of the switch. Click to launch the Switch report. Switch WWN The world wide name of the virtual switch. Switch IP Address The IP address of the physical switch. Click to launch the Switch report. Port Name The port name.

  • Page 304: Zone Alias

    Reports TABLE 20 Fabric Summary report fields and components (Continued) Field/Component Description Port Speed (Gbps) The switch port speed. Port Status The switch port status. Port Type The switch port type. Physical/Logical Port Whether the port is Physical or Logical. Zone Alias The zone alias to which the switch port belongs.

  • Page 305: Fabric Ports Report

    Reports Fabric Ports report The Fabric Ports Report provides a summary of the discovered ports including used and unused ports. Port data for each fabric is divided into three parts: Fabric-wide port details, Switch-wide port details, and individual port details. Table 21 describes the fields and components of the Fabric Ports report.
  • Page 306 Reports TABLE 21 Fabric Ports report fields and components (Continued) Field/Component Description Domain ID /Port # The domain ID of the switch. Device Name The name of the connected device. Device Vendor The vendor of the connected device. Role The role of the connected device. Connected Device/Switch The world wide name of the connected device.
  • Page 307 Reports TABLE 21 Fabric Ports report fields and components (Continued) Field/Component Description Port Status The status of the port to which the AG is connected. Port State The state of the port to which the AG is connected. Port Type The type of port the AG is connected to.
  • Page 308 Reports TABLE 22 Switch Report fields and components (Continued) Field/Component Description IP Address The IP address (IPv4 or IPv6 format) of the switch port. Switch Name The name of the switch. Domain ID/Port # The domain ID for the switch and port number. Connected Device details The information about the device connected to this port.
  • Page 309 Reports TABLE 22 Switch Report fields and components (Continued) Field/Component Description Port Speed(Gbps) The port speed for the F_port. Port Status The switch port status. Port State The switch port state. Port Type The AG port type. Physical/Logical Port Whether the AG port is Physical or Logical. Device Name The name of the connected device.

  • Page 310: Zone Members

    Reports TABLE 23 Zoning Summary report fields and components (Continued) Field/Component Description Active Status Whether the zone is active or not. Zone Alias Details area Alias Name The name of the zone alias. Member Count The number of members in the zone alias. Logged-In Count The number of members logged into the zone alias.
  • Page 311 Reports Host Adapter Inventory reports The Host Adapter Inventory Report provides a information about the selected Host. For general report content and table functions, refer to “Report content and functions” on page 261. Table 22 describes the fields and components of the Host Adapter Inventory Report. TABLE 24 Host Adapter Inventory Report fields and components Field/Component...
  • Page 312 Reports TABLE 24 Host Adapter Inventory Report fields and components (Continued) Field/Component Description Switch IP Address The IP address for the connected switch. Fabric Assigned Address The state (enabled or disabled) of the fabric-assigned address for the adapter. WWN Source The source of the world wide name.
  • Page 313 Reports TABLE 25 Adapters Faulty SFP report fields and components (Continued) Field/Component Description Length Cu The length of the copper cable (for distances greater than 1 meter, where optimum performance is required). Vendor Name The vendor of the extended link. Vendor OUI The vendor’s organizational unique identifier (OUI).
  • Page 314 Reports Icon Description First page — Click to return to the first page in the report. Unavailable when you are on the first page of the report. Previous page — Click to return to the previous page in the report. Unavailable when you are on the first page of the report.

  • Page 315: Dashboard Management

    Chapter Dashboard Management In this chapter • Dashboard overview ......... . . 263 •...
  • Page 316 Dashboard overview FIGURE 110 Dashboard tab 1. Menu bar — Lists commands you can perform on the dashboard. For a list of Dashboard tab menu commands, refer to “Dashboard main menus” on page 1411. The dashboard also provides a shortcut menu to reset the dashboard back to the defaults. Reset the dashboard back to the default settings by right-clicking in the white space and selected Reset to Default.

  • Page 317: Dashboard Toolbar

    Dashboard overview 8. Status bar — Displays the connection, port, product, fabric, special event, Call Home, and backup status, as well as Server and User data. For more information about the status bar, refer to “Status bar” on page 362. Dashboard toolbar The toolbar (Figure...

  • Page 318: Dashboard Messages

    Dashboard overview Dashboard messages The dashboard message bar (Figure 112) only displays when Scope (Network Scope and Time Scope) has changed in other clients. You can also view all dashboard messages and clear them. FIGURE 112 Dashboard message bar The toolbar contains the following fields and components: 1.

  • Page 319: General Dashboard Functions

    Dashboard overview 6. Options button — Use to share, unshare, export, and import a user-defined dashboard. For more information, refer to “Sharing a user-defined dashboard definition” on page 270, “Unsharing a user-defined dashboard definition” on page 270, “Exporting a user-defined dashboard definition”...

  • Page 320: Accessing A Dashboard

    Dashboard overview Accessing a dashboard From the Dashboards expand navigation bar, double-click the dashboard you want to view. Options include: • IP Port Health — Displays preconfigured IP performance monitors. You can display additional status widgets and performance monitors in this dashboard. •...

  • Page 321: Creating A User-Defined Dashboard

    Dashboard overview Press Enter. The filter results display in the Dashboards expand navigation bar. To stop the filter, click the stop filter (X) icon in the Filter text box. Creating a user-defined dashboard You can create a dashboard and customize it with the status widgets and performance monitors you need to monitor your network.

  • Page 322: Sharing A User-Defined Dashboard Definition

    Dashboard overview Sharing a user-defined dashboard definition You can share the user-defined dashboard with other users. The changes made in the shared dashboard will reflect to all the shared users. When the owner deletes a shared dashboard, it is unshared from all the shared users and removed from the Shared Dashboard list. 1.

  • Page 323: Importing A User-Defined Dashboard Definition

    Dashboard overview 4. Click OK. The user-defined dashboard definition details are saved in a .zip file in a location that you specify. NOTE You cannot export an empty dashboard and published widgets. Importing a user-defined dashboard definition You can import a user-defined dashboard definition from the file system to the Management application.
  • Page 324 Dashboard overview • Title — The name of the status widget. For more information, refer to “Status widgets” page 281. • Description — A general description of the status widget. 4. Click the Performance tab (Figure 114). The preconfigured performance monitors display. You can create up to 100 performance monitors;...

  • Page 325: Exporting The Dashboard Display

    Dashboard overview Exporting the dashboard display You can export the current dashboard display (all widgets and monitors) or a selected widget or monitor in a .png format. 1. Select one of the following options from the Export list: • Dashboard — Exports the current dashboard. •...

  • Page 326: Customizing The Dashboard Scope

    Dashboard overview Customizing the dashboard scope You can customize the dashboard display by setting the network scope and time scope in the Scope list (Figure 115). FIGURE 115 Scope list Setting the network scope You can configure the dashboard to display all objects in your area of responsibility (AOR) or a subset of objects (fabrics, devices, or groups) using the network scope selection.

  • Page 327: Creating A Customized Network Scope

    Dashboard overview • Any system-defined group • Any user-defined group (IP product and port group) • Any user-defined customized network If you select a fabric scope, dashboard widgets display data for all products and ports in the fabric. If you select a product scope, dashboard widgets display data for the selected products and the ports that belong to the selected products.

  • Page 328: Editing A User-Defined Network Scope

    Dashboard overview FIGURE 116 Edit Scopes dialog box 4. Click Add. A new network scope displays in the Network Scopes list. 5. Enter a name for the scope in the Name field. 6. Select one of the following options: • Fabrics —...

  • Page 329: Deleting A User-Defined Network Scope

    Dashboard overview 5. To add objects, select one or more the objects you want to include in the network from the Available Targets list and click the right arrow button. The objects display in the Selected Targets list. 6. To remove an object from the Selected Targets list, select it and click the left arrow button. Click OK to save your changes and close the Edit Scopes dialog box.
  • Page 330 Dashboard overview • Historical — Displays data for a specific date and time based on the selected network scope and duration. The Historical option displays a calender with a 30-day timeline. The end date in the calendar is the current date and the calendar will show the last 30 days from the current date.

  • Page 331: Dashboard Playback

    Dashboard overview Dashboard playback You can use dashboard control buttons (Pause, Rewind, and Forward) to view the available data of the dashboard and widgets in playback mode. Auto-refresh of data will not occur in playback mode. • Pause button — Use the Pause button to pause function in playback mode. •...

  • Page 332: Default Dashboards

    Default dashboards Default dashboards The Management application provides preconfigured dashboards which provide high-level overview of the network, the current states of managed devices, and performance of devices, ports, and traffic on the network. Product Status and Traffic dashboard The Product Status and Traffic dashboard provides the following preconfigured status widgets and performance monitors: •...

  • Page 333: Status Widgets

    Status widgets Status widgets The Management application provides the following preconfigured status widgets: • Bottlenecked Ports widget — Table view of bottlenecked ports and number of violations for each bottlenecked port in the SAN. There are four versions of this monitor based on the type of port: All ports, initiator ports, ISL ports, and Target ports.
  • Page 334 Status widgets • Port — The port identifier, such as port name, number, address, WWN, user port number, or zone alias. • Connected_Port_Link (where Connected_Port_Link is Connected Port, Initiator, or Target) — Displays one of the following: Connected Port — The ISL or IFL port on the connected device. Click to launch the switch port properties dialog box.
  • Page 335 Status widgets Bottleneck Graph dialog box The Bottleneck Graph dialog box (Figure 119) displays the statistics for the selected ports based on the time period. FIGURE 119 Bottleneck Graph dialog box The Bottleneck Graph dialog box displays event information for a specific duration by selecting one of the following from the time period: •...

  • Page 336: Events Widget

    Status widgets Events widget The Events widget (Figure 120) displays the number of events by severity level for a specified network scope, specified time scope, and duration as a stacked bar graph. FIGURE 120 Events widget The Events widget includes the following data: •...

  • Page 337: Host Adapter Inventory Widget

    Status widgets The x-axis represents the number of occurrences of a particular event severity during the selected time period. If you pause on a bar, a tooltip shows the number of events with that severity level during the selected time period. Also, for each severity, the cumulative number of traps, application events, and security events is reported next to the horizontal bar.
  • Page 338 Status widgets • Severity icon/Host product count/widget title — The color of the worst severity and the Host product count with that severity displays before the widget title. • Group By list — Use to customize this widget to display a specific grouping. Options include: Model (default), Location, Driver, BIOS, and OS Type.

  • Page 339: San Inventory Widget

    Status widgets SAN Inventory widget The SAN Inventory widget (Figure 122) displays the SAN products inventory as stacked bar graphs. FIGURE 122 SAN Inventory widget The SAN Inventory widget includes the following data: • Severity icon/product count/widget title — The color of the worst severity followed by the number of products with that severity displays before the widget title.
  • Page 340 Status widgets Customizing the SAN Inventory widget You can customize the SAN Inventory widget to display the product inventory for a specific group. The group type and number of devices in the group displays to the left of the associated bar; for example, v7.0.0 [3], where v7.0.0 is the firmware number and [3] is the number of devices running that firmware level.

  • Page 341: San Status Widget

    Status widgets SAN Status widget The SAN Status widget (Figure 123) displays the device status as a pie chart. FIGURE 123 SAN Status widget The SAN Status widget includes the following data: • Severity icon/product count/widget title — The color of the worst status followed by the number of products with that status displays before the widget title.

  • Page 342: Viewing Additional San Product Data

    Status widgets Viewing additional SAN product data 1. Double-click a section in the SAN Status widget. The SAN Products - Status dialog box (where Status is the section of the widget you selected) displays with the following fields and components: •...

  • Page 343: Vm Alarms Widget

    Status widgets • Fibre Channel Fabrics — The number of managed fabrics. • SAN Switches — The number of managed SAN switches. • SAN Physical Switches — The number of discovered physical SAN switches. • Hosts — The number of managed hosts. •...

  • Page 344: Monitoring And Alerting Policy Suite Widgets

    Monitoring and Alerting Policy Suite widgets Monitoring and Alerting Policy Suite widgets NOTE MAPS is only supported on a licensed version of the Management application with SAN management. NOTE MAPS is only supported on FC devices running Fabric OS 7.2.0 or later with the Fabric Vision license. NOTE MAPS is not supported on DCB devices.

  • Page 345: Out Of Range Violations Widget

    Monitoring and Alerting Policy Suite widgets Out of Range Violations widget The Out of Range Violations widget (Figure 125) displays the number of violations for each MAPS category, Fabric Watch category, and the number of network objects (such as ports, trunks, switches, and circuits) for SAN devices with the MAPS violation and Fabric Watch violation based on the selected fabric and a specified time range.
  • Page 346 Monitoring and Alerting Policy Suite widgets • Network Object Count — The number and network object type (such as switch, virtual machine, port, trunk, and so on) with a MAPS and Fabric Watch violation for each category. Always displays whether or not there is a violation. NOTE For FCIP Health, the Network Object Count is based on the number of VE_port and circuit combinations with a MAPS violation.

  • Page 347: Port Health Violations Widget

    Monitoring and Alerting Policy Suite widgets Port Health Violations widget The Port Health Violations widget (Figure 126) displays the number of violations for each product based on the selected fabric and a specified time range. There are four port health violation widgets: All, ISL, Initiator, and Target.
  • Page 348 Monitoring and Alerting Policy Suite widgets • Protocol Errors — The number of times a protocol error occurs on a port. • Link Reset — The ports on which the number of link resets exceed the specified threshold value. • C3TXTO —...

  • Page 349: Performance Monitors

    Performance monitors Performance monitors The performance monitors provide a high-level overview of the performance on the network. This allows you to easily check the performance of devices, ports, and traffic on the network. The performance monitors also provide several features to help you quickly access performance metrics and reports.

  • Page 350: Displaying Performance Monitors On The Dashboard

    Performance monitors TABLE 27 Preconfigure performance monitors Monitor title Description Data collectors Top Port Sync Losses Table view of the top port synchronization losses. There All SAN FC port collector are four versions of this monitor based on the type of port: All ports, initiator ports, ISL ports, and Target ports.

  • Page 351: Top Port Alignment Errors Monitor

    Performance monitors Top Port Alignment Errors monitor The Top Port Alignment Errors performance monitor displays the top ports with alignment errors in a table. The Top Port Alignment Errors performance monitor includes the following data: • Threshold icon/object count/monitor title — The color associated with the threshold and number of objects within that threshold displays next to the monitor title.

  • Page 352: Top Port C3 Discards Monitor

    Performance monitors Top Port C3 Discards monitor The Top Port C3 Discards monitor (Figure 127) displays the top ports with Class 3 frames discarded in a table. There are four port widgets: All, ISL, Initiator, and Target. FIGURE 127 Top Port C3 Discards monitor The Top Port C3 Discards monitor includes the following data: •...

  • Page 353: Top Port C3 Discards Rx To Monitor

    Performance monitors • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor” on page 323.
  • Page 354 Performance monitors • C3 Discards RX TO/sec — The number (error rate) of Class 3 frames received at this port and discarded at the transmission port due to timeout errors per second for the duration specified in the monitor. • C3 Discards RX TO —...

  • Page 355: Top Port Crc Errors Monitor

    Performance monitors Top Port CRC Errors monitor The Top Port CRC Errors monitor (Figure 129) displays the top ports with frames that contain cyclic redundancy check (CRC) errors in a table. FIGURE 129 Top Port CRC Errors monitor The Top Port CRC Errors monitor includes the following data: •...

  • Page 356: Top Port Encode Error Out Monitor

    Performance monitors • Port Number — The port number. • State — The port state (for example, Enabled). • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...
  • Page 357 Performance monitors • Connected_Port_Link (where Connected_Port_Link is Connected Port, Initiator, or Target) — Displays one of the following: Connected Port — The ISL or IFL port on the connected device. Click to launch the switch port properties dialog box. Initiator — The initiator port on the connected device. Click to launch the device properties dialog box.

  • Page 358: Top Port Link Failures Monitor

    Performance monitors Top Port Link Failures monitor The Top Port Link Failures monitor (Figure 131) displays the top ports with link failures in a table. FIGURE 131 Top Port Link Failures monitor The Top Port Link Failures monitor includes the following data: •...

  • Page 359: Top Port Link Resets Monitor

    Performance monitors To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor” on page 323. Accessing additional data from the Top Port Link Failures monitor •...

  • Page 360: Top Port Overflow Errors Monitor

    Performance monitors • TX Link Resets/sec — The number (error rate) of transmit link reset errors for the duration specified in the monitor. • TX Link Resets — The number (error count) of transmit link reset errors. • Product — The product affected by this monitor. •...

  • Page 361: Top Port Receive Eof Monitor

    Performance monitors • Connected_Port_Link (where Connected_Port_Link is Connected Port, Initiator, or Target) — Displays one of the following: Connected Port — The ISL or IFL port on the connected device. Click to launch the switch port properties dialog box. Initiator — The initiator port on the connected device. Click to launch the device properties dialog box.

  • Page 362: Top Port Runtime Errors Monitor

    Performance monitors • Identifier — The port identifier. • Port Number — The port number. • State — The port state (for example, Enabled). • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To edit a port performance monitor, refer to “Editing a preconfigured performance monitor”...

  • Page 363: Top Port Sync Losses Monitor

    Performance monitors Top Port Sync Losses monitor The Top Port Sync Losses monitor (Figure 134) displays the top ports with synchronization failures in a table. FIGURE 134 Top Port Sync Losses monitor The Top Port Sync Losses monitor includes the following data: •...

  • Page 364: Top Port Too Long Errors Monitor

    Performance monitors • Status — The port status (for example, In_Sync, No_Sync). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...

  • Page 365: Top Port Traffic Monitor

    Performance monitors Top Port Traffic monitor The Top Port Traffic monitor (Figure 135) displays the top ports with receive and transmit traffic in a table. FIGURE 135 Top Port Traffic monitor The Top Port Traffic monitor includes the following data: •...

  • Page 366: Top Port Underflow Errors Monitor

    Performance monitors • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...

  • Page 367: Top Port Utilization Percentage Monitor

    Performance monitors Top Port Utilization Percentage monitor The Top Port Utilization monitor (Figure 136) displays the top port utilization percentages in a table. FIGURE 136 Top Port Utilization monitor The Top Port Utilization monitor includes the following data: • Severity icon/monitor title — The worst severity of the data shown next to the monitor title. •...

  • Page 368: Bottom Port Utilization Percentage Monitor

    Performance monitors Accessing additional data from the Top Port Utilization monitor • Right-click a row in the monitor to access the shortcut menu available for the associated device. For more information about shortcut menus, refer to “Application menus” page 1411. •...

  • Page 369: Top Product Cpu Utilization Monitor

    Performance monitors • State — The port state (for example, Enabled). • Status — The port status (for example, Up). • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...

  • Page 370: Top Product Memory Utilization Monitor

    Performance monitors • Tag — The product tag. • Serial # — The serial number of the product. • Model — The product model. • Port Count — The number of ports on the product. • Firmware — The firmware level running on the product. •...

  • Page 371: Top Product Response Time Monitor

    Performance monitors • Max — The maximum value of the measure in the specified time range. • Fabric — The fabric to which the device belongs. • Product Type — The type of product (for example, switch). • State — The product state (for example, Offline). •...
  • Page 372 Performance monitors The Top Product Response Time monitor includes the following data: • Severity icon/response time/monitor title — The worst severity of the data and the response time displays next to the monitor title. • Product — The product affected by this monitor. •...

  • Page 373: Top Product Temperature Monitor

    Performance monitors Top Product Temperature monitor The Top Product Temperature monitor (Figure 141) displays the top product temperature in a table. FIGURE 141 Top Product Temperature monitor The Top Product Temperature monitor includes the following data: • Severity icon/temperature/monitor title — The worst severity of the data and the temperature displays next to the monitor title.

  • Page 374: Top Products With Unused Ports Monitor

    Performance monitors Accessing additional data from the Top Product Temperature monitor • Right-click a row in the monitor to access the shortcut menu available for the associated device. For more information about shortcut menus, refer to “Application menus” page 1411. •...

  • Page 375: Editing A Preconfigured Performance Monitor

    Performance monitors • Location — The location of the product. • Contact — A contact name for the product. • Refreshed — The time of the last update for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor”...

  • Page 376: User-Defined Performance Monitors

    User-defined performance monitors • To specify a color based on hue, saturation, and lightness, click the HSL tab. Specify the hue (0 through 360 degrees), saturation (0 through 100%), lightness (0 through 100%), and transparency (0 through 100%). • To specify a color based on values of red, green, and blue, click the RGB tab. Specify the values for red (0 through 255), green (0 through 255), blue (0 through 255), and alpha (0 through 255).
  • Page 377 User-defined performance monitors Ping Packet Loss Percentage — The ping packet loss percentage for the product. AP Client Count — The number of AP clients for the product. • Port Common Port Utilization Percentage — The memory utilization percentage.  Traffic —...
  • Page 378 User-defined performance monitors Slow Start Status — The number of slow starts.  Current Compression Ratio — The current compression ratio for the FCIP tunnel.  Errors — The number of errors.  Discards — The number of discarded frames. ...

  • Page 379: Top Or Bottom Product Performance Monitors

    User-defined performance monitors Receive Word Count (bytes) — The received word count in bytes as reported in the last  data point received for the flow. Transmit Throughput (Mbps) — The transmit throughput in megabytes per second as  reported by the last data point. Receive Throughput (Mbps) —...

  • Page 380: Top Or Bottom Port Performance Monitors

    User-defined performance monitors • Max — The maximum value of the measure in the specified time range. • Fabric — The fabric to which the device belongs. • Product Type — The type of product (for example, switch). • State — The product state (for example, Offline). •...
  • Page 381 User-defined performance monitors The top or bottom port performance monitor includes the following data: • Threshold icon/object count/monitor title — The color associated with the threshold and number of objects within that threshold displays next to the monitor title. • Severity icon/monitor title —...

  • Page 382: Distribution Performance Monitors

    User-defined performance monitors Distribution performance monitors The distribution performance monitor (Figure 145) displays the distribution (number) of products or ports for each of the five percentage ranges defined for the selected measure in a bar graph. FIGURE 145 Distribution performance monitor example The distribution performance monitor includes the following data: •...
  • Page 383 User-defined performance monitors TABLE 29 Port measures types Common FCIP • • Port Utilization Percentage Cumulative Compression Ratio • • Traffic Latency • • CRC Errors Dropped Packets • Link Retransmits • • Link Resets Timeout Retransmits • • Signal Losses Fast Retransmits •...

  • Page 384: Time Series Performance Monitors

    User-defined performance monitors Time series performance monitors The time series performance monitors (Figure 146) display the selected measures in a chart. FIGURE 146 Time series performance monitor example The time series performance monitor includes the following data: • Monitor title — The user-defined monitor title. •...

  • Page 385: Configuring A User-Defined Product Performance Monitor

    User-defined performance monitors Configuring a user-defined product performance monitor For creating a user-defined dashboard, refer to “Creating a user-defined dashboard” on page 269 and perform the following steps to configure a user-defined product performance monitor. 1. Click the Customize Dashboard icon. The Customize Dashboard dialog box displays.
  • Page 386 User-defined performance monitors 9. (Top N, Bottom N, and Distribution monitors only) Configure threshold numbers and associated colors by completing the following steps. Depending on the monitor type you select, you can define up to four threshold numbers in increasing or decreasing order and up to five associated threshold colors. (Top N and Bottom N monitors only) The decreasing order defaults are as follows: 90 and above displays red, 75 and above displays orange, 60 and above displays yellow, and all others display blue.

  • Page 387: Adding Targets To A User-Defined Performance Monitor

    User-defined performance monitors Accessing additional data from user-defined product performance monitors • In a Distribution monitor, double-click a percentage range to navigate to the Measure_Type Distribution Data Details dialog box. For more information, refer to “Viewing product distribution data details” on page 339 or “Viewing port distribution data details”...

