Brocade Network Advisor SAN User Manual v12.0.0 (53-1002696-01, April 2013)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software

53-1002696-01

17 December 2012

Brocade Network Advisor

SAN User Manual

Supporting Network Advisor 12.0.0

Summary of content (1505 pages)

PAGE 1
53-1002696-01 17 December 2012 Brocade Network Advisor SAN User Manual Supporting Network Advisor 12.0.
PAGE 2
Copyright © 2010-2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, MLX, SAN Health, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
PAGE 3
Contents Contents About This Document In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . xxxvii What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
Connecting to the database using the ODBC client (Linux systems) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Changing the database user password . . . . . . . . . . . . . . . . . . . 23 Supported open source software products. . . . . . . . . . . . . . . . . . . . 24 SAN feature-to-firmware requirements . . . . . . . . . . . . . . . . . . . . . . . 27 Chapter 2 Licenses Licenses overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Managed count . . . .
PAGE 5
Host discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Discovering Hosts by Network address or host name . . . . . . . 59 Importing Hosts from a CSV file . . . . . . . . . . . . . . . . . . . . . . . . . 61 Importing Hosts from a Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Importing Hosts from a VM manager . . . . . . . . . . . . . . . . . . . . .64 Editing Host adapter credentials . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
Flyover settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Configuring flyovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Turning flyovers on or off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Viewing flyovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 SAN name settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Setting names to be unique .
PAGE 7
Accepting changes for all fabrics . . . . . . . . . . . . . . . . . . . . . . .134 Accepting changes for a switch, access gateway, or phantom domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Chapter 6 User Account Management Users overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137 Configuration requirements . . . . . . . . . . . . . . . . . . . . . . . . . . .137 Viewing configured users . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
User profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Viewing your user profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Editing your user profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Changing your password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Viewing your password policy . . . . . . . . . . . . . . . . . . . . . . . . . .163 Resetting optional messages . . . . . . . . . . . . . . . . .
PAGE 9
Chapter 8 Dashboard Management Dashboard overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Dashboard tab overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Dashboard toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191 Customizing the dashboard displays . . . . . . . . . . . . . . . . . . . .191 General functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 Exporting the dashboard display . . .
PAGE 10
Chapter 9 View Management In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237 SAN tab overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237 SAN main toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239 View All list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Port Display buttons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
Grouping on the topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Collapsing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Expanding groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Viewing connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Configuring custom connections . . . . . . . . . . . . . . . . . . . . . . . 271 Deleting a custom connection configuration . . . . . . . . . . . .
PAGE 12
Restarting all services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292 Changing the database password . . . . . . . . . . . . . . . . . . . . . .292 Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293 Viewing server port numbers . . . . . . . . . . . . . . . . . . . . . . . . . .293 AAA Settings tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294 Configuring Radius server authentication . . . . . . .
PAGE 13
Firmware management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Downloading firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Displaying the firmware repository . . . . . . . . . . . . . . . . . . . . . .347 Importing a firmware file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348 Deleting a firmware file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349 Frame viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 14
Enabling port auto disable on all ports on a device . . . . . . . .383 Disabling port auto disable on individual ports . . . . . . . . . . . .384 Disabling port auto disable on all ports on a device . . . . . . . .385 Unblocking ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Chapter 13 Host Port Mapping In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387 Host port mapping overview. . . . . . . . . . . . . . . . . . . . .
PAGE 15
Host adapter discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408 VM Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408 Adding a VM Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408 Editing a VM Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409 Deleting a VM Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 16
FCoE protocols supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437 Ethernet link layer protocols supported . . . . . . . . . . . . . . . . . .437 FCoE protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437 FCoE licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438 Save running configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438 Copying switch configurations to selected switches .
PAGE 17
