FICON Administrator's Guide v6.4.0 (53-1001771-01, June 2010)

FICON Administrator’s Guide 11

53-1001771-01

Access Control in FICON

Error reporting

Non-implicit (such as NOS recognized or bit error rate threshold exceeded) and implicit (FRU failure)

link incidents are reported to registered listeners on the local switch. The RMF 74-7 record (FICON

Director Activity Report, which is the same RMF Record containing the average frame pacing delay

info) reports port errors, which in turn are also reported back to the mainframe host management

consoles.

Secure access control

Binding is a method used to prevent devices from attaching to the switch. Secure Access Control

List (ACL) provides the following fabric, switch, and port binding features:

- Fabric binding is a security method for restricting switches within a multiple-switch fabric.

Use an SCC policy to prevent unauthorized switches from joining a fabric.

- Switch binding is a security method for restricting devices that connect to a particular

switch. If the device is another switch, this is handled by the SCC policy. If the device is a

host or storage device, the Device Connection Control (DCC) policy binds those devices to

a particular switch. Policies range from completely restrictive to reasonably flexible, based

upon customer needs.

SCC ACL with strict fabric-wide consistency is necessary for FICON switch binding.

- Port binding is a security method for restricting host or storage devices that connect to

particular switch ports. The DCC policy also binds device ports to switch ports. Policies

range from completely restrictive to reasonably flexible, based on customer needs.

Figure 8 on page 12 demonstrates the three types of binding you can use depending on the

security requirements of your fabric.