  • Page 388: Configuring A User-Defined Port Performance Monitor

    User-defined performance monitors 15. Click OK on the Customize Dashboard dialog box. The performance monitors display at the bottom of the dashboard. Configuring a user-defined port performance monitor For creating a user-defined dashboard, refer to “Creating a user-defined dashboard” on page 269 and perform the following steps to configure a user-defined port performance monitor.
  • Page 389 User-defined performance monitors Common FCIP • • Port Utilization Percentage Cumulative Compression Ratio • • Traffic Latency • • CRC Errors Dropped Packets • Link Retransmits • • Link Resets Timeout Retransmits • • Signal Losses Fast Retransmits • • Sync Losses Duplicate Ack Received •...
  • Page 390 User-defined performance monitors (Distribution monitors only) The increasing order defaults are as follows: 0 through 20 displays green, 21 through 40 displays blue, 41 through 60 displays yellow, 61 through 80 displays orange, and 81 through 100 displays red. a. (Top N and Bottom N monitors only) Select the check box. b.

  • Page 391: Viewing Product Distribution Data Details

    User-defined performance monitors Viewing product distribution data details Each bar on the product distribution graph maps directly to one of the five percentage ranges defined for the distribution performance monitor (refer to “Distribution performance monitors” page 330). 1. Double-click a bar in the graph. The Monitor_Title Data Details dialog box displays.

  • Page 392: Viewing Port Distribution Data Details

    User-defined performance monitors Viewing port distribution data details Each bar on the port distribution graph maps directly to one of the five percentage ranges defined for the distribution monitor (refer to “Distribution performance monitors” on page 330). 1. Double-click a bar in the graph. The Monitor_Title Data Details dialog box displays.
  • Page 393 User-defined performance monitors FCIP  Cumulative Compression Ratio — The cumulative compression ratio for the FCIP tunnel. Latency — The latency for the FCIP tunnel. Dropped Packets — The number of dropped packets. Link Retransmits — The number of retransmitted links. Timeout Retransmits —...

  • Page 394: Traffic Flow Dashboard Monitors

    Traffic flow dashboard monitors Traffic flow dashboard monitors NOTE Traffic flow monitors are only supported on devices running Fabric OS 7.2 and later with the Fabric Vision license. You can use the dashboard to monitor traffic flows. To monitor a flow, you must first create and activate the flow in Flow Vision (refer to //link to flow vision//.
  • Page 395 Traffic flow dashboard monitors • Frame Transmit Frame Count (frames) — The transmit frame count as reported in the last data point received for the flow. Receive Frame Count (frames) — The received frame count as reported in the last data point received for the flow.

  • Page 396: Traffic Flow Performance Graph Monitor

    Traffic flow dashboard monitors Traffic flow performance graph monitor The traffic flow performance monitors display (Figure 147) the selected measures in a chart. FIGURE 147 Traffic flow performance graph monitor example The traffic flows performance monitor includes the following data: •...

  • Page 397: Top Or Bottom Traffic Flow Performance Monitor

    Traffic flow dashboard monitors Top or bottom traffic flow performance monitor The top or bottom traffic flow performance monitors (Figure 148) top or bottom number of flows for the selected measure in a table. FIGURE 148 Top traffic flow monitor example The top or bottom flow performance monitor includes the following data: •...

  • Page 398: Time Series Traffic Flow Performance Monitor

    Traffic flow dashboard monitors Accessing additional data from traffic flow performance monitors • Right-click a row in the table to access the shortcut menu and select one of the following options: Show Graph/Table — Launches the Flow Graphing dialog box with the selected measures (sub-flows) to be plotted.

  • Page 399: Performance Graph

    Traffic flow dashboard monitors Configuring a traffic flows monitor from a performance graph 1. Configure the performance graph. To configure a traffic flows performance graph, refer to //link to flow vision//. 2. Click Save As Widget to create a monitor of the graph data for the dashboard. The Historical Chart Monitor - Date_Time dialog box displays (where Date_Time is the date and time the monitor was created).
  • Page 400 Traffic flow dashboard monitors 5. Select the traffic measure for the monitor in the Measure area: For Time Series monitors, you can select more than one measure. SCSI Frame • • Read Frame Count (frames) Transmit Frame Count (frames) • •...

  • Page 401: Adding Targets To A Traffic Flow Performance Monitor

    Traffic flow dashboard monitors • To specify a color based on values of red, green, and blue, click the RGB tab. Specify the values for red (0 through 255), green (0 through 255), blue (0 through 255), and alpha (0 through 255). •...
  • Page 402 Traffic flow dashboard monitors • LUN — The LUN values defined in the flow. • Bi-direction — Whether or not the flow is bi-directional. Valid values are Yes or No. 8. Select the flow targets from the Available Flow list and click the right arrow button to move the targets to the Selected Flow list.
  • Page 403 Chapter View Management In this chapter • SAN tab overview..........352 •...

  • Page 404: San Tab Overview

    SAN tab overview SAN tab overview The SAN tab (Figure 150) displays the Product List, Topology Map, Master Log, Utilization Legend, and Minimap. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading.

  • Page 405: San Main Toolbar

    SAN tab overview 6. Port Display buttons — Provides buttons that enable quick access to configuring how ports display. Not enabled until you discover a fabric or host. For more information, refer to “Port Display buttons” on page 355. Connectivity Map toolbar — Provides tools for viewing the Connectivity Map as well as exporting the Connectivity Map as an image.

  • Page 406: View All List

    SAN tab overview 9. Flow Vision — Displays the Flow Vision dialog box. Use to configure Flow Vision. 10. MAPS — Displays the MAPS dialog box. Use to configure MAPS. 11. Domain ID/Port # — Use to set the domain ID or port number to display as decimal or hex in the Product List.

  • Page 407: Port Display Buttons

    SAN tab overview Port Display buttons The Port Display buttons are located at the top right of the Product List and enable you to configure how ports display. You have the option of viewing connected (or occupied) product ports, unoccupied product ports, or attached ports. Not enabled until you discover a fabric or host. NOTE Occupied/connected ports are those that originate from a device, such as a switch.

  • Page 408: Product List

    SAN tab overview Product List The Product List, located on the SAN tab, displays an inventory of all discovered devices and ports. The Product List is a quick way to look up product and port information, including serial numbers and IP addresses. To display the Product List, select View >...

  • Page 409: Connectivity Map

    SAN tab overview • Protocol — Displays the protocol for the port. • Serial # — Displays the serial number of the product. • Speed Configured (Gbps) — Displays the actual speed of the port in Gigabits per second. • State —...

  • Page 410: Utilization Legend

    SAN tab overview FIGURE 154 Connectivity Map The Management application displays all discovered fabrics in the Connectivity Map by default. To display a discovered Host in the Connectivity Map, you must select the Host in the Product List. You can only view one Host and physical and logical connections at a time. Connectivity Map functions •...

  • Page 411: Master Log

    Master Log FIGURE 155 Utilization Legend The colors and their meanings are outlined in the following table. TABLE 30 Line Color Utilization Defaults Red line 80% to 100% utilization Yellow line 40% to 80% utilization Blue line 1% to 40% utilization Gray line 0% to 1% utilization Black line...
  • Page 412 Master Log • Acknowledged — Whether the event is acknowledged or not. Select the check box to acknowledge the event. • Source Name — The product on which the event occurred. • Source Address — The IP address (IPv4 or IPv6 format) of the product on which the event occurred.

  • Page 413: Minimap

    Minimap Minimap The Minimap, which displays in the lower right corner of the main window, is useful for getting a bird’s-eye view of the topology, or to quickly jump to a specific place on the topology. To jump to a specific location on the topology, click that area on the Minimap.

  • Page 414: Status Bar

    Status bar Status bar The status bar displays at the bottom of the main window. The status bar provides a variety of information about the SAN and the application. The icons on the status bar change to reflect different information, such as the current status of products, fabrics, and backup. FIGURE 157 Status Bar The icons on your status bar will vary based on the licensed features on your system.

  • Page 415: Icon Legend

    Icon legend 8. Policy Monitor Status — Displays whether or not a policy monitor has failed or partially failed. Click to launch the Policy Monitor dialog box. For more information about policy monitors, refer “Viewing configuration policy manager status” on page 1238. 9.

  • Page 416: Host Product Icons

    Icon legend TABLE 31 Icon Description Icon Description VC module Multi-fabric VC module iSCSI Target iSCSI Initiator Host product icons The following table lists the manageable Host product icons that display on the topology. Fabric OS manageable devices display with blue icons. Unmanageable devices display with gray icons. Some of the icons shown only display when certain features are licensed.

  • Page 417: San Group Icons

    Icon legend SAN group icons The following table lists the manageable SAN product group icons that display on the topology. TABLE 33 Icon Description Icon Description Switch Group Host Group Storage Group Unknown Fabric Group Unmanaged Fabric Group Chassis Group Host group icons The following table lists the manageable Host product group icons that display on the topology.

  • Page 418: San Port Icons

    Icon legend SAN port icons The following table lists the SAN port icons that display in the Product List. TABLE 35 Icon Description Occupied FC Port Unoccupied FC Port Attached FC Port Trunk (port group) IP and 10 GE Port Attached IP and 10 GE Port Attached-to-Cloud 10 GE Port Virtual Port...

  • Page 419: Event Icons

    Icon legend TABLE 36 Icon Status Unknown/Link Down Unreachable Event icons The following table lists the event icons that display on the topology and Master Log. For more information about events, refer to “Fault Management” on page 1255. TABLE 37 Event Icon Description Emergency...

  • Page 420: Customizing The Main Window

    Customizing the main window Customizing the main window You can customize the main window to display only the data you need by displaying different levels of detail on the Connectivity Map (topology) or Product List. Zooming in and out of the Connectivity Map You can zoom in or out of the Connectivity Map to see products and ports.

  • Page 421: Showing Levels Of Detail On The Connectivity Map

    Customizing the main window Showing levels of detail on the Connectivity Map You can configure different levels of detail on the Connectivity Map, making device management easier. Viewing fabrics To view only fabrics, without seeing groups, products, or ports, select View > Show> Fabrics Only. Viewing groups To view only groups and fabrics, without seeing products, or ports, select View >...
  • Page 422 Customizing the main window • Export information from the table • Search for information • Expand the table to view all information • Collapse the table Displaying columns To only display specific columns, complete the following steps. 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays.
  • Page 423 Customizing the main window Changing the order of columns To change the order in which columns display, choose from one of the following options. Rearrange columns in a table by dragging and dropping the column to a new location. 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays.
  • Page 424 Customizing the main window Exporting table information You can export the entire table or a specific row to a text file. 1. Choose from one of the following options: • Right-click anywhere in the table and select Table > Export Table. •...

  • Page 425: Product List Customization

    Product List customization Product List customization NOTE Properties customization requires read and write permissions to the Properties - Add / Delete Columns privilege. You can customize the Product List by creating user-defined fabric, product, and port property labels. You can also edit or delete user-defined property labels, as needed. You can create up to three user-defined property labels from the Product List for each of the following object types: fabric, product, and port properties.

  • Page 426: Search

    Search Editing a property label You can only edit labels that you create on the Product List. To edit a user-defined property label (column heading), complete the following steps. 1. Right-click the column heading on the Product List for the property you want to edit and select Edit Column.

  • Page 427: Searching For A Device

    Search The Search features contains a number of components. The following graphic illustrates the various areas, and descriptions of them are listed below. 1. Text field — Enter the text or unicode regular expression for which you want to search. 2.

  • Page 428: Restricting A Search By Node

    Search Restricting a search by node When a device is assigned to a product group, it may be listed in the Product node, as well as Product Groups node. Therefore the search results include the device under both the Product node and the Product Group node.

  • Page 429: Clearing Search Results

    SAN view management overview • Regular Expression — Enter a Unicode regular expression in the search text box. (For hints, refer to “Regular Expressions” on page 1495.) All products in the Product List that contain the search text display highlighted. This search is case insensitive. 3.
  • Page 430 SAN view management overview FIGURE 161 Create View dialog box - Fabrics tab 2. Enter a name (128-character maximum) in the Name field and a description (126-character maximum) in the Description field for the view. NOTE You cannot use the name “View” or “View All” in the Name field. NOTE You cannot use an existing name in the Name field.

  • Page 431: Editing A Customized View

    SAN view management overview 6. In the Available Hosts table, select the hosts you want to include in the view and click the right arrow button to move your selections to the Selected Fabrics and Hosts table. The Available Hosts table displays the name, IP address, network address of the available hosts and the fabric in which the host is located.

  • Page 432: Deleting A Customized View

    SAN view management overview FIGURE 164 Edit View dialog box - Hosts tab 5. In the Available Hosts table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table. The Available Hosts table displays the name, IP address, network address of the available hosts and the fabric in which the host is located.

  • Page 433: Copying A View

    SAN view management overview Copying a view To copy a customized view, use the following procedure. 1. Use one of the following methods to open the Copy View dialog box: • Select View > Manage View > Copy View > View_Name. •...

  • Page 434: San Topology Layout

    SAN topology layout Click OK to save your changes and close the Copy View dialog box. NOTE When you open a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. 8.

  • Page 435: Customizing The Layout Of Devices On The Topology

    SAN topology layout • Port Display. Select to configure how ports display. Occupied Product Ports. Select to display the ports of the devices in the fabrics (present in the Connectivity Map) that are connected to other devices. UnOccupied Product Ports. Select to display the ports of the devices (shown in the Connectivity Map) that are not connected to any other device.

  • Page 436: Customizing The Layout Of Connections On The Topology

    SAN topology layout • Square. Select to display the device icons in a square configuration. Default for Host and Storage groups. • Vertical. Select to display the device icons vertically. • Horizontal. Select to display the device icons horizontally. • Most Connected at Center.

  • Page 437: Reverting To The Default Background Color

    SAN topology layout FIGURE 167 Choose a background color dialog box 3. Select a color from the swatches tab and click OK. • To specify a color based on hue, saturation, and value, click the HSV tab. Specify the hue (0 to 359 degrees), saturation (0 to 100%), value (0 to 100%), and transparency (0 to 100%).

  • Page 438: Changing The Product Label

    SAN topology layout Changing the product label To change the product label, complete the following steps. 1. Select a product in the Connectivity Map or Product List. 2. Select View > Product Label, and select one of the following options: •...

  • Page 439: Grouping On The Topology

    Grouping on the topology 2. Repeat step 1 to select more than one port display option. Grouping on the topology To simplify management, devices display in groups. Groups are shown with background shading and are labeled appropriately. You can expand and collapse groups to easily view a large topology. Collapsing groups To collapse a single group on the topology, choose one of the following options: •...

  • Page 440: Configuring Custom Connections

    Grouping on the topology Configuring custom connections NOTE Active zones must be available on the fabric. To create a display of the connected end devices participating in a single zone or group of zones, complete the following steps. 1. Select a fabric on the topology and select View > Connected End Devices > Custom. The Connected End Devices - Custom display for Fabric dialog box displays with a list of devices participating in a single zone or a group of zones in the Zones in Fabric list.

  • Page 441: Call Home

    Chapter Call Home In this chapter • Call Home overview ..........390 •...

  • Page 442: Call Home Overview

    Call Home overview overview Call Home NOTE Call Home is supported on Windows systems for all modem and e-mail Call Home centers and is supported on UNIX for the e-mail Call Home centers. Call Home notification allows you to configure the Management application server to automatically send an e-mail alert or dial in to a support center to report system problems on specified devices (Fabric OS switches, routers, and directors).

  • Page 443: System Requirements

    Viewing Call Home configurations Call Home allows you to perform the following tasks: • Assign devices to and remove devices from the Call Home centers. • Define filters from the list of events generated by Fabric OS devices. • Edit and remove filters available in the Call Home Event Filters table. •...
  • Page 444 Viewing Call Home configurations • Products List — Displays all discovered products. The list allows for multiple selections and manual sorting of columns. This list displays the following information: Product Icon — The status of the products’ manageability.  Name — The name of the product. ...
  • Page 445 Viewing Call Home configurations • Call Home Centers list — The Call Home centers, products assigned to the Call Home centers, and event filters assigned to the Call Home centers and products. This list displays the following information: Centers — A tree with Call Home centers as the parent node, assigned products as ...

  • Page 446: Showing A Call Home Center

    Showing a Call Home center Showing a Call Home center To show a Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Click Show/Hide Centers (beneath the Call Home Centers list). The Centers dialog box displays with a predefined list of Call Home centers (Figure 169).

  • Page 447: Editing A Call Home Center

    Editing a Call Home center Editing a Call Home center To edit a Call Home center, select from the following procedures: • Editing the IBM Call Home center ....... . 395 •...

  • Page 448: Editing An E-Mail Call Home Center

    Editing a Call Home center 8. Enter how often you want to retry the heartbeat interval in the Retry Interval field. The default is 10 seconds. 9. Enter the maximum number of retries in the Maximum Retries field. The default is 3. 10.
  • Page 449 Editing a Call Home center FIGURE 171 Configure Call Home Center dialog box (Brocade, IBM, NetApp, or Oracle E-mail option) 4. Make sure the Call Home center type you selected displays in the Call Home Centers list. If the Call Home center type is incorrect, select the correct type from the list. 5.
  • Page 450 Editing a Call Home center 16. Enter an e-mail address in the E-mail Notification Settings - Send To Address field. For Brocade E-mail Call Home centers, enter callhomeemail@brocade.com. 17. Click Send Test to test the mail server. The selected Call Home center must be enabled to test the mail server. A faked event is generated and sent to the selected Call Home center.
  • Page 451 Editing a Call Home center Source — Details about the product. Includes the following data: Firmware Version  Supplier Serial number  Factory Serial number  IP Address  Model number  Type  Product Name  Product WWN  Ethernet IP ...

  • Page 452: Editing The Emc Call Home Center

    Editing a Call Home center Editing the EMC Call Home center To edit an EMC Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the EMC Call Home center you want to edit in the Call Home Centers list. 3.

  • Page 453: Editing The Hp Lan Call Home Center

    Editing a Call Home center 13. Click OK. The Call Home dialog box displays with the Call Home center you edited highlighted in the Call Home Centers list. 14. Click OK to close the Call Home dialog box. Editing the HP LAN Call Home center To edit an HP LAN Call Home center, complete the following steps.

  • Page 454: Enabling A Call Home Center

    Enabling a Call Home center 8. Click Send Test to test the address. The selected Call Home center must be enabled to test the IP address. A faked event is generated and sent to the selected Call Home center. You must contact the Call Home center to verify that the event was received and in the correct format.

  • Page 455: Testing The Call Home Center Connection

    Testing the Call Home center connection Testing the Call Home center connection Once you add and enable a Call Home center, you should verify that Call Home is functional. To verify Call Home center functionality, complete the following steps. 1. Select Monitor > Event Notification > Call Home. 2.

  • Page 456: Viewing Call Home Status

    Viewing Call Home status Viewing Call Home status You can view Call Home status from the main Management application window or from the Call Home Notification dialog box. The Management application enables you to view the Call Home status at a glance by providing a Call Home status icon on the status bar.

  • Page 457: Assigning A Device To The Call Home Center

    Assigning a device to the Call Home center Assigning a device to the Call Home center Discovered devices (switches, routers, and directors) are not assigned to a corresponding Call Home center automatically. You must manually assign each device to a Call Home center before you use Call Home.

  • Page 458: Defining An Event Filter

    Defining an event filter 3. Click the left arrow button. A confirmation message displays. 4. Click OK. All devices assigned to the selected Call Home center display in the Products List. Any assigned filters are also removed. 5. Click OK to close the Call Home dialog box. Defining an event filter To define an event filter, complete the following steps.

  • Page 459: Assigning An Event Filter To A Call Home Center

    Assigning an event filter to a Call Home center Assigning an event filter to a Call Home center Event filters allow Call Home center users to log in to a Management server and assign specific event filters to the devices. This limits the number of unnecessary or “acknowledge” events and improves the performance and effectiveness of the Call Home center.

  • Page 460: Overwriting An Assigned Event Filter

    Overwriting an assigned event filter Overwriting an assigned event filter A device can only have one event filter at a time; therefore, when a new filter is applied to a device that already has a filter, you must confirm the new filter assignment. To overwrite an event filter, complete the following steps.

  • Page 461: Removing An Event Filter From A Device

    Removing an event filter from a device Removing an event filter from a device To remove an event filter from a device, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.
  • Page 462 Searching for an assigned event filter Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 463: About Third-Party Tools

    Chapter Third-party tools In this chapter • About third-party tools ......... . 411 •...

  • Page 464: Starting Third-Party Tools From The Application

    Starting third-party tools from the application Starting third-party tools from the application You can open third-party tools from the Tools menu or a device’s shortcut menu. Remember that you cannot open a tool that is not installed on your computer. You must install the tool on your computer and add the tool to the Tools menu or the device’s shortcut menu.

  • Page 465: Launching An Element Manager

    Launching an Element Manager 2. Select Tools > Product Menu > Telnet. The Telnet session window displays. NOTE On Linux systems, you must use CTRL + BACKSPACE to delete text in the Telnet session window. Launching an Element Manager Element Managers are used to manage Fibre Channel switches and directors. You can open a device’s Element Manager directly from the application.

  • Page 466: Launching Web Tools

    Launching Web Tools Launching Web Tools Use Web Tools to enable and manage Fabric OS access gateway, switches, and directors. You can open Web Tools directly from the application. For more information about Web Tools, refer to the Web Tools Administrator’s Guide. For more information about Fabric OS access gateway, switches, and directors, refer to the documentation for the specific device.

  • Page 467: Launching Name Server

    Launching Name Server • Fabric OS 1U, 8 Gbps 40-port FC Switch (with Integrated Routing license) • Fabric OS 2U, 8 Gbps 80-port FC Switch (with Integrated Routing license) • Fabric OS directors configured with a FC 8 Gbps 16-port Blade (with Integrated Routing license) •...

  • Page 468: Launching Hcm Agent

    Launching HCM Agent 2. Select Configure > Element Manager > Name Server. The Name Server module displays. NOTE When you close the Management application client, any Web Tools instance launched from the clients closes as well. Launching HCM Agent Use Fabric OS HCM Agent to enable and manage Fabric OS HBAs. You can open HCM Agent directly from the application.

  • Page 469: Launching Fabric Watch

    Launching Fabric Watch Launching Fabric Watch Use Fabric Watch as an health monitor that allows you to enable each switch to constantly monitor its SAN fabric for potential faults and automatically alerts you to problems long before they become costly failures.. For more information about Fabric Watch, refer to the Fabric Watch Administrator’s Guide.

  • Page 470: Entering The Server Ip Address Of A Tool

    Entering the server IP address of a tool FIGURE 174 Define Tools dialog box 4. Type the tool’s name in the Tool Name field as you want it to appear on the Tools menu. 5. Type or browse to the path of the executable file in the Path field. 6.

  • Page 471: Adding An Option To The Tools Menu

    Adding an option to the Tools menu 5. Click Edit. NOTE You must click Edit before clicking OK; otherwise, your changes will be lost. 6. Click OK to save your work and close the Setup Tools dialog box. Adding an option to the Tools menu You can add third-party tools to the Tools menu which enables you to launch tools directly from the application.

  • Page 472: Changing An Option On The Tools Menu

    Changing an option on the Tools menu Click Add. The new tool displays in the Tool Menu Items table. NOTE You must click Add before clicking OK; otherwise, the new menu option is not created. 8. Click OK to save your work and close the Setup Tools dialog box. The tool you configured now displays on the Tools menu.

  • Page 473: Adding An Option To A Device's Shortcut Menu

    Adding an option to a device’s shortcut menu 4. Click Remove. If the tool is not being utilized, no confirmation message displays. 5. Click Update to remove the tool. 6. Click OK to save your work and close the Setup Tools dialog box. Adding an option to a device’s shortcut menu You can add an option to a device’s shortcut menu.

  • Page 474: Changing An Option On A Device's Shortcut Menu

    Changing an option on a device’s shortcut menu 10. Click Add to add the new menu item. It displays in the Product Popup Menu Items table. NOTE You must click Add before clicking OK; otherwise, your changes will be lost. 11.

  • Page 475: Removing An Option From A Device's Shortcut Menu

    Removing an option from a device’s shortcut menu 11. Click Edit. NOTE You must click Edit before clicking OK; otherwise, your changes will be lost. 12. Click OK to save your work and close the Setup Tools dialog box. Removing an option from a device’s shortcut menu You can remove a tool that displays on a device’s shortcut menu.

  • Page 476: Registering A Scom Server

    Microsoft System Center Operations Manager (SCOM) plug-in The SCOM plug-in is supported on the following configurations: • SCOM 2007 R2 or SCOM 2012 • Professional Plus and Enterprise Trial and Licensed version 11.0.0 and later SCOM plug-in requirements • Make sure you import the Management application management pack (Management_Application_Name.FabricView.xml) to the SCOM Server prior to registering the SCOM Plug-in.