802.1x authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 Enabling 802.1x authentication . . . . . . . . . . . . . . . . . . . . . . . . 471 Disabling 802.1x authentication . . . . . . . . . . . . . . . . . . . . . . . 471 Setting 802.1x parameters for a port. . . . . . . . . . . . . . . . . . . . 471 Switch, port, and LAG deployment . . . . . . . . . . . . . . . . . . . . . . . . . .473 Deploying DCB product, port, and LAG configurations . . . . . .
PAGE 18
Chapter 19 Virtual Fabrics Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511 Terminology for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . .512 Virtual Fabrics requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512 Configuring Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Enabling Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515 Disabling Virtual Fabrics .
PAGE 19
Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . .546 Uploading the CA certificate onto the DPM appliance (and first-time configurations) . . . . . . . . . . . . . . . . .546 Uploading the KAC certificate onto the DPM appliance (manual identity enrollment) . . . . . . . . . . . . . . . . . .548 DPM key vault high availability deployment . . . . . . . . . . . . . . .548 Loading the CA certificate onto the encryption group leader . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 20
Steps for connecting to a KMIP appliance (SafeNet KeySecure). . 574 Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575 Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . .577 Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582 Signing the encryption node KAC CSR on KMIP . . . . . . . . . . .
PAGE 21
Enabling and disabling tape LUN write early and read ahead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .662 Tape LUN statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .664 Viewing and clearing tape container statistics . . . . . . . . . . . .664 Viewing and clearing tape LUN statistics for specific tape LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 22
HA Clusters tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .705 Link Keys tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .707 Tape Pools tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .708 Engine Operations tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 Encryption-related acronyms in log messages . . . . . . . . . . . . . . . . 712 Chapter 21 Zoning Zoning overview. . . . . . . . . . . .
PAGE 23
Exporting an offline zone database . . . . . . . . . . . . . . . . . . . . .737 Importing an offline zone database . . . . . . . . . . . . . . . . . . . . .738 Rolling back changes to the offline zone database . . . . . . . .738 LSAN zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738 Supported configurations for LSAN zoning . . . . . . . . . . . . . . .738 Configuring LSAN zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 24
FCIP trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .762 Design for redundancy and fault tolerance . . . . . . . . . . . . . . .763 FCIP tunnel restrictions for FCP and FICON emulation features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .763 FCIP Trunk configuration considerations . . . . . . . . . . . . . . . . .763 FCIP circuit failover capabilities . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 25
Disabling FCIP circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .793 Enabling FCIP circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .793 Deleting FCIP Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .794 Displaying FCIP performance graphs. . . . . . . . . . . . . . . . . . . . . . . .794 Displaying performance graphs for FC ports . . . . . . . . . . . . . .794 Displaying FCIP performance graphs for Ethernet ports. . . .
PAGE 26
Unblocking a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .822 Avoiding port fencing inheritance . . . . . . . . . . . . . . . . . . . . . . .822 Editing thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .823 Editing a C3 Discard Frames threshold . . . . . . . . . . . . . . . . . .823 Editing an Invalid CRCs threshold. . . . . . . . . . . . . . . . . . . . . . .823 Editing an Invalid Words threshold . . . . . . . . . . . . . . . . . . . . . .
PAGE 27
Chapter 26 VLAN Management VLAN Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .853 Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .853 Super-aggregated VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .853 Configuration requirements for VLAN Manager . . . . . . . . . . .854 Displaying a list of VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .854 VLAN management in a VCS environment . . . . . .
PAGE 28
Chapter 28 Fibre Channel Troubleshooting In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .881 FC troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .881 Tracing FC routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .882 Troubleshooting device connectivity. . . . . . . . . . . . . . . . . . . . .883 Confirming Fabric Device Sharing. . . . . . . . . . . . . . . . . . . . . . .
PAGE 29
Inheriting alert parameters from a switch . . . . . . . . . . . . . . . .926 Copying alert parameters from one switch or port to another . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926 Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . .927 Displaying devices that could be affected by an F_ or FL_Port bottleneck . . . . . . . . . . . . . . . . . . . . . . . . . . .928 Disabling bottleneck detection . . . . . . . . . . . . . . . . . . . .
PAGE 30
Viewing a policy monitor report . . . . . . . . . . . . . . . . . . . . . . . . . . . .969 Exporting a policy monitor report . . . . . . . . . . . . . . . . . . . . . . . 971 Viewing historical reports for all policy monitors . . . . . . . . . . . . . .972 Viewing historical reports for a policy monitor . . . . . . . . . . . . . . . .972 Chapter 32 Fault Management Fault management overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .973 Event notification . . . . . . . . . . . . . . . . .
PAGE 31
Setting pseudo event policies . . . . . . . . . . . . . . . . . . . . . . . . .1011 Filtering pseudo event traps . . . . . . . . . . . . . . . . . . . . . . . . . .1012 Creating a pseudo event definition by copying an existing definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1014 Editing a pseudo event definition . . . . . . . . . . . . . . . . . . . . . .1014 Deleting a pseudo event . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 32