  • Page 477: Editing A Scom Server

    Microsoft System Center Operations Manager (SCOM) plug-in Editing a SCOM server To edit the SCOM server, complete the following steps. 1. Select Tools > Plug-in for SCOM. The Plug-in for SCOM dialog box displays. 2. Select the server you want to edit and click Edit. The Edit SCOM Server dialog box displays.
  • Page 478 Microsoft System Center Operations Manager (SCOM) plug-in Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 479: Server Management Console Overview

    Chapter Server Management Console In this chapter • Server Management Console overview ......427 •...

  • Page 480: Launching The Smc On Linux

    Services tab Launching the SMC on Linux NOTE The Server Management Console is a graphical user interface and should be launched from the XConsole on Linux systems. Perform the following steps to launch the Server Management Console on Linux systems. 1.

  • Page 481: Refreshing The Server Status

    Services tab 3. Review the following information for each available service. • Name — The name of the server; for example, FTP Server or Database Server. • Process Name — The name of the process; for example, postgres.exe (Database Server). •...

  • Page 482: Starting All Services

    Services tab Starting all services NOTE The Start button restarts running services in addition to starting stopped services which causes client-server disconnect. To start all services, complete the following steps. 1. Launch the Server Management Console. 2. Click the Services tab. 3.

  • Page 483: Ports Tab

    Ports tab 6. Select the database user name for which you want to change the password in the User Name field. Options include dcmadmin and dcmuser. Changing the dcmadmin password requires all Management application services, except for the database server, to be stopped and then re-started. Changing the dcmuser password requires all ODBC remote client sessions to be restarted.

  • Page 484: Aaa Settings Tab

    AAA Settings tab AAA Settings tab Authentication enables you to configure an authentication server and establish authentication policies. You can configure the Management application to authenticate users against the local database (Management application server), an external server (RADIUS, LDAP, CAC or TACACS+), or a switch.
  • Page 485 AAA Settings tab 1. Select the AAA Settings tab (Figure 177). FIGURE 177 AAA Settings tab 2. Select Radius Server from the Primary Authentication list. 3. Add or edit a Radius server by referring to “Configuring a Radius server” on page 434. 4.
  • Page 486 AAA Settings tab Configuring a Radius server To add or edit a Radius server, complete the following steps. 1. Choose one of the following options from the AAA Settings tab: • Click Add. • Select an existing Radius server and click Edit. The Add or Edit Radius Server dialog box displays (Figure 178).

  • Page 487: Configuring Ldap Server Authentication

    AAA Settings tab Configuring LDAP server authentication NOTE You cannot configure multiple Active Directory groups (domains) for the LDAP server. NOTE You cannot enter Domain\User_Name in the Management application dialog box for LDAP server authentication. If you configure the external LDAP server as the primary authentication server, make the following preparations first: •...
  • Page 488 AAA Settings tab FIGURE 179 AAA Settings tab - LDAP server 3. Add or edit an LDAP server by referring to “Configuring an LDAP server” on page 437. The LDAP Servers and Sequence table displays the following information: • Network Address — The network address of the LDAP server. •...
  • Page 489 AAA Settings tab • LDAP Servers Not Reachable • LDAP Authentication Failed • User Not Found in LDAP 10. Set the authorization preference by selecting one of the following options from the Authorization Preference list: • Local Database Use the LDAP server for authentication and the Management application local ...

  • Page 490: Configuring Tacacs+ Server Authentication

    AAA Settings tab FIGURE 180 Add or Edit LDAP server 4. Enter the LDAP server’s hostname in the Network address field. If DNS is not configured in your network, provide an IP address instead of the hostname. 5. Enable security by selecting the Security Enabled check box. When you enable security, the TCP port number automatically changes to port 636 and you must enable certificate services on the LDAP server.
  • Page 491 AAA Settings tab FIGURE 181 AAA Settings tab - TACACS+ server 3. Add or edit a TACACS+ server by referring to “Configuring a TACACS+ server” on page 440. 4. Rearrange the TACACS+ servers in the table by selecting a server and click the Up or Down button to move it.
  • Page 492 AAA Settings tab Configuring a TACACS+ server To add or edit a TACACS+ server, complete the following steps. 1. Choose one of the following options from the AAA Settings tab: • Click Add. • Select an existing TACACS+ server and click Edit. The Add or Edit TACACS+ Server dialog box displays (Figure 180).

  • Page 493: Configuring Common Access Card Authentication

    AAA Settings tab Configuring Common Access Card authentication NOTE Common Access Card (CAC) authentication does not support SMI Agent and launch-in-context dialog boxes. NOTE CAC authentication is only supported on Windows systems. Common Access Card (CAC) authentication requires the following preparations: •...
  • Page 494 AAA Settings tab FIGURE 183 AAA Settings tab - CAC server 3. Set the authorization preference by selecting one of the following options from the Authorization Preference list: • Local Database — Uses the AD server for authentication and the Management application local database for authorization.

  • Page 495: Configuring Switch Authentication

    AAA Settings tab Configuring switch authentication Switch authentication enables you to authenticate a user account against the switch database and the Management application server. You can configure up to three switches and specify the fall back order if one or more of the switches is not available. NOTE Switch authentication is only supported on Fabric OS devices.

  • Page 496: Configuring Local Database Authentication

    AAA Settings tab 1. Select the AAA Settings tab. 2. For Primary Authentication, select Windows Domain. 3. Enter the domain name in the Windows Domain Name field. 4. Set secondary authentication by selecting one of the following options from the Secondary Authentication list: •...

  • Page 497: Displaying The Client Authentication Audit Trail

    Radius server configuration Displaying the client authentication audit trail All responses to authentication requests coming from clients are logged to an audit trail log file. This file is automatically backed up on the first day of every month. 1. Select the AAA Settings tab. 2.

  • Page 498: Configuring User Authorization For The Radius Server

    Radius server configuration For example: client 172.26.3.76 { secret = password shortname = GVM1 server 3. Save and close the file. Configuring user authorization for the Radius server The user configuration file contains the individual user profiles. 1. Open the user configuration file (such as users.conf) a text editor (such as Notepad). 2.

  • Page 499: Ldap Server Configuration

    LDAP server configuration 2. Change the attribute to use the sequence number 9 as follows. ATTRIBUTE NM-Roles-AORs-List string 3. Save and close the file. 4. Open the Radius server dictionary file in a text editor (such as Notepad). 5. Enter the following to add the Management application dictionary file to the Radius server dictionary file: $INCLUDE dictonary.NM_AAA_dictionary 6.

  • Page 500: Assigning An Ad User To An Ad Group

    LDAP server configuration 4. Enter a name in the Full name field 5. Enter a log on name in the User logon name field. 6. Click Next. Select the Password Never Expires option and click Next. 8. Click Finish. The new user displays in the Users pane. 9.
  • Page 501 LDAP server configuration 5. Select Active Directory Schema from the Available standalone snap-ins list and click Add. If Active Directory Schema does not display the Available standalone snap-ins list, you must configure it on the LDAP server (refer to “Configuring the Active Directory Schema on the LDAP server”...
  • Page 502 LDAP server configuration 19. Close the Management console. 20. Restart the AD server. After you restart the AD server, go to “Configuring authorization details on the external LDAP server” on page 450. Configuring the Active Directory Schema on the LDAP server 1.

  • Page 503: Table

    LDAP server configuration 4. Select NmAors in the Attributes list and click Edit. The String Attribute Editor dialog box displays. 5. Enter the areas of responsibility (such as, All Fabricsand All Hosts) in the Value field and click OK.. 6. Select NmRoles in the Attributes list and click Edit. Enter the Management application user roles (such as Host Administrator, Network Administrator, Operator, Report User Group, SAN System Administrator, Security Administrator, Security Officer, and Zone Administrator) in the Value field and click OK.

  • Page 504: Loading An Ad Group

    LDAP server configuration 3. Select the roles and AORs you want to remove in the Active Directory Groups table. Select multiple roles and AORs by holding down the CTRL key and clicking more than one role and AOR. 4. Click the left arrow button. The selected roles and AORs are moved to the Available Roles / AORs table.

  • Page 505: Deleting An Ad Group

    TACACS+ server configuration 10. (Optional) Enter the group name in the Group Name Filter field. You can specify the group name in the following formats: • User, Domain - Will fetch the group name that contains the user or the operator. •...

  • Page 506: Restore Tab

    Restore tab Restore tab The Restore tab enables you to restore the application data files used by the Management application server. Restoring the database To restore application data files, you must know the path to the backup files. This path is configured from the Server >...

  • Page 507: Technical Support Information Tab

    Technical Support Information tab 5. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console. For the restored data to take effect, re-launch the Configuration Wizard using the instructions in “Launching the Configuration Wizard”...

  • Page 508: Hcm Upgrade Tab

    HCM Upgrade tab 3. Enter the path where you want to save the support data and a name for the support save file in the Output Path field. For example, Full_Path\Support_Save_File_Name.zip. You can also browse to the location you want to save the support data and append the file name to the path when you return to the Technical Support Information tab.

  • Page 509: Smi Agent Configuration Tool

    SMI Agent Configuration Tool 3. Click Upgrade. 4. Click Close. SMI Agent Configuration Tool The SMIA Configuration Tool enables you to configure SMI (Storage Management Initiative) Agent settings, such as security, CIMOM, and certificate management. This tool is automatically installed with the Management application as part of the Server Management Console.

  • Page 510: Launching The Smia Configuration Tool On Unix

    SMI Agent Configuration Tool 3. Enter your username and password in the appropriate fields. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. 4. Select or clear the Save password check box to choose whether you want the application to remember your password the next time you log in.

  • Page 511: Launching A Remote Smia Configuration Tool

    SMI Agent Configuration Tool 4. Enter your username and password in the appropriate fields and click OK. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. The SMIA Configuration Tool dialog box displays. Launching a remote SMIA configuration tool To launch a remote SMIA configuration tool, complete the following steps.
  • Page 512 SMI Agent Configuration Tool SLP support includes the following components: • slpd script starts the slpd platform • slpd program acts as a Service Agent (SA). A different slpd binary executable file exists for UNIX and Windows systems. • slptool script starts the slptool platform-specific program •...
  • Page 513 SMI Agent Configuration Tool • slptool findattrs service:wbem:https://IP_Address:Port NOTE Where IP_Address:Port is the IP address and port number that display when you use the slptool findsrvs service:wbem command. Use this command to verify that Management application SMI Agent SLP service is properly advertising its WBEM SLP template over the HTTP protocol.
  • Page 514 SMI Agent Configuration Tool SLP on UNIX systems This section describes how to verify the SLP daemon on UNIX systems. SLP file locations on UNIX systems • SLP log — Install_Home/cimom /cfg/slp.log • SLP daemon — Install_Home/cimom /cfg/slp.conf You can reconfigure the SLP daemon by modifying this file. •...

  • Page 515: Home Tab

    SMI Agent Configuration Tool Verifying SLP service installation and operation on Windows systems 1. Launch the Server Management Console from the Start menu. 2. Click Start to start the SLP service. 3. Open a command window. 4. Type cd c:\Install_Home\cimom \bin and press Enter to change to the directory where slpd.bat is located.

  • Page 516: Authentication Tab

    SMI Agent Configuration Tool Accessing Management application features To access Management application features such as, fabric and host discovery, role-based access control, application configuration and display options, server properties, as well as the application name, build, and copyright, complete the following steps. 1.
  • Page 517 SMI Agent Configuration Tool 1. Click the Authentication tab. FIGURE 190 Authentication tab 2. Select the Enable Client Mutual Authentication check box, as needed. If the check box is checked, CIM client mutual authentication is enabled. If the check box is clear (default), client mutual authentication is disabled.
  • Page 518 SMI Agent Configuration Tool Configuring CIMOM server authentication CIMOM server authentication is the authentication mechanism between the CIM client and the CIMOM Server. You can configure the CIMOM server to allow the CIM client to query the CIMOM server without providing credentials; however, the CIMOM server requires the Management application credentials to connect to the Management application server to retrieve the required data.

  • Page 519: Cimom Tab

    SMI Agent Configuration Tool CIMOM tab NOTE You must have SAN - SMI Operation Read and Write privileges to view or make changes on the CIMOM tab. For more information about privileges, refer to “User Privileges” on page 1451. The CIMOM tab enables you to configure the CIMOM server port, the CIMOM Bind Network Address, and the CIMOM log.
  • Page 520 SMI Agent Configuration Tool 4. Click Apply. NOTE Changes on this tab take effect after the next CIMOM server restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 12.X.X > Server Management Console). If you disabled SSL, a confirmation message displays.
  • Page 521 SMI Agent Configuration Tool Configuring the CIMOM log NOTE You must have SAN - SMI Operation Read and Write privileges to view or make changes on the CIMOM tab. For more information about privileges, refer to “User Privileges” on page 1451. To configure the CIMOM log, complete the following steps.

  • Page 522: Certificate Management Tab

    SMI Agent Configuration Tool Certificate Management tab NOTE You must have SMI Operation Read and Write privileges to view or make changes on the Certificate Management tab. For more information about privileges, refer to “User Privileges” on page 1451. The Certificate Management tab enables you to manage your CIM client and Indication authentication certificates.
  • Page 523 SMI Agent Configuration Tool 5. Click Import. The new certificate displays in the Certificates list and text box. If the certificate location is not valid, an error message displays. Click OK to close the message and reenter the full path to the certificate location. If you did not enter a certificate name, an error message displays.

  • Page 524: Summary Tab

    SMI Agent Configuration Tool Deleting a certificate NOTE You must have SMI Operation Read and Write privileges to view or make changes to the Certificate Management tab. For more information about privileges, refer to “User Privileges” on page 1451. To delete a certificate, complete the following steps. 1.
  • Page 525 SMI Agent Configuration Tool 1. Click the Summary tab. FIGURE 193 Summary tab 2. Review the summary. NOTE When the CIMOM server is stopped, the server configuration information does not display on the Summary tab. The following information is included in the summary. TABLE 39 Field/Component Description...
  • Page 526 SMI Agent Configuration Tool TABLE 39 Field/Component Description Log Level Displays the log level for the Server Configuration and the Current Configuration. Options include the following: • 10000 — Off • 1000 — Severe • 900 — Warning • 800 — Info (default) •...

  • Page 527: Configuration File Management

    Chapter SAN Device Configuration In this chapter • Configuration file management ........475 •...
  • Page 528 Configuration file management • Defining a schedule (Configuration File > Schedule Backup) (refer to “Scheduling switch configuration backup” on page 479) • Defining adaptive backup (Discovery or Event-triggered) (refer to “Adaptive backup” page 477) Saving switch configurations on demand or manually Configuration files are uploaded from the selected switches and stored in individual files only for the Professional edition.

  • Page 529: Adaptive Backup

    Configuration file management Adaptive backup Adaptive backup is triggered based on fabric discovery and when configuration change events is received from a switch. Discovery backup Switch or fabric discovery automatically triggers discovery backup for all switches in the fabric which have the correct user credentials. To discover a switch, refer to “Discovering fabrics”...
  • Page 530 Configuration file management To restore a switch configuration, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration File > Restore. The Restore Switch Configuration dialog box displays. FIGURE 195 Restore Switch Configuration dialog box 2.

  • Page 531: Scheduling Switch Configuration Backup

    Configuration file management Scheduling switch configuration backup NOTE The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. You can schedule a backup of one or more switch configurations. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all fabrics discovered.
  • Page 532 Configuration file management 3. Set the Schedule parameters. These include the following: The desired Frequency for backup operations (daily, weekly, monthly). The Day you want backup to run. If Frequency is Daily, the Day list is unavailable. If Frequency is Weekly, choices are days of the week (Sunday through Saturday). If Frequency is Monthly, choices are days of the month (1 through 31).
  • Page 533 Configuration file management FIGURE 197 Switch Configurations tab The Switch Configurations tab contains the following fields and components: • Trigger Backup on Events check box — Select to collect backup configurations triggered by events (refer to “Event -triggered backup”). Clear the check box to not collect backup configurations triggered by events.
  • Page 534 Configuration file management • Backup Date/Time — The date and time the last backup occurred. This is the backup that will be restored. • Name — The name of the switch that will be restored. • Configuration Type — The type of configuration for the switch (FC, DCB-running, or DCB-startup).

  • Page 535: Restoring A Configuration From The Repository

    Configuration file management Restoring a configuration from the repository If you delete a fabric or switch from discovery, the configuration remains in the repository until you delete it manually. Stored configurations are linked to the switch WWN; therefore, if the IP address or switch name is changed and then rediscovered, the Configuration File Manager dialog box displays the new switch name and IP address for the old configuration.

  • Page 536: Viewing Configuration File Content

    Configuration file management • Backup Type — The type of backup used to obtain the configuration files from the device. Backup options include the following types: Discovery — The discovery backup is obtained after the discovery process. Event Triggered — Occurs when a trap is generated by the device during a configuration change.

  • Page 537: Searching The Configuration File Content

    Configuration file management FIGURE 199 Configuration file content 5. Click Close to close the dialog box. Searching the configuration file content NOTE This feature requires a Trial or Licensed version. To search the configuration file content, complete the following steps. 1.

  • Page 538: Deleting A Configuration

    Configuration file management FIGURE 200 Searching Configuration file content 6. Click Close to close the dialog box. Deleting a configuration NOTE This feature requires a Trial or Licensed version. NOTE Baseline configurations and the latest configurations will not be deleted. 1.

  • Page 539: Exporting A Configuration

    Configuration file management Exporting a configuration NOTE This feature requires a Trial or Licensed version. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration File > Configuration File Manager. The Configuration File Manager dialog box displays. 2.

  • Page 540: Comparing Switch Configurations

    Configuration file management Comparing switch configurations The Compare dialog box allows you to display the contents of two configurations side-by-side. To compare two configurations, perform the following steps. 1. Click the SAN tab. 2. Select Configure > Configuration > Configuration File Manager. The Configuration File Manager dialog box displays.
  • Page 541 Configuration file management • Change Navigator buttons/legend — The Change Navigator buttons and legends are enabled when there is at least one change between two compared files. Go to first change button ( ) — Click to move to the first change. Go to previous change button ( ) —...

  • Page 542: Keeping A Copy Past The Defined Age Limit

    Configuration file management Keeping a copy past the defined age limit NOTE This feature requires a Trial or Licensed version. 1. Select Configure > Configuration File > Configuration File Manager. The Configuration File Manager dialog box displays. 2. Select the check box under Keep for the configuration you want to preserve. The configuration will be kept until it is manually deleted, or until the Keep check box is cleared to enable the age limit again.
  • Page 543 Configuration file management FIGURE 202 Change Tracking tab The Change Tracking tab displays the following information: • Name — The switch name. • Fabric Name — The name of the fabric. • WWN — The world wide name of the switch selected to be the destination switch. •...

  • Page 544: Replicating Configurations

    Configuration file management Replicating configurations NOTE This feature requires a Trial or Licensed version. You can replicate a switch SNMP configuration, the Fabric Watch configuration, Trace Destination configuration, or the entire configuration. 1. Select Configure > Configuration File > Replicate > Configuration. A wizard is launched to guide you through the process.
  • Page 545 Configuration file management TABLE 41 Step 3. Source Location Field/Component Description Configuration File Manager option Select to replicate the entire Configuration File Manager to the destination switches. Configuration from the switch option Select to assign a designated switch to the destination switch. File in text format option Select to choose a valid configuration file from the local file system by either typing in the complete path of the file in the text box or selecting...
  • Page 546 Configuration file management TABLE 42 Step 4. Source Configuration (Continued) Field/Component Description Port Type The type of port (for example, expansion port, node port, or NL_port). Product Type The type of product. Protocol The protocol for the port. Serial # The serial number of the switch.
  • Page 547 Configuration file management TABLE 43 Step 5. Destination Switches (Continued) Field/Component Description Product Type The type of product. Protocol The protocol for the port. Serial # The serial number of the switch. Speed Configured (Gbps) The actual speed of the port in Gigabits per second. State The port state, for example, online or offline.

  • Page 548: Replicating Security Configurations

    Configuration file management Replicating security configurations NOTE This feature requires a Trial or Licensed version. You can replicate an AD/LDAP Server, DCC, IP, RADIUS Server, or SCC security policy. 1. Select Configure > Configuration File > Replicate > Security. A wizard is launched to guide you through the process. The first step of the wizard, Overview, displays.
  • Page 549 Configuration file management TABLE 47 Step 3. Select Source Switch (Continued) Field/Component Description Switch Name The name of the source switch to be replicated. Switch IP Address The IP address of the source switch to be replicated. Switch WWN The world wide name of the source switch to be replicated. Name The name of the selected switch.

  • Page 550: Enhanced Group Management

    Enhanced group management TABLE 48 Step 4. Select Destination Switches (Continued) Field/Component Description Contact The primary contact at the customer site. Description A description of the customer site. State The port state, for example, online or offline. Status The operational status of the port; for example, unknown or marginal. Right and left arrow buttons Click to move the switches back and forth between the Available Switches table and the Selected Switches table.

  • Page 551: Firmware Management

    Firmware management Firmware management A firmware file repository (Windows systems only) is maintained on the server in the following location: C:\Program Files\Install_Directory\data\ftproot\Firmware\Switches\7.0\n.n.n\n.n.n The firmware repository is used by the internal FTP, SCP, or SFTP server that is delivered with the Management application software, and may be used by an external FTP server if it is installed on the same platform as the Management application software.
  • Page 552 Firmware management FIGURE 203 Download tab 3. Select one or more switches from the Available Switches table. The Available Switches table lists the switches that are available for firmware download. 4. Click the right arrow to move the switches to the Selected Switches table. If you select any switches that do not support firmware download, a message displays.
  • Page 553 Firmware management • Select the SCP Server option to download from the external SCP server. Continue with step NOTE The Management application only supports WinSSHD as the third-party Windows external SCP server. Firmware upgrade and downgrade through WinSSHD is only supported on devices running Fabric OS 6.0 or later.

  • Page 554: Displaying The Firmware Repository

    Firmware management Displaying the firmware repository The firmware repository is available on the Firmware Management dialog box. The Management application supports .zip and .gz compression file types for firmware files. Initially, the firmware repository is configured to use the built-in FTP, SCP, or SFTP server. To use an external FTP server, refer to “Configuring an external FTP, SCP, or SFTP server”...

  • Page 555: Importing A Firmware File

    Firmware management • Release Notes View button — Click to view the release notes, if imported, which contain information about downloading firmware. For internal built-in FTP, SCP, or SFTP servers or external SCP or SFTP servers running on the same system as the Management application, if there is a space in the release note file name, you will not be able to view the release notes.

  • Page 556: Deleting A Firmware File

    Firmware management 6. Enter or browse to the location of the MD5 file (.md5 file type). If the MD5 checksum file is located in the same directory as the firmware file and has the same file name (with the md5 extension), this field is auto-populated. The MD5 checksum file can be obtained from the Fabric OS product download site in the same location as the firmware file.

  • Page 557: Switch Password Management

    Switch password management Switch password management Switch password management enables you to change or reset the switch password for one or more users across multiple switches. NOTE You can change the switch password for root and factory users only by using the Change Password button because the current password is mandatory.
  • Page 558 Switch password management The Manage Switch Password dialog box includes the following components: • Available Switches table — Displays the switches available in the current view of the application. • Selected Switches table — Displays the selected switches. • Results table — Displays the users associated with the selected switches. 2.

  • Page 559: Resetting The Switch Password

    Switch password management FIGURE 208 Change Password dialog box 6. Enter the current password in the Current Password field. Enter the new password in the New Password and Confirm Password fields. NOTE Passwords must be from 8 through 40 characters long and cannot contain a colon (:). 8.

  • Page 560: Frame Viewer

    Frame viewer 5. Select one or more users for whom you want to reset the switch password from the Results table and click Reset Password. The Reset Password dialog box displays (as shown in Figure 209). FIGURE 209 Reset Password dialog box 6.
  • Page 561 Frame viewer 2. Select one of the following options from the Show list: • Select Only Supported Products with Dropped Frames in the Log. The top table displays Fabric OS devices running 7.1.0 or later that support frame viewer and have dropped frames. •...

  • Page 562: Viewing Discarded Frames From A Port

    Frame viewer • Clear button — Select a device in the upper table and click to clear the discarded frames from the frame log (refer to “Clearing the discarded frame log” on page 511). All discarded frame records from the frame log on the switch are cleared. The Discarded Frames column value in the upper table updates “No”.

  • Page 563: Clearing The Discarded Frame Log

    Frame viewer Destination – Destination name. If the device port is an HBA managed by the  Management application, the host name displays. Destination Port – Destination port name.  Destination Switch-Port – Destination Switch_Name – Port_Name.  Destination FID – Destination fabric ID. ...

  • Page 564: Ports

    Ports Ports You can enable and disable ports, as well as view port details, properties, type, status, and connectivity. Viewing port connectivity The connected switch and switch port information displays for all ports. To view port connectivity, choose one of the following steps: •...
  • Page 565 Ports • Add Flow button — Select a port and click to add a flow definition (refer to “Provisioning flows” on page 1816). NOTE Flow Vision is supported on platforms running Fabric OS 7.2 and later. • Port connectivity table — Displays the ports connected to the selected fabric or device. Loop devices are displayed in multiple rows, one row for each related device port.
  • Page 566 Ports Device Port Type— The device port type; for example, U_Port (universal port), FL_Port (Fabric loop port), and so on. Device Node WWN — The world wide name of the device node. Device Symbolic Name — The symbolic name of the device node. Physical/Virtual/NPIV —...

  • Page 567: Refreshing The Port Connectivity View

    Ports Connected Port Name — The name of the connected port. Connected User Port Number — The port number of the connected user port. Connected Port Area ID Port Index — The area ID and the port index of the connected port. Connected Port Speed —...
  • Page 568 Ports • • • < • > • <= • >= • contains • matches 4. Define a filter by entering a value that corresponds to the selected property in the Value column. 5. Repeat steps 2 through 4 as needed to define more filters. 6.

  • Page 569: Viewing Port Details

    Ports Viewing port details To view port details, complete the following steps. 1. Right-click the port for which you want to view more detailed information on the Port Connectivity View dialog box and select Show Details. The Port Details dialog box displays(Figure 211).

  • Page 570: Port Types

    Ports Port types On the Connectivity Map, right-click a switch icon and select Show Ports. The port types display showing which ports are connected to which products. NOTE Show Ports is not applicable when the map display layout is set to Free Form (default). NOTE This feature is only available for connected products.
  • Page 571 Ports 2. Review the following information: • Product properties for both devices. • Connection properties. • Selected connection port properties. Depending on the device type at either end of the connection, some of the following fields (Table 52) may not be available for all products. TABLE 52 Port connection properties Field...
  • Page 572 Ports TABLE 52 Port connection properties (Continued) Field Description dB Loss (dB) The power loss (dB) value between the source and destination ports. Only available when historical performance data collection is enabled. For Fabric OS devices, this field requires firmware version 6.2.2d, 6.3.2c, 6.4.1a, or 6.4.2 or later.
  • Page 573 Ports TABLE 52 Port connection properties (Continued) Field Description Manufacturer Plant The name of the manufacturing plant. Name The name of the switch. NPIV Enabled Whether the NPIV port is enabled. Parameter The parameter of the switch. Physical/Logical Whether the port is a physical port or a logical port. PID Format The port ID format of the switch.

  • Page 574: Determining Inactive Iscsi Devices

    Ports Determining inactive iSCSI devices For router-discovered iSCSI devices, you can view all of the inactive iSCSI devices in one list. To do this, use the Ports Only view and then sort the devices by FC Address. The devices that have an FC address of all zeros are inactive.
  • Page 575 Ports • Combined Status — Displays the current status of the port. NOTE Requires a 16 Gbps capable port running Fabric OS 7.0 or later. NOTE For devices running Fabric OS 7.1 or earlier, the device must have a Fabric Watch license and threshold monitoring configured for the port.

  • Page 576: Port Commissioning

    Port commissioning • Powered on Years (Hours) — The powered on time in years and hours for 16 Gbps capable ports. Empty for unsupported ports. NOTE Requires a 16 Gbps capable port running Fabric OS 7.0 or later. • FC Speed (GB/s) (Fabric OS 7.0 or later) — The FC port speed; for example, 4 Gbps. •...
  • Page 577 Port commissioning • Port commissioning is not supported on ports with Dense Wave Division Multiplexing (DWDM), Course Wave Division Multiplexing, or Time Division Multiplexing (TDM). • E_Port commissioning requires that the lossless feature is enabled on both the local switch and the remote switch.

  • Page 578: Configuring Port Commissioning

    Port commissioning Configuring port commissioning The following procedure provides an overview of the steps you must complete to configure port commissioning. 1. Make sure you meet the z/OS (mainframe operating system) requirements. For more information, refer to “z/OS requirements” on page 525. 2.
  • Page 579 Port commissioning FIGURE 215 Port Commissioning Setup dialog box 2. Enter the IP address (IPv4 or IPv6 format) or host name of the CIMOM server in the Network Address field. 3. (Optional) Enter a description of the CIMOM server in the Description field. The description cannot be over 1024 characters.

  • Page 580: Viewing Existing Cimom Servers

    Port commissioning Viewing existing CIMOM servers NOTE Port commissioning is only supported on FICON devices running Fabric OS 7.1 or later. Before you can decommission or recommission an F_Port, you must register the CIMOM servers within the fabric affected by the action. For more information, refer to “Registering a CIMOM server”...

  • Page 581: Editing Cimom Server Credentials

    Port commissioning Not Reachable — CIMOM server not reachable.  Wrong Namespace — CIMOM server namespace is incorrect.  • Last Contacted — The last time you contacted the system. Updates when you test the reachability of the CIMOM server and when you contact the CIMOM server to respond to the F_Port decommission or recommission request.

  • Page 582: Importing Cimom Servers And Credentials

    Port commissioning Importing CIMOM servers and credentials You can import one or more CIMOM servers (system and credentials) using a CSV-formatted file. You can import a maximum of 2,000 CIMOM servers. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 215).

  • Page 583: Changing Cimom Server Credentials

    Port commissioning Changing CIMOM server credentials You can edit the CIMOM server credentials for one or more CIMOM servers at the same time. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 215). 2.

  • Page 584: Deleting Cimom Server Credentials

    Port commissioning Deleting CIMOM server credentials 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 215). 2. Select one or more CIMOM servers from the Systems List and click the left arrow button. The details for the last selected CIMOM server row displays in the Add/Edit System and Credentials area.
  • Page 585 Port commissioning • Force — Select to force the port decommission. The Management application still contacts all registered CIMOM servers within the fabric affected by the action, but forces the port decommission regardless of the CIMOM server response. NOTE If the CIMOM server is not reachable or the credentials fail, F_Port decommissioning do not occur.

  • Page 586: E_Port Commissioning

    Port commissioning E_Port commissioning Although you can use any of the following methods to access the E_Port commissioning commands, individual procedures only include one method. • From the main menu, select the E_Port in the Product List, and then select Configure > Port Commissioning >...

  • Page 587: Port Commissioning By Switch

    Port commissioning Decommissioning an E_Port trunk Select the E_Port trunk in the Product List, and then select Configure > Port Commissioning > Decommission > Port or right-click E_Port trunk and select Decommission. The decommission request is sent to all the trunk members including the master, If a decommissioning request is triggered on a trunk level.

  • Page 588: Port Commissioning By Blade

    Port commissioning NOTE If the CIMOM server is not reachable or the credentials fail, port decommission does not occur. If all CIMOM servers are reachable, the Management application sends a CAL Request to decommission the port. If all the CIMOM servers are not reachable, decommissioning fails.
  • Page 589 Port commissioning Decommissioning all ports on a blade NOTE (Virtual Fabrics only) All ports on the blade must be managed by the Management application. NOTE Fabric tracking must be enabled (refer to “Enabling fabric tracking” on page 133) to maintain the decommissioned port details (such as port type, device port WWN, and so on).

  • Page 590: Port Commissioning Deployment Results

    Port commissioning Recommissioning all ports on a blade NOTE All ports on the blade must be managed by the Management application. Select a port on the blade for which you want to recommission all ports, and then select Configure > Port Commissioning > Recommission > All Ports on the Blade. NOTE You can only recommission ports from the logical switch, not the physical chassis.

  • Page 591: Viewing A Port Commissioning Deployment Report

    Port commissioning • Configuration Name — Name of the deployment. For example, Decommission/Recommission - switch_name, Decommission/Recommission - switch_name - blade, or Decommission/Recommission - switch_name - Ports. • Product — The product name. • Status — The status of the deployment. For example, Success or Failed. •...
  • Page 592 Port commissioning • Configuration Name — Name of the deployment. For example, Decommission/Recommission - switch_name, Decommission/Recommission - switch_name - blade, or Decommission/Recommission - switch_name - Ports. • Product — The product name. • Status — The status of the deployment. For example, Allowed or Failed. •...

  • Page 593: Cimcli Trouble Shooting

    Port commissioning CIMCLI trouble shooting Use the following sections to obtain data to support trouble shooting. Obtaining FCPort and PCCUPort data To obtain CIMOM supporting documentation for troubles hooting, complete the following steps. 1. Log onto the TSO. NOTE You need a very large TSO user region size for the cimcli command. 2.
  • Page 594 Port commissioning 3. Enter a file name for the server support save file in the File Name field. The default file name is DCM-SS-Time_Stamp. 4. Select the Include Database check box to include the database in the support save and choose one of the following options.

  • Page 595: Administrative Domain-Enabled Fabric Support

    Administrative Domain-enabled fabric support Administrative Domain-enabled fabric support The Management application provides limited support for AD-enabled fabrics. An Administrative Domain (Admin Domain or AD) is a logical grouping of fabric elements that defines which switches, ports, and devices you can view and modify. An Admin Domain is a filtered administrative view of the fabric.

  • Page 596: Management Application Support For Ad-Enabled Fabrics

    Administrative Domain-enabled fabric support • If you try to enable Virtual Fabrics on an AD-enabled switch, that operation fails with the following message: “Failed to enable Virtual Fabric feature for Chassis (Remove All ADs before attempting to enable VF).” • Performs performance management (including Advance Performance Monitoring and Top Talkers) data collection and reports in a physical fabric context.

  • Page 597: Port Connectivity

    Administrative Domain-enabled fabric support TABLE 53 Feature support for AD-enabled fabrics (Continued) Feature AD context ADO AD255 Not supported All AD User interface impact Performance Management > Filters AD-enabled fabric from the Fabrics list. Configure Thresholds End-to-End Monitors Clear Counters Port Auto Disable Filters AD-enabled fabric from the dialog box.

  • Page 598: Port Auto Disable

    Port Auto Disable Port Auto Disable NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. Port Auto Disable (PAD) allows you to enable and disable Port Auto Disable on individual FC_ports or on all ports on a selected device, as well as unblock currently blocked ports. Enabling port auto disable on a port or device configures ports to become blocked when any of the following five events occur: •...
  • Page 599 Port Auto Disable FIGURE 217 Port Auto Disable dialog box 2. Select a fabric from the Fabric list. An information message displays the number of block ports for the fabric, if any. 3. Select one of the following from the Show list to determine what ports to display: •...

  • Page 600: Configuring Port Auto Disable Event Triggers

    Port Auto Disable • Port # — Displays the port number. • Port WWN — Displays the port world wide name. • Port Name — Displays the port name. • User Port # — Displays the user port number. • PID —...

  • Page 601: Enabling Port Auto Disable On Individual Ports

    Port Auto Disable Enabling Port Auto Disable on individual ports NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. To enable PAD on individual ports, complete the following steps. 1. Select Monitor > Port Auto Disable. The Port Auto Disable dialog box displays. 2.

  • Page 602: Disabling Port Auto Disable On Individual Ports

    Port Auto Disable Disabling Port Auto Disable on individual ports NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. To disable port auto disable on individual ports, complete the following steps. 1. Select Monitor > Port Auto Disable. The Port Auto Disable dialog box displays.

  • Page 603: Stopping Port Auto Disable On A Device

    Port Auto Disable Stopping Port Auto Disable on a device NOTE Port Auto Disable requires devices running Fabric OS 7.2 or later. You can disable PAD at the device level. This allows you stop PAD for the device regardless of the individual port setting.

  • Page 604: Unblocking Ports

    Port Auto Disable Unblocking ports NOTE Port Auto Disable requires devices running Fabric OS 6.3 or later. To unblock ports, complete the following steps. 1. Select Monitor > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to unblock ports from the Fabric list. 3.

  • Page 605: Host Port Mapping Overview

    Chapter Host Port Mapping In this chapter • Host port mapping overview ........553 •...

  • Page 606: Creating A New Host

    Creating a new Host Creating a new Host To create a new Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. FIGURE 218 Host Port Mapping dialog box The Host Port Mapping dialog box includes the following details: •...

  • Page 607: Renaming An Hba Host

    Renaming an HBA Host Renaming an HBA Host To rename a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Click the Host you want to rename in the Hosts table, wait a moment, and then click it again. The Host displays in edit mode.

  • Page 608: Associating An Hba With A Host

    Associating an HBA with a Host Associating an HBA with a Host ATTENTION Discovered information overwrites your user settings. To associate an HBA with a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays.
  • Page 609 Importing HBA-to-Host mapping 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure and well-formed WWNs, and counts number of errors. If more than 5 errors occur, import fails and a ‘maximum error count exceeded’ message displays.

  • Page 610: Removing An Hba From A Host

    Removing an HBA from a Host Removing an HBA from a Host To remove an HBA from a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2.
  • Page 611 Exporting Host port mapping 4. Browse to the location where you want to save the export file. Depending on your operating system, the default export location are as follows: • Desktop\My documents (Windows) • \root (Linux) 5. Enter a name for the files and click Save. 6.
  • Page 612 Exporting Host port mapping Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 613: Storage Port Mapping Overview

    Chapter Storage Port Mapping In this chapter • Storage port mapping overview ........561 •...

  • Page 614: Creating A Storage Array

    Creating a storage array Creating a storage array To create a storage array, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays with the following information. •...

  • Page 615: Unassigning A Storage Port From A Storage Array

    Unassigning a storage port from a storage array 4. Click the right arrow. The storage port is added to the Storage Array. 5. Click OK to save your work and close the Storage Port Mapping dialog box. If the storage device is part of more than one fabric, a message displays: The selected Storage_Name/Storage_WWN is part of more than one fabric.

  • Page 616: Editing Storage Array Properties

    Editing storage array properties 6. Click the right arrow button. The storage port moves from the Storage Ports table to the selected storage array. Click OK to save your work and close the Storage Port Mapping dialog box. Editing storage array properties To edit storage array properties, complete the following steps.

  • Page 617: Viewing Storage Array Properties

    Viewing storage array properties 4. Review the properties. 5. Click OK on the Properties dialog box. 6. Click OK on the Storage Port Mapping dialog box. Viewing storage array properties To view storage array properties, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays.
  • Page 618 Importing storage port mapping 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure (first entry must be the storage node name (WWN) and second entry must be the storage array name), well formed WWNs, and counts number of errors If more than 5 errors occur, import automatically cancels.

  • Page 619: Exporting Storage Port Mapping

    Exporting storage port mapping Exporting storage port mapping The Storage Port Mapping dialog box enables you to export a storage port array. The export file uses the CSV format. The first row contains the headers (Storage Node Name (WWNN), Storage Array Name) for the file.
  • Page 620 Exporting storage port mapping Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 621: Host Management

    Chapter Host Management In this chapter • Host management..........569 •...

  • Page 622: Supported Adapters

    Supported adapters The Management application, in conjunction with HCM, provides end-to-end management capability. For information about configuring, monitoring, and managing individual adapters using the HCM GUI or the Brocade Command Utility (BCU), refer to the Adapters Administrator’s Guide. Supported adapters The following sections describe the supported adapter types: •...

  • Page 623: Converged Network Adapters

    Supported adapters Converged Network Adapters Table 57 describes available Converged Network Adapters (CNAs) for PCIe x 8 host bus interfaces, hereafter referred to as CNAs. These adapters provide reliable, high-performance host connectivity for mission-critical SAN environments. TABLE 57 Supported Fibre Channel CNA models Model number Port speed Number of ports...

  • Page 624: Hcm Software

    HCM software AnyIO technology Although the Brocade 1860 Fabric Adapter can be shipped in a variety of small form-factor pluggable (SFP) transceiver configurations, you can change port function to the following modes using Brocade AnyIO technology, provided the correct SFP transceiver is installed for the port: •...

  • Page 625: Hcm Features

    HCM software HCM features Common HBA and CNA management software features include the following: • Discovery using the agent software running on the servers attached to the SAN, which enables you to contact the devices in your SAN. • Configuration management, which enables you to configure local and remote systems. With HCM, you can configure the following items: Brocade 4 Gbps and 8 Gbps HBAs HBA ports (including logical ports, base ports, remote ports, and virtual ports) associated...

  • Page 626: Host Adapter Discovery

    Host adapter discovery Host adapter discovery The Management application enables you to discover individual hosts, import a group of hosts from a CSV file, or import host names from discovered fabrics. The maximum number of host discovery requests that can be accepted is 1000. Host discovery requires HCM Agent 2.0 or later. ESXi host adapter discovery requires the vendor-specific HBA CIM provider to be installed on the ESXi host.

  • Page 627: Editing A Vm Manager

    HCM and Management application support on ESXi systems 6. Enable or disable the vSphere client plug-in registration. If you enable this plug-in, events are forwarded from the Management application to the vCenter server. Click OK. The VMM discovery process begins. When complete, the vCenter server and all ESX and ESXi hosts managed by that vCenter display in the Host product tree.

  • Page 628: Esxi Cim Listener Ports

    HCM and Management application support on ESXi systems ESXi CIM listener ports The Management application server uses two CIM indication listener ports to listen for CIM indications. NOTE s Management Application does not support CIM indications for Emulex Adapters. • HCM Proxy Service CIM Indication Listener Port —...

  • Page 629: Connectivity Map

    Connectivity map 3. Select CIM server (ESXi only) as the Contact option. 4. (Optional) Select HTTP or HTTPS from the Protocol list. HTTPS is the default. 5. Click OK. Connectivity map The Connectivity Map, which displays in the upper right area of the main window, is a grouped map that shows physical and logical connectivity of Fabric OS components, including discovered and monitored devices and connections.

  • Page 630: Adapter Software

    Adapter software If you create a new host and associate HBAs to it, and then you try to discover a host with the same HBAs using Host discovery, the HBAs discovered using host discovery must match the HBAs associated to the host exactly; otherwise, host discovery will fail. Instructions for mapping a host to HBAs are detailed in Chapter 13, “Host Port Mapping”.

  • Page 631: Driver Repository

    Adapter software • Name — The name of the host. The first three digits indicate the host’s operating system; for example, WIN or LIN. • Operating System — The host operating system; for example, Microsoft Windows or Red Hat Linux. •...

  • Page 632: Boot Image Repository

    Adapter software FIGURE 222 Driver Repository dialog box 2. Click Import on the Driver Repository dialog box. The Import Driver Repository dialog box displays. 3. Locate the driver file using one of the following methods: • Search for the file you want from the Look In list. •...
  • Page 633 Adapter software Importing a boot image into the repository Boot images are required for adapters that are shipped without a boot image or when it is necessary to overwrite images on adapters that contain older or corrupted boot image versions. 1.
  • Page 634 Adapter software 6. Locate the boot image file using one of the following methods: • Search for the file you want from the Look In list. Boot image files version 2.0.0.0 and 2.1.0.0 are .zip files and other boot image files are .tar files. •...

  • Page 635: Bulk Port Configuration

    Bulk port configuration Deleting a boot image from the repository 1. Select one or more boot images from the Boot Image File Name list on the Boot Image Repository dialog box. 2. Click Delete. The boot image is removed from the boot image repository. Backing up boot image files You can back up the boot image files from the repository using the Options dialog box.

  • Page 636: Configuring Host Adapter Ports

    Bulk port configuration Configuring host adapter ports To create, edit, duplicate, or delete port configurations, complete the following steps. Select Host > Adapter Ports from the Configure menu. The Configure Host Adapter Ports dialog box, shown in Figure 225, displays. FIGURE 225 Configure Host Adapter Ports dialog box Brocade Network Advisor SAN User Manual...
  • Page 637 Bulk port configuration Adding a port configuration The Add Port Configuration dialog box allows you to create a maximum of 50 customized port configurations which you can then select and assign to ports. 1. Click Add on the Configure Host Adapter Ports dialog box. The Add Port Configuration dialog box, shown in Figure 226, displays.
  • Page 638 Bulk port configuration Target Rate Limiting — Enable the Target Rate Limiting feature to minimize congestion at the adapter port. Limiting the data rate to slower targets ensures that there is no buffer-to-buffer credit back-pressure between the switch due to a slow-draining target. NOTE NOTE: Target Rate Limiting and QoS cannot be enabled at the same time.
  • Page 639 Bulk port configuration • Enter the minimum allowable output bandwidth in the Min Bandwidth (Mbps) box. The minimum bandwidth is 0 Mbps. A zero value of minimum bandwidth (the default) implies that no bandwidth is guaranteed for that vNIC. • BB Credit Recovery —...

  • Page 640: Adapter Port Wwn Virtualization

    Adapter port WWN virtualization Adapter port WWN virtualization Adapter port world wide name (WWN) virtualization enables the adapter port to use a switch-assigned WWN rather than the physical port WWN for communication, allowing you to preprovision the server with the following configuration tasks: •...
  • Page 641 Adapter port WWN virtualization Enabling the FAWWN feature on a switch or AG ports 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port from the Fabric Assigned WWN - Configuration list. 3.
  • Page 642 Adapter port WWN virtualization Manually assigning a FAWWN to a switch or AG port 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port or AG port from the Fabric Assigned WWN - Configuration list. 3.

  • Page 643: Fawwns On Attached Ag Ports

    Adapter port WWN virtualization FAWWNs on attached AG ports The Configure Fabric Assigned Assigned WWNs dialog box, shown in Figure 228, enables you to configure the Fabric Assigned WWN feature on a selected attached Access Gateway (AG) port. 1. Select Configure > Fabric Assigned WWN. Right-click the switch and select Fabric Assigned WWN.
  • Page 644 Adapter port WWN virtualization 5. Enter a valid world wide name (WWN), with or without colons, for the Access Gateway node. Optionally, you can select an existing AG Node WWN from the list. The AG Node WWN box includes all discovered AG Node WWNs that are connected to the selected switch. 6.

  • Page 645: Role-Based Access Control

    Role-based access control Role-based access control The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to assign users to a role within the resource group. The Management application provides one preconfigured resource group (All Fabrics). When you create a resource group, all available roles are automatically assigned to the resource group.

  • Page 646: Host Performance Management

    Host performance management Host performance management Real-time performance enables you to collect data from managed HBA and CNA ports. You can use real-time performance to configure the following options: • Select the polling rate from 20 seconds up to 1 minute. •...

  • Page 647: Host Security Authentication

    Host security authentication TABLE 59 Counters (Continued) FC port measures HBA port measures CNA port measures Transmitted FCoE pause frames Received FCS error frames Transmitted FCS error frames Received alignment error frames Received length error frames Received code error frames Instructions for generating real-time performance data are detailed in “Generating a real-time performance graph”...
  • Page 648 Host security authentication FIGURE 229 Fibre Channel Security Protocol Configuration dialog box 3. Configure the following parameters on the Fibre Channel Security Protocol Configuration dialog box: a. Select the Enable Authentication check box to enable the authentication policy. If authentication is enabled, the port attempts to negotiate with the switch. If the switch does not participate in the authentication process, the port skips the authentication process.

  • Page 649: Host Fault Management

    supportSave on adapters supportSave on adapters Host management features support capturing support information for managed Brocade adapters, which are discovered in the Management application. You can trigger supportSave for multiple adapters at the same time. supportSave cannot be used to collect support information for ESXi hosts managed by a CIM Server.

  • Page 650: Filtering Event Notifications

    Host fault management Filtering event notifications The Management application provides notification of many different types of SAN events. If a user wants to receive notification of certain events, you can filter the events specifically for that user. NOTE The e-mail filter in the Management application is overridden by the firmware e-mail filter. When the firmware determines that certain events do not receive e-mail notification, an e-mail notification is not sent for those events even when the event type is added to the Selected Events table in the Define Filter dialog box.

  • Page 651: Backup Support

    Backup support Backup support The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary. Configuring backup to a hard drive NOTE Configuring backup to a hard drive requires a hard drive. The drive should not be the same physical drive on which your operating system or the Management application is installed.

  • Page 652: Enabling Backup

    Backup support Enabling backup Backup is enabled by default. However, if it has been disabled, complete the following steps to enable the function. 1. Select Server > Options. The Options dialog box displays. 2. Select Server Backup in the Category list. 3.

  • Page 653: Fcoe Overview

    Chapter Fibre Channel over Ethernet In this chapter • FCoE overview ..........601 •...

  • Page 654: Dcbx Protocol

    Enhanced Ethernet features DCBX protocol Data Center Bridging Exchange (DCBX) protocol allows enhanced Ethernet devices to convey and configure their DCB capabilities and ensures a consistent configuration across the network. DCBX protocol is used between DCB devices, such as a converged network adapter (CNA) and an FCoE switch, to exchange configuration with directly connected peers.

  • Page 655: Ethernet Jumbo Frames

    FCoE protocols supported Ethernet jumbo frames The basic assumption underlying FCoE is that TCP/IP is not required in a local data center network and the necessary functions can be provided with Enhanced Ethernet. The purpose of an “enhanced” Ethernet is to provide reliable, lossless transport for the encapsulated Fibre Channel traffic.

  • Page 656: Fcoe Licensing

    FCoE licensing FCoE licensing The FCoE license enables Fibre Channel over Ethernet (FCoE) functionality on the following supported DCB switches: • Network OS 10 GbE 24-port 8 GbE 8 FC port switch • Network OS VDX 6710, 6720, and 6730 switches •...

  • Page 657: Dcb Configuration Management

    DCB configuration management 2. Highlight a discovered DCB switch from the Available Switches list, and click the right arrow button to move the switch to the Selected Switches list. 3. Highlight the selected switch and click OK to start the configuration. The running configuration is saved to the selected switch, effective on the next system startup.

  • Page 658: Switch Policies

    Switch policies Switch policies You can configure and enable a number of DCB policies on a switch, port, or link aggregation group (LAG). The following switch policy configurations apply to all ports in a LAG: • DCB map and Traffic Class map •...

  • Page 659: Dcb Configuration

    DCB configuration DCB configuration To launch the DCB Configuration dialog box, select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. NOTE For FOS DCB devices, the Protocol Down Reason column, shown in Figure 231, displays the values only for the external ports of embedded platforms but not for the internal ports.
  • Page 660 DCB configuration FIGURE 232 Edit Switch dialog box - QoS tab 4. Select DCB from the Map Type list. 5. Configure the following DCB Map parameters in the DCB Map area: • Name - Enter a name to identify the DCB map. •...
  • Page 661 DCB configuration 6. Click the right arrow button to add the map to the DCB Maps list. If a DCB map exists with the same name, a validation dialog box launches and you are asked if you want to overwrite the map. Click OK.
  • Page 662 DCB configuration Click OK after changing the attributes of the current deployment. The Deployment Status dialog box displays. 8. Click Start on the Deployment Status dialog box to save the changes to the switch. 9. Click Close to close the Deployment Status dialog box. Configuring the DCB interface with the DCB map and global LLDP profile To configure the DCB interface, complete the following steps.
  • Page 663 DCB configuration The Web Tools application displays. You can also launch Web Tools by clicking the Element Manager button on the DCB Configuration dialog box. 3. Click the DCB tab. 4. Click the VLAN tab. 5. Click Add. The VLAN Configuration dialog box displays. 6.

  • Page 664: Adding A Lag

    DCB configuration Adding a LAG Link aggregation, based on the IEEE 802.3ad protocol, is a mechanism to bundle several physical ports together to form a single logical channel or trunk. The collection of ports is called a link aggregation group (LAG). NOTE An internal port cannot be part of a LAG.
  • Page 665 DCB configuration FIGURE 234 Add LAG dialog box 4. Configure the following LAG parameters: NOTE Ports with 802.1x authentication or ports that are enabled in L2 mode or L3 mode are not supported in a LAG. • LAG ID - Enter the LAG identifier, using a value from 1 through 63. Duplicate LAG IDs are not allowed.

  • Page 666: Editing A Dcb Switch

    DCB configuration • Type - Sets the limit on the size of the LAG. The type values include Standard, where the LAG is limited to 16 ports, and Brocade LAG, where the LAG is limited to 4 ports. The default is Standard. NOTE You cannot create Fabric OS-type LAGs from different anvil chips.
  • Page 667 DCB configuration FIGURE 235 Edit Switch dialog box 4. Configure the policies for the Edit Switch dialog box tabs, which are described in the following sections: • “QoS configuration” on page 620 • “FCoE provisioning” on page 626 • “VLAN classifier configuration” on page 628 •...

  • Page 668: Editing A Dcb Port

    DCB configuration Editing a DCB port 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a DCB port from the Products/Ports list. 3. Click Edit. The Edit Port dialog box displays, as shown in Figure 236.

  • Page 669: Editing A Lag

    DCB configuration 5. When you have finished configuring the policies, apply the settings to the DCB port. NOTE Clicking Cancel when there are pending changes launches a pop-up dialog box. 6. Click OK when you have finished modifying the DCB port parameters. The Deploy to Ports dialog box displays.
  • Page 670 DCB configuration 4. Configure the following LAG parameters, as required: NOTE Ports with 802.1x authentication or ports that are enabled in L2 mode or L3 mode are not supported in a LAG. • LAG ID - The LAG identifier, which is not an editable field. •...

  • Page 671: Enabling A Dcb Port Or Lag

    DCB configuration 8. Click Start on the Deployment Status dialog box to save the changes to the selected LAG or LAGs. NOTE If the primary or secondary IP address already exists on another interface, an error message displays in the Status area. 9.

  • Page 672: Qos Configuration

    QoS configuration QoS configuration QoS configuration involves configuring packet classification, mapping the priority and traffic class, controlling congestion, and scheduling. The configuration of these QoS entities consists of DCB Map and Traffic Class Map configuration. In a Data Center Bridging (DCB) configuration, Enhanced Transmission Selection (ETS) and priority-based flow control (PFC) are configured by utilizing a priority table, a priority group table, and a priority traffic table.

  • Page 673: Creating A Dcb Map

    QoS configuration Creating a DCB map The procedure in this section applies only for Fabric OS versions earlier than Fabric OS 7.0. When you create a DCB map, each of the Class of Service (CoS) options (0-7) must be mapped to at least one of the Priority Group IDs (0-7) and the total bandwidth percentage must equal 100.

  • Page 674: Editing A Dcb Map

    QoS configuration • Precedence - Enter a value from 1 through 100. This number determines the map’s priority. • Priority Flow Control check box - Check to enable priority-based flow control on individual priority groups. • CoS - Click the CoS cell to launch the Edit CoS dialog box, where you can select and assign one or more priorities (PG ID 15.0 through 15.7).

  • Page 675: Deleting A Dcb Map

    QoS configuration • Precedence - Enter a value from 1 through 100. This number determines the map’s priority. • % Bandwidth - Enter a bandwidth value for priority group IDs 0-7. The total of all priority groups must equal 100 percent. •...

  • Page 676: Assigning A Dcb Map To A Port Or Link Aggregation Group

    QoS configuration Assigning a DCB map to a port or link aggregation group The Edit Port dialog box - QoS tab allows you to assign DCB maps to ports and LAGs on a selected switch. NOTE QoS maps are created using the Edit Switch dialog box, accessible from the DCB Configuration dialog box.

  • Page 677: Editing A Traffic Class Map

    QoS configuration 6. Click the Traffic Class cell in a CoS row and directly enter a value from 0-7. You can leave the cell empty to indicate zero (0). Click the right arrow button to add the map to the Traffic Class Maps list. If the name of the Traffic Class map already exists, an overwrite warning message displays.

  • Page 678: Aggregation Group

    FCoE provisioning 8. Click Start on the Deployment Status dialog box to save the changes to the selected devices. Assigning a Traffic Class map to a port or link aggregation group You can assign a Traffic Class map to a port or ports under the LAG; however, a port does not require a Traffic Class map be assigned to it.

  • Page 679: Changing The Vlan Id On The Default Fcoe Map

    FCoE provisioning Changing the VLAN ID on the default FCoE map You can change the VLAN ID on the default FCoE map only when no ports or LAGs are participating as members of the switch. You must first manually remove the FCoE map option for each of the port members before you change the VLAN ID on the switch.

  • Page 680: Vlan Classifier Configuration

    VLAN classifier configuration 3. Click the FCoE tab on the Edit Port dialog box. The Edit Port dialog box, FCoE tab displays the following parameters: • FCoE Map field — Displays the name of the FCoE map (read-only). • VLAN ID list — The FCoE VLAN identifier associated with the FCoE map. The values range from 2 through 3583, and 1002 is the default.

  • Page 681: Adding A Vlan Classifier Rule

    VLAN classifier configuration Adding a VLAN classifier rule The Edit Switch dialog box, VLAN Classifiers tab allows you to create rules and group them into VLAN classifiers, which can then be applied to access port and LAG VLAN members and converged port VLAN members.

  • Page 682: Editing A Vlan Classifier Rule

    VLAN classifier configuration FIGURE 240 Add Rules dialog box The Rule ID field is pre-populated with the next available rule ID number. 5. Keep the rule ID number as it is, or change the number using a value from 1 through 256. 6.

  • Page 683: Deleting A Vlan Classifier Rule

    VLAN classifier configuration • IP — 0x8881 • IPv6 — 0x86DD 4. Select an encapsulation type from the list. Options include Ethv2, nosnapllc, and snapllc. The Encapsulation list only accepts a value when Protocol is selected as the rule type. 5.

  • Page 684: Deleting A Vlan Classifier Group

    LLDP-DCBX configuration Deleting a VLAN classifier group 1. Click the VLAN Classifiers tab on the Edit Switch dialog box. The Edit Switch dialog box, VLAN Classifiers tab displays. 2. Select a classifier from the VLAN Classifiers list. 3. Click Delete. The VLAN classifier group is deleted.

  • Page 685: Adding An Lldp Profile

    LLDP-DCBX configuration FIGURE 241 Edit Switch dialog box - LLDP-DCBX tab Adding an LLDP profile NOTE When a TE port is selected to assign to an LLDP profile, a yellow banner displays with the following error message: “LLDP-DCBX is disabled on this switch. The configuration becomes functional when LLDP-DCBX is enabled on the switch.”...

  • Page 686: Editing An Lldp Profile

    LLDP-DCBX configuration • Check the profile parameters that you want to display as part of the LLDP profile from the Advertise list: Port description - The user-configured port description.  System name - The user-configured name of the local system. ...

  • Page 687: Assigning An Lldp Profile To A Port Or Ports In A Lag

    LLDP-DCBX configuration 3. Click the LLDP-DCBX tab on the Edit Switch dialog box. 4. Select an existing LLDP profile from the LLDP Profiles list in the upper right pane. NOTE You cannot delete <Global Configurations>. You can, however, edit global configurations. For more information, refer to “Product configuration templates”...

  • Page 688: 802.1X Authentication

    802.1x authentication 802.1x authentication 802.1x is a standard authentication protocol that defines a client-server-based access control and authentication protocol. 802.1x restricts unknown or unauthorized clients from connecting to a LAN through publicly accessible ports. NOTE 802.1x is not supported for internal ports. A switch must be enabled for 802.1x authentication before you configure its parameters.

  • Page 689: Setting 802.1X Parameters For A Port

    802.1x authentication Setting 802.1x parameters for a port The 802.1x parameters can be configured whether or not the feature is enabled on the switch. The default parameters are initially populated when 802.1x is enabled, but you can change the default values as required.

  • Page 690: Switch, Port, And Lag Deployment

    Switch, port, and LAG deployment • Port Control - Select an authorization mode from the list to configure the ports for authorization. Options include auto, force-authorized, or force-unauthorized and the default value is auto. 6. When you have finished the configuration, click OK to launch the Deploy to Ports dialog box. Refer to “Switch, port, and LAG deployment”...
  • Page 691 Switch, port, and LAG deployment FIGURE 243 Deploy to Products dialog box FIGURE 244 Deploy to Ports dialog box Brocade Network Advisor SAN User Manual 53-1003154-01...
  • Page 692 Switch, port, and LAG deployment FIGURE 245 Deploy to LAGs dialog box 4. Click one of the following deployment options: • Deploy now • Save and deploy now • Save deployment only • Schedule 5. Click one of the following save configuration options: •...
  • Page 693 Switch, port, and LAG deployment 8. Select one or more of the following configurations, to be deployed on the selected targets. NOTE These configurations can be pushed to target DCB switches, FOS version 6.3.1_cee or 6.3.1_del. For switches: • QoS, DCB Map •...

  • Page 694: Compatibility For Deployment

    Switch, port, and LAG deployment Source to target switch Fabric OS version compatibility for deployment Table 62 lists the restrictions that exist when deploying source switches to target switches. TABLE 62 Source to target switch Fabric OS version compatibility Source Fabric OS version and device Target Fabric OS version supported Comments Fabric OS DCB switch and...

  • Page 695: Dcb Performance

    DCB performance DCB performance Performance monitoring provides details about the quantity of traffic and errors a specific port or device generates on the fabric over a specific time frame. You can also use Performance features to indicate the devices that create the most traffic and to identify the ports that are most congested.
  • Page 696 DCB performance Generating a real-time performance graph from the IP tab To generate a real-time performance graph for a Network OS or FOS DCB switch, complete the following steps. 1. Click the IP tab. 2. Select a DCB port from the DCB Configuration dialog box, and select Real Time Graph from the Performance list.

  • Page 697: Historical Performance Graph

    DCB performance Historical performance graph The Historical Performance Graph dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance graph You can generate a historical performance graph by selecting both Network OS and FOS DCB devices from the IP Tab or by selecting only Network OS DCB devices from the IP tab.

  • Page 698: Fcoe Login Groups

    FCoE login groups FCoE login groups The FCoE Configuration dialog box allows you to manage the FCoE login configuration parameters on the DCB switches in all discovered fabrics. FCoE login configuration is created and maintained as a fabric-wide configuration. With the FCoE license, the FCoE Configuration dialog box displays virtual FCoE port information and enables you to manage the virtual port information.

  • Page 699: Adding An Fcoe Login Group

    FCoE login groups • Click Edit to launch the Edit Login Group dialog box, where you can edit the login group parameters. See “Editing an FCoE login group” on page 648. • Click Delete to remove the login group from the list. See “Deleting one or more FCoE login groups”...

  • Page 700: Editing An Fcoe Login Group

    FCoE login groups 5. Select one of the following Available Member options: • Port WWN — Click to enter the world wide name (WWN) of the port to associate with the selected switch. The member port WWN text field allows a maximum of 16 digits. •...

  • Page 701: Deleting One Or More Fcoe Login Groups

    FCoE login groups • Rename the login group by entering the new name into the Name field. The Allow All option must be selected to rename the login group. • Select one of the following options to add or remove login members into the Available Members list.

  • Page 702: Enabling The Fcoe Login Management Feature On A Switch

    Virtual FCoE port configuration 4. Click Start to apply the changes, or click Close to abort the operation. The FCoE login management feature is disabled and all login groups on the selected switch are deleted. The value in the FCoE Login Management State column for the selected switch is Disabled and no login groups appear under the switch after the FCoE Configuration dialog box refresh operation.
  • Page 703 Virtual FCoE port configuration • There is a dynamic binding between the virtual FCoE port and the physical port or LAG. • There is a static binding between the virtual FCoE port and the physical port or lag and there are end devices connected to it.

  • Page 704: Clearing A Stale Entry

    Virtual FCoE port configuration Clearing a stale entry A stale entry is a device that logged in and logged off but, because a port went down after an FLOGI was received, the device failed to receive the message. The entry in the FCoE Connected Devices table becomes stale and you must clear it manually.

  • Page 705: Layer 2 Access Control List Management

    Chapter Security Management In this chapter • Layer 2 access control list management ......653 •...
  • Page 706 Layer 2 access control list management Creating a standard Layer 2 ACL configuration (Fabric OS) To create a standard Layer 2 ACL configuration, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.
  • Page 707 Layer 2 access control list management 11. Click OK on the Device_Name - Layer 2 ACL Configuration dialog box. The Deploy to Products - Layer 2 ACL dialog box displays. To save the configuration, refer to “Saving a security configuration deployment” on page 664 Editing a standard Layer 2 ACL configuration (Fabric OS) To create a standard Layer 2 ACL configuration on a Fabric OS device, complete the following steps.
  • Page 708 Layer 2 access control list management 4. To edit an existing ACL rule, complete the following steps. a. Select the rule you want to edit in the ACL Entries list and click the left arrow button. b. Complete step 5 through step 9 “Creating a standard Layer 2 ACL configuration (Fabric...
  • Page 709 Layer 2 access control list management 5. Enter a sequence number for the ACL in the Sequence field. 6. Select Permit or Deny from the Action list. In the Source list, select one of the following options: • • Host •...
  • Page 710 Layer 2 access control list management Editing an extended Layer 2 ACL configuration (Fabric OS) To edit an extended Layer 2 ACL configuration on a Fabric OS device, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.
  • Page 711 Layer 2 access control list management 5. To add a new ACL rule, complete step 4 through step 12 “Creating an extended Layer 2 ACL configuration (Fabric OS)” on page 656. The new ACL entry displays in the ACL Entries list. To add additional ACL entries, repeat step 6.

  • Page 712: Creating A Layer 2 Acl From A Saved Configuration

    Layer 2 access control list management • Select Deployment_Name (a user-configured deployment) to assign a user-configured deployment on the port. 5. Select the ACL you want to assign to the port from the second Assign ACL list. 6. Select the Write to Product check box to create the selected ACL on the device if it does not already exist.

  • Page 713: Deleting A Layer 2 Acl Configuration From The Application

    Layer 2 access control list management Deleting a Layer 2 ACL configuration from the application To delete a Layer 2 ACL configuration from the application, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays.

  • Page 714: Security Configuration Deployment

    Security configuration deployment Security configuration deployment Figure 256 shows the standard interface used to deploy security configurations. FIGURE 256 Deploy to Product/Ports dialog box Before you can deploy a security configuration, you must create the security configuration. For step-by-step instructions, refer to the following sections: Security Management enables you to configure, persist, and manage a security configuration as a “deployment configuration object”.

  • Page 715: Deploying A Security Configuration On Demand

    Security configuration deployment Deploying a security configuration on demand To deploy a security configuration immediately, complete the following steps. FIGURE 257 Deploy to Product/Ports dialog box 1. Choose one of the following options: • Deploy now — Select to deploy the configuration immediately on the product or port without saving the deployment definition.

  • Page 716: Saving A Security Configuration Deployment

    Security configuration deployment Saving a security configuration deployment To save a security configuration deployment, complete the following steps. FIGURE 258 Deploy to Product/Ports dialog box 1. Select the Save deployment only option to save the deployment definition for future deployment. 2.

  • Page 717: Scheduling A Security Configuration Deployment

    Security configuration deployment Scheduling a security configuration deployment To schedule a security configuration deployment, complete the following steps. FIGURE 259 Deploy to Product/Ports dialog box 1. Select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays. 2.
  • Page 718 Security configuration deployment 10. Choose one of the following options to configure the frequency at which deployment runs for the schedule: • To configure deployment to run only once, refer to “Configuring a one-time deployment schedule” on page 666. • To configure hourly deployment, refer to “Configuring an hourly deployment schedule”...
  • Page 719 Security configuration deployment Configuring a daily deployment schedule To configure a daily deployment schedule, complete the following steps. 1. Select Daily from the Frequency list. 2. Select the time of day you want deployment to run from the Time (hh:mm) lists. Where the hour value is from 1 through 12, the minute value is from 00 through 59, and the day or night value is AM or PM.
  • Page 720 Security configuration deployment Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 721: Fc-Fc Routing Service Management

    Chapter FC-FC Routing Service Management In this chapter • Devices that support Fibre Channel routing ......669 •...

  • Page 722: Fibre Channel Routing Overview

    Fibre Channel routing overview • Any of the following blades on a Backbone chassis: 4 Gbps Router, Extension Blade FC 8 GB 16-port Blade FC 8 GB 32-port Blade FC 8 GB 32-port Enhanced Blade (16 Gbps 4-slot or 16 Gbps 4-slot Backbone Chassis only) FC 8 GB 48-port Blade - The shared ports area (ports 16-47) cannot be used as EX_Ports.

  • Page 723: Lsan

    Guidelines for setting up Fibre Channel routing Figure 260 on page 671 shows a metaSAN with a backbone fabric and three edge fabrics. The backbone consists of one 4 Gbps Router, Extension Switch connecting hosts in Edge fabrics 1 and 3 with storage in Edge fabric 2 and the backbone fabric.

  • Page 724: Connecting Edge Fabrics To A Backbone Fabric

    Connecting edge fabrics to a backbone fabric Connecting edge fabrics to a backbone fabric The following procedure explains how to set up FC-FC routing on two edge fabrics connected through an FC router using E_Ports and EX_Ports. NOTE To configure an EX_Port, switches running Fabric OS 7.0.0 or earlier must have an FCR license. Switches running Fabric OS 7.0.1 or later configured in Brocade Native mode (IM0) or Brocade NOS mode (IM5) do not require an FCR license.
  • Page 725 Connecting edge fabrics to a backbone fabric FIGURE 261 Router Configuration-Connect Edge Fabric dialog box 3. Select the FC router from the Available Routers list. 4. Click the right arrow button to move the FC router you selected to the Selected Router list. 5.

  • Page 726: Configuring Routing Domain Ids

    Configuring routing domain IDs 9. Configure LSAN zones in each fabric that will share devices. For specific instructions, refer to “Configuring LSAN zoning” on page 911. Configuring routing domain IDs Logical (phantom) domains are automatically created to enable routed fabrics. Two types of logical domains are created: •...

  • Page 727: Virtual Fabrics Overview

    Chapter Virtual Fabrics In this chapter • Virtual Fabrics overview ........675 •...

  • Page 728: Terminology For Virtual Fabrics

    Virtual Fabrics overview Terminology for Virtual Fabrics Table 63 lists definitions of Virtual Fabrics terms. TABLE 63 Virtual Fabrics terms Term Definition Physical chassis The physical switch or chassis from which you create logical switches and fabrics. Logical switch A collection of ports that act as a single Fibre Channel (FC) switch. When Virtual Fabrics is enabled on the chassis, there is always at least one logical switch: the default logical switch.

  • Page 729: Virtual Fabrics Requirements

    Virtual Fabrics requirements Virtual Fabrics requirements To configure Virtual Fabrics, you must have at least one Virtual Fabrics-enabled physical chassis running Fabric OS 6.2.0 or later in your SAN. Use one of the following options to discover a Virtual Fabrics-enabled physical chassis on the Management application topology: •...
  • Page 730 Virtual Fabrics requirements TABLE 65 Blade and port types supported on logical switches for backbone chassis Logical switch type Ports • Default logical switch Extension Blade — E_Ports, F_Ports, GE_Ports, and VE_Ports • Application Platform Blade — E_Ports and F_Ports •...

  • Page 731: Ficon Best Practices For Virtual Fabrics

    FICON best practices for Virtual Fabrics FICON best practices for Virtual Fabrics Use the following recommended best practices and considerations for configuring Virtual Fabrics in a FICON environment when following the procedures under “Configuring Virtual Fabrics” page 680: • When configuring the logical switch in the New Logical Fabric Template or New Logical Switch dialog box (Fabric tab), use the following parameters.

  • Page 732: Configuring Virtual Fabrics

    Configuring Virtual Fabrics • When the Logical Switch Change Conformation and Status dialog box displays after configuring logical switches through the Logical Switches dialog box, be sure the following parameters are selected: Re-Enable ports after moving them. Unbind Port Addresses while moving them QoS disable the ports while moving them.

  • Page 733: Enabling Virtual Fabrics

    Configuring Virtual Fabrics d. Enable all of the base switches. This forms the base fabric. Right-click each base switch in the Connectivity Map or Product List and select Enable/Disable > Enable. 3. Set up logical switches in each physical chassis. a.

  • Page 734: Disabling Virtual Fabrics

    Configuring Virtual Fabrics Disabling Virtual Fabrics ATTENTION Disabling Virtual Fabrics deletes all logical switches, returns port management to the physical chassis, and reboots the physical chassis. If these logical switches are participating in a fabric, all affected fabrics will be disrupted. 1.
  • Page 735 Configuring Virtual Fabrics 2. Select the physical chassis from which you want to create a logical switch in the Chassis list. You can display all logical switches from all chassis by selecting the Show Logical Switches from all Chassis check box. 3.
  • Page 736 Configuring Virtual Fabrics • Logical switches in an edge fabric connected to an FC router • A logical switch in InteropMode 2 or InteropMode 3 • The logical switch has VE_Ports and is running Fabric OS 6.4.x or earlier • The logical switch has lossless DLS and is running Fabric OS 7.0.x or earlier NOTE For switches running Fabric OS 7.0.0 or later, VE_Ports on the 8 Gbps Extension Blade are...

  • Page 737: Finding The Physical Chassis For A Logical Switch

    Configuring Virtual Fabrics Finding the physical chassis for a logical switch The Management application enables you to locate the physical chassis in the Product List from which the logical switch was created. To find the physical chassis for a logical switch, right-click the logical switch in the Connectivity Map or Product List and select Virtual Fabric >...

  • Page 738: Removing Ports From A Logical Switch

    Configuring Virtual Fabrics Click the right arrow button to move the selected ports to the logical switch. If you selected the Addressing check box, enter the starting port address in the Bind Port Address dialog box. The ports display in the selected logical switch node in the Existing Logical Switches list. 8.

  • Page 739: Deleting A Logical Switch

    Configuring Virtual Fabrics Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box. The Re-Enable ports after moving them and QoS disable the ports while moving them check boxes are selected by default.

  • Page 740: Configuring Fabric-Wide Parameters For A Logical Fabric

    Configuring Virtual Fabrics Configuring fabric-wide parameters for a logical fabric When you create a logical switch, you must assign it to a fabric and configure fabric-wide parameters. All the switches in a fabric must have the same fabric-wide settings. Instead of configuring these settings separately on each logical switch, you can create a logical fabric template, which defines the fabric-wide settings for a logical fabric.

  • Page 741: Logical Switches

    Configuring Virtual Fabrics NOTE When you close the Logical Switches dialog box, the logical fabric templates are automatically deleted. Create the logical switches first, before closing the dialog box, to use the template. Applying logical fabric settings to all associated logical switches You can apply a selected logical switch configuration to all logical switches in the same fabric.

  • Page 742: Changing A Logical Switch To A Base Switch

    Configuring Virtual Fabrics 5. Change the FID in the Logical Fabric ID field. 6. Click OK on the Edit Properties dialog box. The logical switch displays under the new logical fabric node in the Existing Logical Switches list. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box.
  • Page 743 Configuring Virtual Fabrics Click OK on the Edit Properties dialog box. The Base Switch column in the Existing Logical Switches list now displays Yes for the logical switch. 8. Click OK on the Logical Switches dialog box. The Logical Switch Change Confirmation and Status dialog box displays with a list of all changes you made in the Logical Switches dialog box.
  • Page 744 Configuring Virtual Fabrics Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 745: San Encryption Configuration

    Chapter SAN Encryption Configuration In this chapter • Encryption Center features ........694 •...

  • Page 746: Encryption Center Features

    Encryption Center features • Using the Encryption Targets dialog box ......851 • Redirection zones ..........852 •...

  • Page 747: Encryption User Privileges

    Encryption user privileges • “Blade processor links” on page 707 describes the steps for interconnecting encryption switches or blades in an encryption group through a dedicated LAN. This must be done before the encryption engines are enabled. Security parameters and certificates cannot be exchanged if these links are not configured and active.

  • Page 748: Smart Card Usage

    Smart card usage TABLE 66 Encryption privileges (Continued) Privilege Read/Write • Storage Encryption Launch the Encryption center dialog box. • View switch, group, or engine properties. Security • View Encryption Group Properties Security tab. • View LUN centric view. • View all rekey sessions.

  • Page 749: Registering Authentication Cards From A Card Reader

    Smart card usage • Establishing a trusted link with the NetApp LKM/SSKM key vault. • Decommissioning a LUN. When a quorum of authentication cards is registered for use, authentication must be provided before you are granted access. Registering authentication cards from a card reader To register an authentication card or a set of authentication cards from a card reader, have the cards physically available.
  • Page 750 Smart card usage 3. Locate the Authentication Card Quorum Size and select the quorum size from the list. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.

  • Page 751: Registering Authentication Cards From The Database

    Smart card usage Registering authentication cards from the database Smart cards that are already in the Management program’s database can be registered as authentication cards. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 752: Deregistering An Authentication Card

    Smart card usage Deregistering an authentication card Authentication cards can be removed from the database and the switch by deregistering them. Complete the following procedure to deregister an authentication card. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 753: Using System Cards

    Smart card usage Using system cards System cards are smart cards that can be used to control activation of encryption engines. You can choose whether the use of a system card is required or not. Encryption switches and blades have a card reader that enables the use of a system card.

  • Page 754: Enabling Or Disabling The System Card Requirement

    Smart card usage Enabling or disabling the system card requirement To use a system card to control activation of an encryption engine on a switch, you must enable the system card requirement. If a system card is required, it must be read by the card reader on the switch.

  • Page 755: Deregistering System Cards

    Smart card usage Deregistering system cards System cards can be removed from the database by deregistering them. Use the following procedure to deregister a system card: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
  • Page 756 Smart card usage FIGURE 272 Smart Card Asset Tracking dialog box The Smart Cards table lists the known smart cards and the details for the smart cards. These details include the following: • Card ID: Lists the smart card ID, prefixed with an ID that identifies how the card id used. For example, rc.123566b700017818, where rc stands for recovery card.
  • Page 757 Smart card usage • Delete button: Deletes a selected smart card from the Management application database. NOTE You can remove smart cards from the table to keep the Smart Cards table at a manageable size, but removing the card from the table does not invalidate it; the smart card can still be used.

  • Page 758: Editing Smart Cards

    Smart card usage Editing smart cards Smart cards can be used for user authentication, master key storage and backup, and as a system card for authorizing use of encryption operations. 1. From the Encryption Center dialog box, select Smart Card > Edit Smart Card from the menu task bar to display the Edit Smart Card dialog box.

  • Page 759: Network Connections

    Network connections Network connections Before you use the encryption setup wizard for the first time, you must have the following required network connections: • The management ports on all encryption switches and DCX Backbone Chassis CPs that have Encryption Blades installed must have a LAN connection to the SAN management program, and must be available for discovery.

  • Page 760: Configuring Blade Processor Links

    Encryption node initialization and certificate generation Configuring blade processor links To configure blade processor links, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.

  • Page 761: Setting Encryption Node Initialization

    Key Management Interoperability Protocol Setting encryption node initialization Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a configuration. Encryption nodes may also be initialized from the Encryption Center dialog box. 1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from the menu task bar.

  • Page 762: Configuration Parameters

    Key Management Interoperability Protocol Configuration parameters The encryption group object has three additional properties that can be configured when the key vault (KV) type is KMIP. These additional properties must be set by the user: • High availability • User credentials •...

  • Page 763: Key Vault Type And Vendor

    Key Management Interoperability Protocol Key vault type and vendor The key vault type for any KMIP-compliant key vault is shown on the switch as “KMIP” in the groupcfg output. The key vault vendor or key manager name is displayed under “Server SDK Version”.

  • Page 764: Supported Encryption Key Manager Appliances

    Supported encryption key manager appliances Authentication Quorum Size: Authentication Cards not configured NODE LIST Total Number of defined nodes: Group Leader Node Name: 10:00:00:05:1e:53:ae:4c Encryption Group state: CLUSTER_STATE_CONVERGED Crypto Device Config state: In Sync Encryption Group Config state: In Sync Node Name IP address Role...

  • Page 765: Steps For Connecting To A Dpm Appliance

    Steps for connecting to a DPM appliance Steps for connecting to a DPM appliance All switches that you plan to include in an encryption group must have a secure connection to the RSA Data Protection Manager (DPM). The following is a suggested order of steps needed to create a secure connection to the DPM.

  • Page 766: Submitting The Csr To A Certificate Authority

    Steps for connecting to a DPM appliance 4. Do one of the following: • If a CSR is present, click Export. • If a CSR is not present, select a switch from the Encryption Center Devices table, then select Switch > Init Node from the menu task bar. This generates switch security parameters and certificates, including the KAC CSR.

  • Page 767: Importing The Signed Kac Certificate

    Steps for connecting to a DPM appliance In the example above, the certificate validity is active until “Dec 4 18:03:14 2010 GMT.” After the KAC certificate has expired, the registration process must be redone. NOTE In the event that the signed KAC certificate must be re-registered, you will need to log in to the key vault web interface and upload the new signed KAC certificate for the corresponding switch Identity.
  • Page 768 Steps for connecting to a DPM appliance Open another web browser window, and start the RSA management user interface. You will need the URL, and have the proper authority level, user name, and password. NOTE The Identity Group name used in the next step might not exist in a freshly installed DPM. To establish an Identity Group name, click the Identity Group tab, and create a name.

  • Page 769: Dpm Key Vault High Availability Deployment

    Steps for connecting to a DPM appliance Uploading the KAC certificate onto the DPM appliance (manual identity enrollment) NOTE The switch will not use the Identity Auto Enrollment feature supported with DPM 3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x server with the switch as described in this section.

  • Page 770: Steps For Connecting To An Lkm/Sskm Appliance

    Steps for connecting to an LKM/SSKM appliance FIGURE 276 Encryption Group Properties with Key Vault Certificate 2. Select Load from File and browse to the location on your client PC that contains the downloaded CA certificate in .pem format. Steps for connecting to an LKM/SSKM appliance The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network appliance.

  • Page 771: Launching The Netapp Datafort Management Console

    Steps for connecting to an LKM/SSKM appliance Launching the NetApp DataFort Management Console The NetApp DataFort Management Console (DMC) must be installed on your PC or workstation to complete certain procedures described in this chapter. Refer to the appropriate DMC product documentation for DMC installation instructions.

  • Page 772: Obtaining And Importing The Lkm/Sskm Certificate

    Steps for connecting to an LKM/SSKM appliance Obtaining and importing the LKM/SSKM certificate Certificates must be exchanged between the LKM/SSKM appliance and the encryption switch to enable mutual authentication. You must obtain a certificate from the LKM/SSKM appliance and import it into the encryption Group Leader. The encryption Group Leader exports the certificate to other encryption group members.

  • Page 773: On Lkm/Sskm

    Steps for connecting to an LKM/SSKM appliance Exporting and registering the switch KAC certificates on LKM/SSKM 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.

  • Page 774: Data Encryption Keys

    Steps for connecting to an LKM/SSKM appliance Data Encryption Keys The following sections describe Data Encryption Key (DEK) behavior during DEK creation, retrieval, and updates as they relate to disk keys and tape pool keys, and tape LUN and DF-compatible tape pool support: Disk keys and tape pool keys (Brocade native mode support) Data Encryption Key (DEK) creation, retrieval, and update for disk and tape pool keys in Brocade...

  • Page 775: Steps For Connecting To An Eskm/Skm Appliance

    Steps for connecting to an ESKM/SKM appliance LKM/SSKM key vault deregistration Deregistration of either the primary or secondary LKM/SSKM key vault from an encryption switch or blade is allowed independently. • Deregistration of Primary LKM/SSKM: You can deregister the Primary LKM/SSKM from an encryption switch or blade without deregistering the backup or secondary LKM/SSKM for maintenance or replacement purposes.

  • Page 776: Configuring A Brocade Group On Eskm/Skm

    Steps for connecting to an ESKM/SKM appliance • Enable an SSL connection. Refer to “Enabling SSL on the Key Management System (KMS) Server” on page 729. • Configure a cluster of ESKM/SKM appliances for high availability. Refer to the following sections: “Creating an ESKM/SKM High Availability cluster”...

  • Page 777: And Password

    Steps for connecting to an ESKM/SKM appliance Registering the ESKM/SKM Brocade group user name and password The Brocade group user name and password you created when configuring a Brocade group on ESKM/SKM must also be registered on each encryption node. NOTE This operation can be performed only after the switch is added to the encryption group.

  • Page 778: On Eskm/Skm

    Steps for connecting to an ESKM/SKM appliance • Different user names and passwords can never be used within the same encryption group, but each encryption group may have its own user name and password. • If you change the user name and password, the keys created by the previous user become inaccessible.

  • Page 779: Downloading The Local Ca Certificate From Eskm/Skm

    Steps for connecting to an ESKM/SKM appliance FIGURE 279 Creating an HP ESKM/SKM local CA 5. Under Certificates & CAs, select Trusted CA Lists to display the Trusted Certificate Authority List Profiles. 6. Click on Default under Profile Name. In the Trusted Certificate Authority List, click Edit. 8.
  • Page 780 Steps for connecting to an ESKM/SKM appliance 3. Enter the required information under Create Certificate Request. Enter a Certificate Name and Common Name. The same name may be used for both. Enter your organizational information. Enter the E-mail Address where you want messages to the Security Officer to go. Enter the Key Size.

  • Page 781: System (Kms) Server

    Steps for connecting to an ESKM/SKM appliance Enabling SSL on the Key Management System (KMS) Server The KMS Server provides the interface to the client. Secure Sockets Layer (SSL) must be enabled on the KMS Server before this interface will operate. After SSL is enabled on the first appliance, it will be enabled automatically on the other cluster members.

  • Page 782: Eskm/Skm Appliance

    Steps for connecting to an ESKM/SKM appliance Copying the local CA certificate for a clustered ESKM/SKM appliance Before adding an ESKM/SKM appliance to a cluster, you must obtain the local CA certificate from the original ESKM/SKM or from an ESKM/SKM that is already in the cluster. 1.

  • Page 783: Signing The Encryption Node Kac Certificates

    Steps for connecting to an ESKM/SKM appliance 15. Click Browse, then select the Cluster Key File you saved. 16. Enter the cluster password, then click Join. 17. After adding all members to the cluster, delete the cluster key file from the desktop. 18.

  • Page 784: Importing A Signed Kac Certificate Into A Switch

    Steps for connecting to an ESKM/SKM appliance Importing a signed KAC certificate into a switch After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported into the switch. NOTE This operation can be performed only after the switch is added to the encryption group. 1.

  • Page 785: Data Encryption Keys

    Steps for connecting to an ESKM/SKM appliance Data Encryption Keys The following sections describe Data Encryption Key (DEK) behavior during DEK creation, retrieval, and updates as they relate to disk keys and tape pool keys, and tape LUN and DF-compatible tape pool support: Disk keys and tape pool keys support Data Encryption Key (DEK) creation, retrieval, and update for disk and tape pool keys are as...

  • Page 786: Eskm/Skm Key Vault Deregistration

    Steps for connecting to a TEKA appliance ESKM/SKM key vault deregistration Deregistration of either the primary or secondary ESKM/SKM key vault from an encryption switch or blade is allowed independently. • Deregistration of primary ESKM: You can deregister the primary ESKM/SKM from an encryption switch or blade without deregistering the backup or secondary ESKM/SKM for maintenance or replacement purposes.

  • Page 787: Setting Up Teka Network Connections

    Steps for connecting to a TEKA appliance Setting up TEKA network connections Communicating to TEKA is enabled over an SSL connection. Two IP addresses are needed. One IP address is used for the management interface, and a second IP address is used for communication with clients.

  • Page 788: Creating A Client On Teka

    Steps for connecting to a TEKA appliance Creating a client on TEKA This step assumes the group brocade has been created by an administrator. If the group brocade does not exist, you must log in to TEKA as officer and create the group, then assign the group to a manager.

  • Page 789: Establishing Teka Key Vault Credentials On The Switch

    Steps for connecting to a TEKA appliance 6. Click Add Client. Enter the user name from step 3 in the Name field. 8. Enter a password in the Password and Verify Password fields. 9. Select the group brocade from the group pull-down menu, then click Add Client. A TEKA client user is created and is listed in the table.

  • Page 790: Teka Appliance

    Steps for connecting to a TEKA appliance The following rules apply for TEKA: • The key vault user name and user group name are generated on the switch. To view those values, select Switch > Properties, then click Key Vault User Name. •...

  • Page 791: Steps For Connecting To A Tklm Appliance

    Steps for connecting to a TKLM appliance FIGURE 285 Import Signed Certificate dialog box 2. Browse to the location where the signed certificate is stored, then click OK. The signed certificate is stored on the switch. Steps for connecting to a TKLM appliance All switches you plan to include in an encryption group must have a secure connection to the Tivoli Key Lifecycle Manager (TKLM).

  • Page 792: Exporting The Fabric Os Node Self-Signed Kac Certificates

    Steps for connecting to a TKLM appliance 11. Import the server CA certificate and register TKLM on the encryption Group Leader nodes. Refer to “Importing the TKLM certificate into the group leader” on page 742. 12. Enable the encryption engines. Exporting the Fabric OS node self-signed KAC certificates Each Fabric OS node generates a self-signed KAC certificate as part of the node initialization process as described under...

  • Page 793: Creating A Self-Signed Certificate For Tklm

    Steps for connecting to a TKLM appliance 3. Click Add on the Devices table menu task bar, which adds the entry to the table. 4. Under Device Serial Number, enter the serial number that is displayed for each node that you are adding to the device group.

  • Page 794: Exporting The Tklm Self-Signed Server Certificate

    Steps for connecting to a TKLM appliance Exporting the TKLM self-signed server certificate The TKLM self-signed server certificate must be exported in preparation for importing and registering the certificate on a Fabric OS encryption Group Leader node. 1. Enter the TKLM server wsadmin CLI. For Linux (in ./wsadmin.sh): <installed directory>/IBM/tivoli/tiptklmV2/bin/wsadmin.sh -username TKLMAdmin -password <password>...

  • Page 795: Steps For Connecting To A Kmip-Compliant Safenet Keysecure

    Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 286 Import Signed Certificate dialog box 3. Browse to the location where the signed certificate is stored, then click OK. The signed certificate is stored on the switch. Steps for connecting to a KMIP-compliant SafeNet KeySecure With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP) KeySecure Management Console can be used on the switch.

  • Page 796: Setting Fips Compliance

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Setting FIPS compliance 1. From the KeySecure Management Console, select the Security tab, then select Advanced Security, > High Security. The High Security Configuration page displays. (Refer to Figure 287.) FIGURE 287 KeySecure High Security Configuration page 2.

  • Page 797: Creating A Local Ca

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Creating a local CA 1. From the KeySecure Management Console, select the Security tab, then select CAs & SSL Certificates > Local CAs. The Certificate and CA Configuration page displays. (Refer to Figure 288.) FIGURE 288...

  • Page 798: Creating A Server Certificate

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Creating a server certificate 1. From the Security tab, select CAs & SSL Certificates > SSL Certificates. The Certificate and CA Configuration page displays. (Refer to Figure 290.) FIGURE 290 KeySecure Certificate and CA Configuration page 2.
  • Page 799 Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 291 KeySecure Certificate and CA Configuration page - Certificate List 3. Verify the server certificate status is shown as Request Pending. 4. Click on the server certificate name that you just created (Safenet75ServerCert), which displays the certificate contents.
  • Page 800 Steps for connecting to a KMIP-compliant SafeNet KeySecure 5. Copy the certificate contents. 6. From the Security tab, select CAs & SSL Certificates > Local CAs. The Certificate and CA Configuration page displays. Under Local Certificate Authority List, select the CA certificate you just created (SafeNetCA), then click Sign Request.
  • Page 801 Steps for connecting to a KMIP-compliant SafeNet KeySecure 8. Select Server as the Certificate Purpose and verify the Certificate Duration length. The default is 3649 days. 9. Paste the server certificate contents that you copied (refer to step 5) in the Certificate Request text box, then click Sign Request.
  • Page 802 Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 296 KeySecure Certificate and CA Configuration page - Certificate Installation 14. After the page refreshes, the new certificate information is displayed in the Certificate List table. (Refer to Figure 297.) FIGURE 297 KeySecure Certificate and CA Configuration page - Certificate List 15.

  • Page 803: Creating A Cluster

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Creating a cluster 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Cluster. The Cluster Configuration page displays. (Refer to Figure 298.) FIGURE 298 KeySecure Cluster Configuration page 2.

  • Page 804: Configuring A Brocade Group On The Keysecure

    Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 299 KeySecure Cluster Configuration page - Cluster Members 4. Under Cluster Settings, click Download Cluster Key. (Refer to Figure 300.) You are prompted to enter a local file name. FIGURE 300 KeySecure Cluster Configuration page - Cluster Settings Configuring a Brocade group on the KeySecure A Brocade group is configured on the KeySecure for all keys created by encryption switches and...

  • Page 805: And Password

    Steps for connecting to a KMIP-compliant SafeNet KeySecure 3. Select Local Users & Groups under Users & Groups. 4. Select Add under Local Users. 5. Create a Brocade user name and password. 6. Select the User Administration Permission and Change Password Permission check boxes, then click Save.

  • Page 806: Signing The Encryption Node Kac Csr On Kmip

    Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 302 Key Vault Credentials dialog box The dialog box contains the following information: • Primary Key Vault: Primary Key Vault is preselected. KMIP key vaults are clustered, so only one set of credentials is needed. •...
  • Page 807 Steps for connecting to a KMIP-compliant SafeNet KeySecure 6. The Certificate and CA Configuration page displays. Under Local Certificate Authority List, select the local CA name, and verify that its CA Status is shown as Active. 8. Click Sign Request. The Sign Certificate Request page displays.

  • Page 808: Importing A Signed Kac Certificate Into A Switch

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Importing a signed KAC certificate into a switch After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported into the switch. NOTE This operation can be performed only after the switch is added to the encryption group. 1.

  • Page 809: Backing Up The Certificates

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Backing up the certificates 1. From the KeySecure Management Console, select the Device tab, then select Maintenance > Backup & Restore > Create Backup. The Backup and Restore page displays. (Refer to Figure 305.) FIGURE 305...
  • Page 810 Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 306 Backup and Restore page - Device items 5. Select the items for backup, then click Continue. The Create Backup page displays, which is used for setting backup details. (Refer to Figure 307.) FIGURE 307...

  • Page 811: Configuring The Kmip Server

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Configuring the KMIP server 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Key Server > Key Server. The Cryptographic Key Server Configuration page displays. (Refer to Figure 308.) FIGURE 308...

  • Page 812: Adding A Node To The Cluster

    Steps for connecting to a KMIP-compliant SafeNet KeySecure Adding a node to the cluster Perform the following steps on the secondary KeySecure node when adding it to the cluster. 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration >...
  • Page 813 Steps for connecting to a KMIP-compliant SafeNet KeySecure FIGURE 310 KeySecure Cluster Configuration page - Cluster Members 6. Verify that both KeySecure nodes are shown as Active. From the Devices tab, select Maintenance > Backup and Restore > Restore Backup. The Backup and Restore page displays.

  • Page 814: Steps For Connecting To A Kmip-Compliant Keyauthority

    Steps for connecting to a KMIP-compliant keyAuthority 8. Under Restore Backup, select Upload from browser, then enter a file name or browse to the file location. 9. Enter the Backup Password in the field provided, then click Restore. 10. After the certificate is restored to the secondary node from the previously backed-up primary node, select Maintenance >...

  • Page 815: Encryption Preparation

    Encryption preparation Encryption preparation Before you use the encryption setup wizard for the first time, you should have a detailed configuration plan in place and available for reference. The encryption setup wizard assumes the following: • You have a plan in place to organize encryption devices into encryption groups. •...

  • Page 816: Creating A New Encryption Group

    Creating a new encryption group Creating a new encryption group The following steps describe how to start and run the encryption setup wizard and create a new encryption group. NOTE When a new encryption group is created, any existing tape pools in the switch are removed. 1.
  • Page 817 Creating a new encryption group FIGURE 314 Configure Switch Encryption wizard - welcome screen 4. From the Configure Switch Encryption welcome screen, click Next to begin. The Designate Switch Membership dialog box displays (Figure 315). The dialog box contains the following options: •...
  • Page 818 Creating a new encryption group 5. For this procedure, verify that Create a new encryption group containing just this switch is selected, then click Next. NOTE If you are adding a switch to an encryption, refer to “Adding a switch to an encryption group” page 801.
  • Page 819 Creating a new encryption group Click Next. The Select Key Vault. dialog box displays. (Refer to Figure 317.) FIGURE 317 Select Key Vault dialog box Using this dialog box, you can select a key vault for the encryption group that contains the selected switch.
  • Page 820 Creating a new encryption group Thales e-Security keyAuthority (TEKA): If an encryption group contains mixed firmware nodes, the Encryption Group Properties Key Vault Type name is based on the firmware version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or later, the Key Vault Type is displayed as “Thales e-Security keyAuthority (TEKA).”If a switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as “Thales Key Manager (TEMS)”.

  • Page 821: Manager (Dpm)

    Creating a new encryption group 8. Select the Key Vault Type. Configuration options vary based on the key vault type you choose. To complete the wizard steps, proceed to the section that describes your particular key vault type. For DPM key vault setting instructions, see “Configuring key vault settings for RSA Data Protection Manager (DPM)”...
  • Page 822 Creating a new encryption group 1. Enter the IP address or host name for the primary key vault. If you are clustering DPM appliances for high availability, IP load balancers are used to direct traffic to the appliances. Use the IP address of the load balancer. 2.
  • Page 823 Creating a new encryption group FIGURE 320 Specify Master Key File Name dialog box Enter the location of the file where you want to store back up master key information, or browse to the desired location. 8. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
  • Page 824 Creating a new encryption group FIGURE 321 Select Security Settings dialog box 10. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
  • Page 825 Creating a new encryption group FIGURE 322 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 323.) FIGURE 323 Configuration Status dialog box 12. Review the post-configuration instructions, which you can copy to a clipboard or print for later, then click Next.

  • Page 826: Manager (Lkm/Sskm)

    Creating a new encryption group FIGURE 324 Next Steps dialog box 13. Review the post-configuration instructions, which you can copy to a clipboard or print for later, then click Finish to exit the wizard. Configuring key vault settings for NetApp Link Key Manager (LKM/SSKM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard.
  • Page 827 Creating a new encryption group FIGURE 325 Select Key Vault dialog box for LKM/SSKM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate, or browse to the desired location.
  • Page 828 Creating a new encryption group FIGURE 326 Specify Public Key Certificate (KAC) File Name dialog box 4. Specify the location of the file where you want to store the public key certificate that is used to authenticate connections to the key vault. The certificate stored in this file is the switch’s public key certificate.
  • Page 829 Creating a new encryption group FIGURE 327 Select Security Settings dialog box 6. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
  • Page 830 Creating a new encryption group FIGURE 328 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 329.) FIGURE 329 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step.
  • Page 831 Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. See “Understanding configuration status results” on page 800 for more information. 8. Verify the information is correct, then click Next. The Next Steps dialog box displays.

  • Page 832: Key Manager (Eskm/Skm)

    Creating a new encryption group Configuring key vault settings for HP Enterprise Secure Key Manager (ESKM/SKM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard. If you have not already done so, go to “Creating a new encryption group”...
  • Page 833 Creating a new encryption group FIGURE 332 Specify Certificate Signing Request File Name dialog box 6. Enter the location of the file where you want to store the certificate information, or browse to the desired location, then click Next. The Specify Master Key File Name dialog box displays. (Refer to Figure 333.) FIGURE 333...
  • Page 834 Creating a new encryption group 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays. (Refer to Figure 334.) FIGURE 334 Select Security Settings dialog box 9. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above.
  • Page 835 Creating a new encryption group FIGURE 335 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 336.) FIGURE 336 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step.

  • Page 836: Keyauthority (Teka)

    Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. See “Understanding configuration status results” on page 800 for more information. 11. Review important messages, then click Next. The Next Steps dialog box displays.
  • Page 837 Creating a new encryption group FIGURE 338 Select Key Vault dialog box for TEKA 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate, or browse to the desired location.
  • Page 838 Creating a new encryption group FIGURE 339 Specify Master Key File Name dialog box 6. Enter the name of the file used for backing up the master key or browse to the desired location. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
  • Page 839 Creating a new encryption group 9. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
  • Page 840 Creating a new encryption group FIGURE 342 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.

  • Page 841: Lifetime Manager (Tklm)

    Creating a new encryption group FIGURE 343 Next Steps dialog box 12. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 13. Click Finish to exit the Configure Switch Encryption wizard. 14. Refer to “Understanding configuration status results”...
  • Page 842 Creating a new encryption group FIGURE 344 Select Key Vault dialog box for TKLM 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate or browse to the desired location.
  • Page 843 Creating a new encryption group FIGURE 345 Specify Public Key Certificate (KAC) File Name dialog box 5. Enter the name of the file where the switch’s public key certificate is stored, or browse to the desired location, then click Next. The Specify Master Key File Name dialog box displays.
  • Page 844 Creating a new encryption group Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays. (Refer to Figure 347.) FIGURE 347...
  • Page 845 Creating a new encryption group FIGURE 348 Confirm Configuration dialog box The Configuration Status dialog box displays. (Refer to Figure 349.) FIGURE 349 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step.

  • Page 846: Interoperability Protocol

    Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. 11. Click Next. The Next Steps dialog box displays. (Refer to Figure 350.) Instructions for installing public key certificates for the encryption switch are displayed.
  • Page 847 Creating a new encryption group • With the introduction of Fabric OS 7.2.0, KMIP with TEKA 4.0 is also supported, but must be configured using the CLI. All nodes in a keyAuthority encryption group must be running Fabric OS 7.2.0 or later. For configuration instructions, refer to the Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments.
  • Page 848 Creating a new encryption group • Username: Activates the Primary and Backup Key Vault User Names for completion. • None: Deactivates Primary and Backup Key Vault User Names and password fields. 6. Select the Certificate Type. Options are: • CA Signed: The switch KAC certificate is signed by a CA, imported back on the switch and registered as a KAC certificate.
  • Page 849 Creating a new encryption group FIGURE 353 Specify Master Key File Name dialog box 9. Enter the name of the file used for backing up the master key, or browse to the desired location. 10. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed.
  • Page 850 Creating a new encryption group FIGURE 354 Select Security Settings dialog box 12. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
  • Page 851 Creating a new encryption group FIGURE 355 Confirm Configuration dialog box 14. Confirm the encryption group name and switch public key certificate file name you specified are correct, then click Next. The Configuration Status dialog box displays. (Refer to Figure 356.) FIGURE 356 Configuration Status dialog box...

  • Page 852: Understanding Configuration Status Results

    Creating a new encryption group All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.

  • Page 853: Adding A Switch To An Encryption Group

    Adding a switch to an encryption group 3. Register the key vault. The Management application registers the key vault using the cryptocfg reg keyvault command. 4. Enable the encryption engines. The Management application initializes an encryption switch using the cryptocfg initEE [<slotnumber>] and cryptocfg regEE [<slotnumber>] commands.
  • Page 854 Adding a switch to an encryption group FIGURE 358 Configure Switch Encryption wizard - welcome screen 3. Click Next. The Designate Switch Membership dialog box displays. (Refer to Figure 359.) FIGURE 359 Designate Switch Membership dialog box 4. For this procedure, select Add this switch to an existing encryption group, then click Next. The Add Switch to Existing Encryption Group dialog box displays.
  • Page 855 Adding a switch to an encryption group The dialog box contains the following information: • Encryption Groups table: Enables you to select an encryption group in which to add a switch. • Member Switches table: Lists the switches in the selected encryption group. NOTE If you are creating a new encryption group, refer to “Creating a new encryption group”...
  • Page 856 Adding a switch to an encryption group FIGURE 361 Specify Public Key Certificate (KAC) File Name dialog box 6. Enter the location where you want to store the public key certificate that is used to authenticate connections to the key vault, or browse to the desired location, then click Next. The Confirm Configuration dialog box displays.
  • Page 857 Adding a switch to an encryption group The Configuration Status dialog box displays. (Refer to Figure 363.) FIGURE 363 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
  • Page 858 Adding a switch to an encryption group FIGURE 364 Error Instructions dialog box 8. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 9. Click Finish to exit the Configure Switch Encryption wizard. Brocade Network Advisor SAN User Manual 53-1003154-01...

  • Page 859: Replacing An Encryption Engine In An Encryption Group

    Replacing an encryption engine in an encryption group Replacing an encryption engine in an encryption group To replace an encryption engine in an encryption group with another encryption engine within the same DEK Cluster, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 860: High Availability Clusters

    High availability clusters High availability clusters A high availability (HA) cluster consists of exactly two encryption engines configured to host the same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single fabric. One encryption engine can take over encryption and decryption tasks for the other encryption engine if that member fails or becomes unreachable.

  • Page 861: Creating Ha Clusters

    High availability clusters Creating HA clusters For the initial encryption node, perform the following procedure. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select an encryption group from the Encryption Center Devices table, then select Group > HA Cluster from the menu task bar.

  • Page 862: Removing Engines From An Ha Cluster

    High availability clusters 3. Click the right arrow to add the encryption engine to the selected HA cluster. 4. Click OK. Removing engines from an HA cluster Removing the last engine from an HA cluster also removes the HA cluster. If only one engine is removed from a two-engine cluster, you must either add another engine to the cluster, or remove the other engine.

  • Page 863: Failback Option

    Configuring encryption storage targets Failback option The Failback option determines the behavior when a failed encryption engine is restarted. When the first encryption engine comes back online, the encryption group’s failback setting (auto or manual) determines how the encryption engine resumes encrypting and decrypting traffic to its encryption targets.

  • Page 864: Adding An Encryption Target

    Configuring encryption storage targets 5. Confirmation 6. Configuration Status Important Instructions Adding an encryption target 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select a group, switch, or engine from the Encryption Center Devices table to which to add the target, then select Group/Switch/Engine >...
  • Page 865 Configuring encryption storage targets FIGURE 368 Configure Storage Encryption wizard - welcome screen 4. Click Next. The Select Encryption Engine dialog box displays. (Refer to Figure 369.) FIGURE 369 Select Encryption Engine dialog box Brocade Network Advisor SAN User Manual 53-1003154-01...
  • Page 866 Configuring encryption storage targets The dialog box contains the following information: • Encryption engine: The name of the encryption engine. The list of engines depends on the scope being viewed: If an encryption group was selected, the list includes all engines in the group. If a switch was selected, the list includes all encryption engines for the switch.
  • Page 867 Configuring encryption storage targets 6. Select a target from the list. (The Target Port WWN and Target Node WWN fields contain all target information that displays when using the nsShow command.) You can also enter WWNs manually, for example, to specify a target that is not on the list. Select a target type from the Type list, then click Next.
  • Page 868 Configuring encryption storage targets NOTE You must enter the host node world wide name before clicking Add, to add the WWN to the Selected Hosts table. • Node WWN text box: Type a world wide name for a host node. NOTE You must also enter the host port world wide name before clicking Add to add the node WWN to the Selected Hosts table.
  • Page 869 Configuring encryption storage targets FIGURE 372 Name Container dialog box 10. Enter the container name. The container name is a logical encryption name to specify a name other than the default. You can use a maximum of 31 characters. Letters, digits, and underscores are allowed.
  • Page 870 Configuring encryption storage targets The Confirmation screen contains the following information: • Encryption Engine: The slot location of the encryption engine. • Container Name: The logical encryption name used to map storage targets and hosts to virtual targets and virtual initiators. •...
  • Page 871 Configuring encryption storage targets 13. Review any post-configuration instructions or messages, which you can copy to a clipboard or print for later, then click Next. The Next Steps screen displays. (Refer to Figure 375.) Post-configuration instructions for installing public key certificates for the encryption switch are displayed. These instructions are specific to the key vault type.

  • Page 872: Configuring Hosts For Encryption Targets

    Configuring hosts for encryption targets Configuring hosts for encryption targets Use the Encryption Target Hosts dialog box to edit (add or remove) hosts for an encrypted target. NOTE Hosts are normally selected as part of the Configure Switch Encryption wizard, but you can also edit hosts later using the Encryption Target Hosts dialog box.
  • Page 873 Configuring hosts for encryption targets FIGURE 377 Encryption Target Hosts dialog box NOTE Both the Hosts in Fabric table and the Selected Hosts table now contain a Port ID column to display the 24-bit PID of the host port. 4. Select one or more hosts in a fabric using either of the following methods: a.

  • Page 874: Adding Target Disk Luns For Encryption

    Adding target disk LUNs for encryption Adding target disk LUNs for encryption You can add a new path to an existing disk LUN or add a new LUN and path by launching the Add New Path wizard. NOTE Before you can add a target disk LUN for encryption, you must first configure the Storage Arrays. For more information, see “Configuring storage arrays”...
  • Page 875 Adding target disk LUNs for encryption • Encryption path table: Should be LUN/Path identified by the following: LUN Path Serial # Target Port Initiator Port Container Name Switch Name Fabric State Thin Provision LUN Encryption Mode Encrypt Existing Data Key ID •...
  • Page 876 Adding target disk LUNs for encryption 4. Select the target port from the Target Port table, then click Next. The Select Initiator Port dialog box displays. (Refer to Figure 380.) FIGURE 380 Select Initiator Port dialog box The dialog box is used to select an initiator port when configuring multiple I/O paths to a disk LUN.
  • Page 877 Adding target disk LUNs for encryption FIGURE 381 Select LUN dialog box The dialog box is used to select a LUN when configuring multiple I/O paths to a disk LUN. The dialog box contains the following information: • Storage Array The storage array selected from the LUN view prior to launching the Add New Path wizard.
  • Page 878 Adding target disk LUNs for encryption 9. Click Finish. The new LUN path is added to the Encryption Disk LUN View table. 10. Click OK on the LUN view to commit the operation. NOTE With the introduction of Fabric OS v7.1.0, the maximum number of uncommitted configuration changes per disk LUN (or maximum paths to a LUN) is 512 transactions.

  • Page 879: Configuring Storage Arrays

    Adding target disk LUNs for encryption Configuring storage arrays The storage array contains a list of storage ports that will be used later in the LUN centric view. You must assign storage ports from the same storage array for multi-path I/O purposes. On the LUN centric view, storage ports in the same storage array are used to get the associated CryptoTarget containers and initiators from the database.

  • Page 880: Srdf Pairs

    Adding target disk LUNs for encryption SRDF pairs Remote replication is implemented by establishing a synchronized pair of SRDF devices connected by FC or IP links. A local source device is paired with a remote target device while data replication is taking place.

  • Page 881: Adding Target Tape Luns For Encryption

    Adding target tape LUNs for encryption Note the following when using the New LUN option: • Both LUNs that form an SRDF pair must be added to their containers using the New LUN option. • For any site, all paths to a given SRDF device must be configured with the New LUN option. •...
  • Page 882 Adding target tape LUNs for encryption FIGURE 384 Encryption Targets dialog box 3. Select a target tape storage device from the Encryption Targets table, then click LUNs. The Encryption Target Tape LUNs dialog box displays. (Refer to Figure 385.) FIGURE 385 Encryption Target Tape LUNs dialog box 4.
  • Page 883 Adding target tape LUNs for encryption FIGURE 386 Add Encryption Target Tape LUNs dialog box 5. Select a host from the Host list. Before you encrypt a LUN, you must select a host, then either discover LUNs that are visible to the virtual initiator representing the selected host, or enter a range of LUN numbers to be configured for the selected host.

  • Page 884: Moving Targets

    Moving targets • Enable Write Early Ack: When selected, enables tape write pipelining on this tape LUN. Use this option to speed long serial writes to tape, especially for remote backup operations. • Enable Read Ahead: When selected, enables read pre-fetching on this tape LUN. Use this option to speed long serial read operations from tape, especially for remote restore operations.

  • Page 885: Multi-Path Environment

    Configuring encrypted tape storage in a multi-path environment Configuring encrypted tape storage in a multi-path environment This example assumes one host is accessing one storage device using two paths: • The first path is from Host Port A to Target Port A, using Encryption Engine A for encryption. •...

  • Page 886: Tape Lun Write Early And Read Ahead

    Tape LUN write early and read ahead Tape LUN write early and read ahead The tape LUN write early and read ahead feature uses tape pipelining and prefetch to speed serial access to tape storage. These features are particularly useful when performing backup and restore operations, especially over long distances.

  • Page 887: Tape Lun Statistics

    Tape LUN statistics FIGURE 388 Encryption Target Tape LUNs dialog box - Setting tape LUN read ahead and write early 4. In the Enable Write EarlyAck and Enable Read Ahead columns, when the table is populated, you can set these features as desired for each LUN: •...

  • Page 888: Viewing And Clearing Tape Container Statistics

    Tape LUN statistics Viewing and clearing tape container statistics You can view LUN statistics for an entire crypto tape container or for specific LUNs. To view or clear statistics for tape LUNs in a container, follow these steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 889: Specific Tape Luns

    Tape LUN statistics • Uncompressed blocks: The number of uncompressed blocks written to tape. • Compressed blocks: The number of compressed blocks written to tape. • Uncompressed Bytes: The number of uncompressed bytes written to tape. • Compressed Bytes: The number of compressed bytes written to tape. •...

  • Page 890: In A Container

    Tape LUN statistics 4. Select the LUN or LUNs for which to display or clear statistics, then click Statistics. The Tape LUN Statistics dialog box displays. (Refer to Figure 392.) The statistic results based on the LUN or LUNs you selected is displayed. Tape LUN statistics are cumulative. FIGURE 392 Tape LUN Statistics dialog box The dialog box contains the following information:...
  • Page 891 Tape LUN statistics NOTE You can also select a group, switch, or engine from the Encryption Center Devices table, then click the Targets icon. The Encryption Targets dialog box displays. (Refer to Figure 393.) A list of configured CryptoTarget containers is displayed. FIGURE 393 Encryption Targets dialog box 3.

  • Page 892: Encryption Engine Rebalancing

    Encryption engine rebalancing • Uncompressed Bytes: The number of uncompressed bytes written to tape. • Compressed Bytes: The number of compressed bytes written to tape. • Host Port WWN: The WWN of the host port that is being used for the write operation. 4.

  • Page 893: Rebalancing An Encryption Engine

    Master keys Rebalancing an encryption engine To re-balance an encryption engine, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select an engine, then select Engine > Re-Balance from the menu task bar. A warning message displays, noting the potential disruption of disk and tape I/O, and that the operation may take several minutes.

  • Page 894: Active Master Key

    Master keys Active master key The active master key is used to encrypt newly created data encryption keys (DEKs) prior to sending them to a key vault to be stored. You can restore the active master key under the following conditions: •...

  • Page 895: Saving The Master Key To A File

    Master keys • Create new master key: Enabled when no master key exists, or the previous master key has been backed up. Refer to “Creating a new master key” on page 849. You must create a new master key when the status is Required but not created. NOTE If a master key was not created, Not Used is displayed as the status and the Master Key Actions list is unavailable.

  • Page 896: Saving A Master Key To A Key Vault

    Master keys 6. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. Re-enter the passphrase for verification, then click OK. ATTENTION Save the passphrase. This passphrase is required if you ever need to restore the master key from the file.

  • Page 897: Saving A Master Key To A Smart Card Set

    Master keys 6. Re-enter the passphrase for verification, then click OK. A dialog box displays that shows the Key ID. The Key ID identifies the storage location in the key vault. Store both the Key ID and the passphrase in a secure place. Both will be required to restore the master key in the future.

  • Page 898: Restoring A Master Key From A File

    Master keys 8. Enter the mandatory last name and first name of the person to whom the card is assigned. 9. Enter a Card Password. 10. Re-enter the password for verification. 11. Record and store the password in a secure location. 12.

  • Page 899: Restoring A Master Key From A Key Vault

    Master keys FIGURE 398 Restore Master Key for Encryption Group dialog box - Restore from file 4. Choose the active or alternate master key for restoration, as appropriate. 5. Select File as the Restore From location. 6. Enter a file name, or browse to the desired location. Enter the passphrase.

  • Page 900: Restoring A Master Key From A Smart Card Set

    Master keys FIGURE 399 Restore Master Key for Encryption Group dialog box - Restore from key vault 4. Choose the active or alternate master key for restoration, as appropriate. 5. Select Key Vault as the Restore From location. 6. Enter the key ID of the master key that was backed up to the key vault. Enter the passphrase.

  • Page 901: Creating A New Master Key

    Master keys FIGURE 400 Restore Master Key for Encryption Group dialog box - Restore from smart cards 4. Choose the active or alternate master key for restoration, as appropriate. 5. Select A Recovery Set of Smart Cards as the Restore From location. 6.

  • Page 902: Security Settings

    Security settings Security settings Security settings help you identify if system cards are required to initialize an encryption engine and also determine the number of authentication cards needed for a quorum. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 903: Setting Zeroization

    Using the Encryption Targets dialog box NOTE Zeroizing an engine affects the I/Os, but all target and LUN configurations remain intact. Encryption target configuration data is not deleted. You can zeroize an encryption engine only if it is enabled (running), or disabled but ready to be enabled.

  • Page 904: Redirection Zones

    Redirection zones To access the Encryption Targets dialog box, complete the following steps. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select a group, switch, or engine from the Encryption Center Devices table, then select Group/Switch/Engine >...

  • Page 905: Disk Device Decommissioning

    Disk device decommissioning Disk device decommissioning A disk device needs to be decommissioned when any of the following occurs: • The storage lease expires for an array, and devices must be returned or exchanged. • Storage is reprovisioned for movement between departments. •...

  • Page 906: Decommissioning Disk Luns

    Disk device decommissioning Decommissioning disk LUNs Use the following procedure to decommission a disk LUN. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2. Select a group, switch, or engine from the Encryption Center Devices table that contains the storage device to be configured, then select Group/Switch/Engine >...
  • Page 907 Disk device decommissioning In order to delete keys from the key vault, you need to know the Universal ID (UUID). To display vendor-specific UUIDs of decommissioned key IDs, complete the following procedure: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 908: Universal Ids

    Rekeying all disk LUNs manually Displaying Universal IDs In order to delete keys from the key vaults, you need to know the Universal ID (UUID) associated with the decommissioned disk LUN key IDs. To display the Universal IDs, complete the following procedure: 1.

  • Page 909: Setting Disk Lun Re-Key All

    Rekeying all disk LUNs manually Setting disk LUN Re-key All To rekey all disk LUNs on an encryption node, complete these steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.

  • Page 910: Viewing Disk Lun Rekeying Details

    Rekeying all disk LUNs manually FIGURE 405 Pending manual rekey operations Viewing disk LUN rekeying details You can view details related to the rekeying of a selected target disk LUN from the LUN Re-keying Details dialog box. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.

  • Page 911: Viewing The Progress Of Manual Rekey Operations

    Rekeying all disk LUNs manually 4. Click Add. The Add Disk LUNs dialog box displays. This dialog box includes a table of all LUNs in the storage device that are visible to the hosts. 5. Click Re-keying Details. The LUN Re-keying Details dialog box displays. The dialog box contains the following information: •...
  • Page 912 Rekeying all disk LUNs manually FIGURE 407 Re-Key Sessions Status dialog box The dialog box contains the following information: • LUN #: The LUN number. • LUN Serial #: The LUN serial number. • Re-Key Session #: The number assigned to the rekeying session. •...

  • Page 913: Thin Provisioned Luns

    Thin provisioned LUNs 3. Click Refresh periodically to update the display. Thin provisioned LUNs With the introduction of Fabric OS 7.1.0, the switch can discover if a disk LUN is a thin provisioned LUN. Support for a thin provisioned LUN is limited to disk containers only. Thin provisioned LUNs can be created with the new LUN option.

  • Page 914: Viewing Time Left For Auto Rekey

    Viewing time left for auto rekey thin-provisioned LUNs results in an attempt by the encryption switch to overwrite data up to the size of the logical size of the thin-provisioned LUN, rather than limiting FTE/rekeying to the size of the physically allocated LUN size or to the data that has been written.

  • Page 915: Viewing And Editing Switch Encryption Properties

    Viewing and editing switch encryption properties FIGURE 408 Encryption Targets Disk LUNs dialog box - Time left for auto rekey Viewing and editing switch encryption properties To view switch encryption properties, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box.
  • Page 916 Viewing and editing switch encryption properties FIGURE 409 Encryption Switch Properties dialog box The dialog box contains the following information: • Switch Properties table: A list of properties associated with the selected switch • Name: The name of the selected switch •...
  • Page 917 Viewing and editing switch encryption properties • Encryption Group: The name of the encryption group to which the switch belongs • Encryption Group Status: Status options are: OK/Converged: the Group Leader can communicate with all members Degraded: the Group Leader cannot communicate with one or more members. The following operations are not allowed: key vault changes, master key operations, enable/disable encryption engines, Failback mode changes, HA Cluster creation or addition (removal is allowed), tape pool changes, and any configuration changes for...
  • Page 918 Viewing and editing switch encryption properties • Primary Key Vault Link Key Status/Backup Key Vault Link Key Status: Status options are: Not Used: The key vault type is not LKM/SSKM. No Link Keys, ready to establish: No access request has been sent to an LKM/SSKM, or a previous request was not accepted.

  • Page 919: From Properties

    Viewing and editing switch encryption properties • Re-Balance Recommended: Indicates if LUN rebalancing is recommended for an encryption engine that is hosting both disk and tape LUNs. Options are Yes and No. • System Card Status: The current status of system card information for the encryption engine.

  • Page 920: From Properties

    Viewing and editing encryption group properties Enabling and disabling the encryption engine state from Properties To enable the encryption engine, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 266 on page 694.) 2.

  • Page 921: General Tab

    Viewing and editing encryption group properties FIGURE 411 Encryption Group Properties dialog box The dialog box contains the following information: • General tab: For a description of the dialog box, refer to “General tab” on page 869. • Members tab: For a description of the dialog box, refer to “Members tab”...
  • Page 922 Viewing and editing encryption group properties FIGURE 412 Encryption Group Properties dialog box - General tab The dialog box contains the following information: • Encryption Group Name: The name of the encryption group. • Group Status: The status of the encryption group. Options are: OK-Converged: The Group Leader can communicate with all members.
  • Page 923 Viewing and editing encryption group properties • Key Vault Type: Options are: RSA Data Protection Manager (DPM): If an encryption group contains mixed firmware nodes, the Encryption Group Properties Key Vault Type name is based on the firmware version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or later, the Key Vault Type is displayed as “RSA Data Protection Manager (DPM).”If a switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as “RSA Key Manager (RKM)”.
  • Page 924 Viewing and editing encryption group properties • Backup Key Vault Connection Status: The status of the backup key vault link. Options are: Connected Unknown/Busy Not configured Not responding Failed authentication • High Availability Mode: (For KMIP key vault type.) Options are: Opaque: Both the primary and secondary key vaults are registered on the switch.

  • Page 925: Members Tab

    Viewing and editing encryption group properties Members tab The Members tab lists group switches, their role, and their connection status with the Group Leader. The table columns are not editable. The tab displays the configured membership for the group and includes the following: •...
  • Page 926 Viewing and editing encryption group properties FIGURE 413 Encryption Group Properties dialog box - Members tab Members tab Remove button You can click the Remove button to remove a selected switch or group from the encryption group table. • You cannot remove the Group Leader unless it is the only switch in the group. If you remove the Group Leader, the Management application also removes the HA cluster, the target container, and the tape pool (if configured) that are associated with the switch.

  • Page 927: Security Tab

    Viewing and editing encryption group properties The consequences of removing the last switch in a group (which will be the Group Leader) are all switch removal consequences noted above, plus the following: • The encryption group is deleted. • All configured tape pools are deleted. Table 67 explains the impact of removing switches.
  • Page 928 Viewing and editing encryption group properties FIGURE 414 Encryption Group Properties dialog box - Security tab The dialog box contains the following information: • Master Key Status: Displays the status of the master key. Possible values are: Not used: Displays when LKM/SSKM is the key vault. Required but not created: Displays when a master key needs to be created.

  • Page 929: Ha Clusters Tab

    Viewing and editing encryption group properties • Registered Authentication Cards table: Lists the registered authentication cards. Group Card #: The number of cards that are registered. Card ID: The card serial number. First Name and Last Name: The first and last name of the person assigned to the card. The names are identified when the authentication card is first registered.
  • Page 930 Viewing and editing encryption group properties • Non-HA Encryption Engines table: Displays a list of encryption engines that are not configured for high-availability clustering • High-Availability Clusters table: A list of encryption engines that have been selected for high-availability clustering. •...

  • Page 931: Link Keys Tab

    Viewing and editing encryption group properties Link Keys tab NOTE The Link Keys tab displays only if the key vault type is NetApp LKM/SSKM. Connections between a switch and an NetApp LKM/SSKM key vault require a shared link key. Link keys are used only with LKM/SSKM key vaults.

  • Page 932: Tape Pools Tab

    Viewing and editing encryption group properties FIGURE 416 Encryption Group Properties dialog box - Link Keys tab Tape Pools tab Tape pools are managed from the Tape Pools tab. From the Tape Pools tab, you can add, modify, and remove tape pools. •...
  • Page 933 Viewing and editing encryption group properties FIGURE 417 Encryption Group Properties dialog box - Tape Pools tab Tape pools overview Tape cartridges and volumes can be organized into a tape pool (a collection of tape media). The same data encryption keys are used for all cartridges and volumes in the pool. Tape pools are used by backup application programs to group all tape volumes used in a single backup or in a backup plan.
  • Page 934 Viewing and editing encryption group properties NOTE If groups are not visible in the Encryption Center Devices table, select View > Groups from the menu task bar. 3. Click Add. The Add Tape Pool dialog box displays. (Refer to Figure 418.) The Name tape pool label type is the default;...

  • Page 935: Engine Operations Tab

    Viewing and editing encryption group properties 6. Enter the number of days to use a key before obtaining a new one, if you choose to enforce a key lifespan. The default is Infinite (a blank field or a value of 0), which is the recommended setting.

  • Page 936: Encryption-Related Acronyms In Log Messages

    Encryption-related acronyms in log messages NOTE You cannot replace an encryption engine if it is part of an HA cluster. Encryption-related acronyms in log messages Fabric OS log messages related to encryption components and features may have acronyms embedded that require interpretation. Table 68 lists some of those acronyms.

  • Page 937: Zoning Overview

    Chapter Zoning In this chapter • Zoning overview ..........885 •...

  • Page 938: Types Of Zones

    Zoning overview Blue Zone Server 2 Server 1 Storage 2 Red Zone Storage 1 RAID Green Zone Storage 3 Server 3 FIGURE 421 Zoning NOTE Zone objects based on physical port number or port ID (D,I ports) are not supported in Network OS fabrics.

  • Page 939: Online Zoning

    Zoning overview • QoS zones Assign high or low priority to designated traffic flows. Quality of Service (QoS) zones are standard zones with additional QoS attributes that you select when you create the zone. • Traffic Isolation zones (TI zones) Isolate inter-switch traffic to a specific, dedicated path through the fabric.

  • Page 940: Zoning Naming Conventions

    Zone database size Zoning naming conventions The naming rules for zone names, zone aliases, and zone configuration names vary with the type of fabric. The following conventions apply: • Names must start with an alphabetic character and may contain alphanumeric characters and the underscore ( _ ) character.

  • Page 941: Zoning Configuration

    Zoning configuration Zoning configuration At a minimum, zoning configuration entails creating zones and zone members. However, you can also create zone aliases, zone configurations, and zone databases. You can define multiple zone configurations, deactivating and activating individual configurations as your needs change. Zoning configuration can also involve enabling or disabling the default zone.

  • Page 942: Viewing Zone Properties

    Zoning configuration 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4.

  • Page 943: Adding Members To A Zone

    Zoning configuration Adding members to a zone Use this procedure to add a member to a zone when the member is listed in the Potential Members list of the Zone DB tab. Enterprise and Professional Plus editions: For instructions to add a member to a zone when the member is not listed in the Potential Members list, refer to the procedure “Creating a member in a zone”...

  • Page 944: Creating A Member In A Zone

    Zoning configuration 9. Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Creating a member in a zone Use this procedure to add a member to a zone when the member is not listed in the Potential Members list of the Zone DB tab.

  • Page 945: Removing A Member From A Zone

    Zoning configuration Removing a member from a zone Use the following procedure to remove one or more members from a zone or zones. Note that the member is not deleted; it is only removed from the zone. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays.

  • Page 946: Deleting A Zone

    Zoning configuration Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Deleting a zone 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3.

  • Page 947: Customizing The Zone Member Display

    Zoning configuration 5. (Optional) Type a new name for the zone and press Enter to save the name. Depending on the characters included in the name you enter, a message may display informing you the name contains characters that are not accepted by some switch vendors. Click OK and enter a different name or accept the default name assigned to the zone.

  • Page 948: Creating A Zone Alias

    Zoning configuration 6. Make sure the appropriate fabric is named on the Zoning Policies dialog box. Perform one of the following actions based on the task you want to complete: • To enable the default zone, click Enable, and then click OK. •...

  • Page 949: Editing A Zone Alias

    Zoning configuration Editing a zone alias 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Zone DB tab if that tab is not automatically displayed. 3. Select a fabric from the Zoning Scope list. 4.

  • Page 950: Exporting Zone Aliases

    Zoning configuration 6. Select one or more objects that you want to remove from the alias in the Alias list. (Press SHIFT or CTRL and click each member to select more than one member.) You can select objects from different zone aliases. Right-click one of the selected objects and select Remove.

  • Page 951: Duplicating A Zone Alias

    Zoning configuration 3. Select a fabric from the Zoning Scope list. 4. Select Alias from the Type list. 5. Right-click the zone alias you want to delete and select Delete. 6. Click Yes on the confirmation message. The selected zone alias is deleted from the Alias list. Click OK or Apply on the Zoning dialog box to save your changes.

  • Page 952: Viewing Zone Configuration Properties

    Zoning configuration Add zones to the zone configuration. For step-by-step instructions, refer to “Adding zones to a zone configuration” on page 900. 8. Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Viewing zone configuration properties 1.

  • Page 953: Removing A Zone

    Zoning configuration Removing a zone from a zone configuration Use the following procedure to remove a zone from a zone configuration. Note that the zone is not deleted; it is only removed from the zone configuration. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays.

  • Page 954: Deactivating A Zone Configuration

    Zoning configuration 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. (Optional) Select a zone database from the Zone DB list (Enterprise and Professional Plus editions only).

  • Page 955: Renaming A Zone Configuration

    Zoning configuration • The selected fabric is not supported by the Management application. • The selected fabric is no longer discovered. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Click the Active Zone Configuration tab. 3.

  • Page 956: Duplicating A Zone Configuration

    Zoning configuration 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Select one or more zone configurations in the Zone Configurations list that you want to delete, then right-click and select Delete.

  • Page 957: Creating An Offline Zone Database

    Zoning configuration 6. Click OK or Apply to save your changes. Any zones or zone configurations you have changed are saved in the zone database. Creating an offline zone database Offline zone databases are supported only in Enterprise and Professional Plus editions. Use this procedure to create a zone database and save it offline.

  • Page 958: Deleting An Offline Zone Database

    Zoning configuration Deleting an offline zone database 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning databases for the selected entity.

  • Page 959: Merging Two Zone Databases

    Zoning configuration 5. If the active zone configuration names are the same in each fabric, then load the offline repository, and activate the zone configuration on each fabric. 6. If the active configuration names are different in each fabric, rename the zone configurations to be the same, and copy the zones.
  • Page 960 Zoning configuration 4. Select a database from the Editable Zone DB list. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases. In the Editable Zone DB area, each element type and element display with an icon indicator (Table 69) to show the...

  • Page 961: Zone Databases

    Zoning configuration Creating a common active zone configuration in two fabrics Before you can merge two fabrics, the defined and active zone configurations in both fabrics must match. Refer to “Merging two zone databases” on page 907 for instructions on how to merge the zone databases in two fabrics.

  • Page 962: Exporting An Offline Zone Database

    Zoning configuration Exporting an offline zone database NOTE You cannot export an online zone database. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2. Select an offline zone database from the Zone DB list. 3. Select Export from the Zone DB Operation list. The Export Zone DB dialog box displays.

  • Page 963: Lsan Zones

    LSAN zones LSAN zones Connecting to another network through a Fibre Channel (FC) router, you can create an LSAN zone to include zone objects on other fabrics. No merging takes place across the FC router when you create an LSAN zone. Supported configurations for LSAN zoning LSAN zoning is available only for backbone fabrics and any directly connected edge fabrics.

  • Page 964: Creating An Lsan Zone

    LSAN zones 8. Review the information in the Activate LSAN Zones dialog box. LSAN zones that contain online members are automatically included in the Destination Fabrics list. For LSAN zones that contain offline members, you can click the right arrow button to assign these zones to fabrics in the Destination Fabrics list.

  • Page 965: Adding Members To The Lsan Zone

    LSAN zones 9. Click OK to activate the LSAN zones. A message displays informing you about the effects of LSAN zone activation and asking whether you want to proceed. Click Yes to confirm the activation, or click No to cancel the activation.

  • Page 966: Creating A New Member In An Lsan Zone

    LSAN zones 9. Click OK to activate the LSAN zones. A message displays informing you about the effects of LSAN zone activation and asking whether you want to proceed. Click Yes to confirm the activation, or click No to cancel the activation.

  • Page 967: Activating Lsan Zones

    LSAN tagging 10. Click OK to continue. All LSAN zones are activated on the selected fabrics and saved to their respective zone databases. 11. Click OK to close the Zoning dialog box. Activating LSAN zones 1. Select a backbone fabric from the Connectivity Map or Product List. 2.

  • Page 968: Traffic Isolation Zones

    Traffic Isolation zones Traffic Isolation zones A Traffic Isolation zone (TI zone) is a special zone that isolates inter-switch traffic to a specific, dedicated path through the fabric. A TI zone contains a list of E_Ports, followed by a list of N_Ports. When the TI zone is activated, the fabric attempts to isolate all inter-switch traffic between N_Ports to only those E_Ports that have been included in the zone.

  • Page 969: Configuring Traffic Isolation Zoning

    Traffic Isolation zones • 8 Gbps 40-port Switch (Brocade VA-40FC) • 16 Gbps 4-slot Backbone Chassis (Brocade DCX 8510-4) • 16 Gbps 8-slot Backbone Chassis (Brocade DCX 8510-8) • 8-slot Backbone Chassis (Brocade DCX) • 4-slot Backbone Chassis (Brocade DCX-4S) •...

  • Page 970: Creating A Traffic Isolation Zone

    Traffic Isolation zones 8. Click OK or Apply to save your changes. The Traffic Isolation zones are saved, but are not activated. The Traffic Isolation zones are activated when you activate a zone configuration in the same zone database. Creating a Traffic Isolation zone Traffic Isolation zones are configurable only on a Fabric OS device.

  • Page 971: Enabling A Traffic Isolation Zone

    Traffic Isolation zones 4. (Optional) If you want to show all discovered fabrics in the Potential Members list, right-click in the Potential Members list and select Display All. 5. Select one or more Traffic Isolation zones to which you want to add members in the Zones list. (Press SHIFT or CTRL and click each zone name to select more than one zone.) 6.

  • Page 972: Disabling A Traffic Isolation Zone

    Traffic Isolation zones Disabling a Traffic Isolation zone NOTE Traffic Isolation zones are configurable only on a Fabric OS device. Traffic Isolation zones are enabled by default when you create them. Use this procedure to disable a Traffic Isolation zone. To apply the settings and deactivate the zone, you must activate a zone configuration in the same zone database.

  • Page 973: Boot Lun Zones

    Boot LUN zones • If you create a TI zone with E_Ports only, failover must be enabled. If failover is disabled, the specified ISLs will not be able to route any traffic. • Ensure that there are multiple paths between switches. Disabling failover locks the specified route so that only TI zone traffic can use it.

  • Page 974: Modifying A Boot Lun Zone

    Boot LUN zones 4. Launch the New Boot LUN Zone dialog box by performing one of the following options: • Select New Boot LUN Zone from the New Zone list. • Right-click a zone in the Zones list and select New Boot LUN Zone. The New Boot LUN Zone dialog box displays.

  • Page 975: Deleting A Boot Lun Zone

    Zoning administration A message displays that a Boot LUN zone already exists and asks whether you want to overwrite the existing zone. 9. Click Yes. The existing Boot LUN zone is replaced by the version you just created. Deleting a Boot LUN zone Boot LUN zones are deleted the same way that standard zones are deleted.
  • Page 976 Zoning administration FIGURE 423 Compare/Merge Zone DBs dialog box 3. Select a database from the Reference Zone DB list. 4. Select a database from the Editable Zone DB list. The Reference Zone DB and Editable Zone DB areas display all available element types (zone configurations, zones, and aliases) for the two selected zone databases.

  • Page 977: Managing Zone Configuration Comparison Alerts

    Zoning administration Select the Differences only check box to display only the differences between the selected databases. 8. Select the Sync Scroll Enable check box to synchronize scrolling between the selected databases. 9. Click Previous or Next to navigate line-by-line in the Editable Zone DB area. 10.

  • Page 978: Clearing The Fabric Zone Database

    Zoning administration 3. Enter the maximum number of zone database changes that can be made for that fabric before a zone configuration is activated. To set a limit, enter a positive integer. To allow unlimited changes, enter 0. 4. Repeat step 2 step 3 for each fabric on which you want to set limits.

  • Page 979: Finding A Member In One Or More Zones

    Zoning administration 3. Select a zone database that you have checked out (your user name is in the Current User column) in the Zone DB list. 4. Select Undo CheckOut from the Zone DB Operation list. 5. Click Yes in the confirmation message. This removes the user names of users currently logged in to the client from the Current User column for this zone database.

  • Page 980: Finding Zones In A Zone Configuration

    Zoning administration Finding zones in a zone configuration Use this procedure to locate all instances of a zone in the Zone Configurations list on the Zone DB tab. 1. Select Configure > Zoning > Fabric. The Zoning dialog box displays. 2.

  • Page 981: Listing Un-Zoned Members

    Zoning administration 3. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 4. Right-click in the Potential Members list and select List Zone Members. The List Zone Members dialog box displays.

  • Page 982: Replacing Zone Members

    Zoning administration 5. Click OK on the Offline Device Management dialog box. A warning message displays informing you that the selected zone members will be replaced from all zones and aliases in the selected zone DB. 6. Click OK on the message. Click OK or Apply on the Zoning dialog box to save your changes.

  • Page 983: Replacing An Offline Device By Name

    Zoning administration 2. Select a fabric from the Zoning Scope list. This identifies the target entity for all subsequent zoning actions and displays the zoning database for the selected entity. 3. Select Offline Utility from the Zone DB Operation list. The Offline Device Management dialog box displays.
  • Page 984 Zoning administration 8. Click OK on the Offline Device Management dialog box. A warning message displays informing you that the selected zone members will be removed from all zones and aliases in the selected zone DB. 9. Click OK on the message. 10.

  • Page 985: Fibre Channel Over Ip

    Chapter Fibre Channel over IP In this chapter • FCIP services licensing ......... 934 •...

  • Page 986: Fcip Services Licensing

    FCIP services licensing FCIP services licensing Most of the FCIP extension services described in this chapter require the High Performance Extension over FCIP/FC license. FICON emulation features require additional licenses. The following features and licensing apply to the 8 Gbps Extension platforms. •...

  • Page 987: Fcip Platforms And Supported Features

    FCIP platforms and supported features FCIP platforms and supported features The following Fabric OS platforms that support FCIP: • The 8 Gbps Extension Switch. • The 8 Gbps Extension blade (8-slot Backbone Chassis, 4-slot Backbone Chassis). NOTE The 8 Gbps Extension blade is supported in 16 Gbps Backbone and Director Chassis, IPv6 addressing is not supported in conjunction with IPsec on all platforms in Fabric OS version v7.0, but will be supported in a later version.Table 70...

  • Page 988: Fcip Trunking

    FCIP trunking The way FCIP tunnels and virtual ports map to the physical GbE ports depends on the switch or blade model. The 8 Gbps Extension Switch and 8 Gbps Extension Blade tunnels are not tied to a specific GbE port, and may be assigned to any virtual port within the allowed range. The mapping of GbE ports to tunnels and virtual port numbers is summarized in Table TABLE 71...

  • Page 989: Emulation Features

    FCIP trunking FCIP tunnel restrictions for FCP and FICON emulation features Multiple FCIP tunnels are not supported between pairs of Extension Switches and Blades when any of the FICON or FCP emulation features are enabled on the tunnel unless TI Zones or LS/LF configurations are used to provide deterministic flows between the switches.

  • Page 990: Fcip Circuit Failover Capabilities

    FCIP trunking FCIP circuit failover capabilities Each FCIP circuit is assigned a metric, which is used in managing failover for FC traffic. Typically, the metric will be either 0 or 1. If a circuit fails, FCIP Trunking tries first to retransmit any pending send traffic over another lowest metric circuit.

  • Page 991: Circuit Failover Grouping

    FCIP trunking The following actions occur during circuit failures: • If either circuit 0 or circuit 1 fails, traffic flows over the remaining circuit while the failed circuit is being recovered. The available bandwidth is still considered to be 1.5 Gbps. •...
  • Page 992 FCIP trunking • A valid failover group requires at least one metric 0 circuit and at least one metric 1 circuit. If you do not configure these, a warning will display. If there is no metric 0 circuit and only a metric 1 circuit, the metric 1 circuit will be used, regardless of whether there are metric 0 circuits in another failover group.
  • Page 993 FCIP trunking Table 74 illustrates circuit failover in a tunnel with circuits in failover groups and circuits that are not part of failover groups. In this configuration, all data is initially load balanced over circuit.1, circuit 2, and circuit 3 (when they are all active). The following occurs during circuit failover: •...

  • Page 994: Adaptive Rate Limiting

    Adaptive Rate Limiting Adaptive Rate Limiting Adaptive Rate Limiting (ARL) is performed on FCIP tunnel connections to change the rate in which the FCIP tunnel transmits data through the TCP connections. This feature is available only on the 8 Gbps Extension Switches and 8 Gbps Extension Blades. ARL uses information from the TCP connections to determine and adjust the rate limit for the FCIP tunnel dynamically.

  • Page 995: Configuring Qos Priorities

    QoS SID/DID priorities over an FCIP trunk External User Perspective Internal Architecture VE Port Tunnel High Priority Med. Priority Low Priority F-Class Virtual Virtual Virtual Virtual Tunnel Tunnel Tunnel Tunnel Virtual Virtual Virtual Virtual Circuit Circuit Circuit Circuit Circuit Connection Connection Connection Connection...

  • Page 996: Ipsec And Ike Implementation Over Fcip

    IPsec and IKE implementation over FCIP 4. Click Advanced Settings. The Advanced Settings dialog box is displayed. This dialog box has a Transmission tab, Security tab, and FICON Emulation tab. Configure QoS percentages on the Transmission tab (Figure 428). FIGURE 428 Advanced Settings Transmission Tab 5.

  • Page 997: Ipsec For The 4 Gbps Platforms

    IPsec and IKE implementation over FCIP IPsec for the 4 Gbps platforms IPsec uses some terms that you should be familiar with before beginning your configuration. These are standard terms, but are included here for your convenience. Term Definition Advanced Encryption Standard. FIPS 197 endorses the Rijndael encryption algorithm as the approved AES for use by US Government organizations and others to protect sensitive information.

  • Page 998: Ipsec For The 8 Gbps Platforms

    QOS, DSCP, and VLANs IPSec for the 8 Gbps platforms The 8 Gbps platforms use AES-GCM-ESP as a single, pre-defined mode of operation for protecting all TCP traffic over an FCIP tunnel. AES-GCM-ESP is described in RFC-4106. Key features are listed below: •...

  • Page 999: Dscp Quality Of Service

    QOS, DSCP, and VLANs DSCP quality of service Layer three class of service DiffServ Code Points (DSCP) refers to a specific implementation for establishing QoS policies as defined by RFC2475. DSCP uses six bits of the Type of Service (TOS) field in the IP header to establish up to 64 different values to associate with data traffic priority.

  • Page 1000: Open Systems Tape Pipelining

    Open systems tape pipelining TABLE 75 Default Mapping of DSCP priorities to L2Cos Priorities (Continued) DSCP priority/bits L2CoS priority/bits Assigned to: 47 / 101111 4 / 100 High QoS 51 / 110011 4 / 100 High QoS 55 / 110111 4 / 100 High QoS 59 / 111011...

This manual is also suitable for:

Network advisor 12.3.0

Table of Contents