Viewing the technical support repository . . . . . . . . . . . . . . . 1046 Saving technical support information to another location . .1047 E-mailing technical support information . . . . . . . . . . . . . . . 1048 Copying technical support information to an external FTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1048 Deleting technical support files from the repository . . . . . . 1049 Upload failure data capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 33
Product events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095 IP Performance monitoring events. . . . . . . . . . . . . . . . . . . . . . . . 1095 Appendix D User Privileges About user privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1097 About Roles and Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . .1114 Appendix E Device Properties SAN device properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 34
Appendix H Database Fields Database tables and fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1157 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1360 ADAPTER_PORT_CONFIG_INFO . . . . . . . . . . . . . . . . . . . . . . 1360 AG_CONNECTION_INFO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1360 BOOT_IMAGE_FILE_DETAILS_INFO . . . . . . . . . . . . . . . . . . . . 1361 CNA_ETH_PORT_CONFIG_INFO . . . . . . . . . . . . . . . . .
PAGE 35
PORT_PROFILE_MAC_INFO . . . . . . . . . . . . . . . . . . . . . . . . . . 1394 SFLOW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1395 SFLOW_MINUTE_L3_VIEW . . . . . . . . . . . . . . . . . . . . . . . . . . 1396 SFLOW_MINUTE_MAC_VIEW . . . . . . . . . . . . . . . . . . . . . . . . . .1397 SCOM_EE_MONITOR_INFO . . . . . . . . . . . . . . . . . . . . . . . . . . 1398 SENSOR_INFO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 36
xxxvi Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 37
About This Document In this chapter • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii • Additional information . . . . . . . . . . . .
PAGE 38
• Chapter 14, “Storage Port Mapping,” provides instructions about how to create and assign properties to a storage device. • • • • Chapter 15, “Host Management,” provides information on how to configure an HBA. Chapter 16, “Fibre Channel over Ethernet,” provides information on how to configure FCoE. Chapter 17, “Security Management,” provides security configuration instructions. Chapter 18, “FC-FC Routing Service Management,” provides information on how to manage Fibre Channel Routing.
PAGE 39
Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some devices but not to others, this guide identifies exactly which devices are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for Network Advisor 12.0.X, documenting all possible configurations and scenarios is beyond the scope of this document.
PAGE 40
TABLE 1 Fabric OS-supported hardware Device name Terminology used in documentation Brocade 200E switch 16-port, 4 Gbps FC Switch Brocade 300 switch 24-port, 8 Gbps FC Switch Brocade 4012 switch Embedded 12-port, 4 Gbps FC Switch Brocade 4016 switch Embedded 16-port, 4 Gbps FC Switch Brocade 4018 switch Embedded 18-port, 4 Gbps FC Switch Brocade 4020 switch Embedded 20-port, 4 Gbps FC Switch Brocade 4024 switch Embedded 24-port, 4 Gbps FC Switch Brocade 4100 switch 32-port, 4 Gbps FC Switc
PAGE 41
TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required Brocade 1860 Fabric Adapter 16 Gbps FC HBA mode 10 Gbps CNA mode 10 Gbps NIC mode Adapter Software 3.0.0.0 or later Brocade 1867 HBA 16 Gbps Mezzanine HBA Adapter Software 3.0.3.
PAGE 42
TABLE 1 Fabric OS-supported hardware (Continued) Device name Terminology used in documentation Firmware level required Brocade DCX 8510-81, 2 16 Gbps 8-slot Backbone Chassis Fabric OS v7.0.0 or later Brocade Encryption Switch 8 Gbps Encryption Switch Fabric OS v6.1.
PAGE 43
- Port Group Support (VLAN Management) Database tables                                            MEASURE PM_COLLECTOR_MEASURE_SETTING PM_COLLECTOR_TARGET_SETTING PM_DASHBOARD_WIDGET PM_DATA_COLLECTOR PM_WIDGET_MEASURE_TYPE PM_WIDGET_MONITOR_TYPE PM_WIDGET_TARGET_ENTRY PM_WIDGET_TIME_SERIES_ENTRY PM_WIDGET_TOP_N_COLLECTOR_ENTRY PM_WIDGET_USER_ENTRY GRE_TUNNEL_INTERFACE TIME_SERIES_DATA TIME_SERIES_DATA_1DAY TIME_SERIES_DATA_2HOUR TIME_SERIES_DATA_30MIN POLICY_RUL
PAGE 44
VM_DATASTORE_DETAILS VM_VIRTUAL_MACHINE_DATASTORE_MAP  PM_COLLECTOR_TIME_SERIES_MAPPING  DEVICE_CONNECTION  WIRELESS_PRODUCT_DETAILS  WIRELESS_PRODUCT_RELATION  MAPS_EVENT  MAPS_EVENT_DETAILS  PM_STATS_AGING_POLICY  ENCRYPTION_KMIP_PARAMETERS  PORT_COMMISSION_CIMOM_SERVER  DISK_USAGE  HYPER_V_VIRTUAL_MACHINE  HYPER_V_VM_HBA_PORT_MAP  CNA_ETH_PORT_CONFIG  MAPS_EVENT_CAUSE_ACTION  DEPLOYMENT_REPORT_TEMPLATE Information that was changed:   • - Dashboard Firmware Management Client and server
PAGE 45
Document conventions This section describes text formatting conventions and important notice formats used in this document.
PAGE 46
Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only. Corporation Referenced trademarks and products Linus Torvalds Linux Microsoft Corporation Windows, Windows NT, Internet Explorer Netscape Communications Corporation Netscape Red Hat, Inc.
PAGE 47
Other industry resources For additional resource information, visit the Technical Committee T11 website. This website provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.
PAGE 48
• Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the switch • Brocade 7600—On the bottom of the chassis • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX and DCX-4S—On the bottom right on the port side of the chassis 4. World Wide Name (WWN) Use the licenseIdShow command to display the WWN of the chassis.
PAGE 49
Chapter Getting Started 1 In this chapter • User interface components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Management server and client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 • Accessibility features for the Management application . . . . . . . . . . . . . . . . 16 • PostgreSQL database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 • Supported open source software products . . . . .
PAGE 50
1 User interface components 1 2 3 4 FIGURE 1 Main window 1. Menu bar. Lists commands you can perform on the Management application. The available commands vary depending on which tab (SAN or Dashboard) you select. For a list of available commands, refer to Appendix A, “Application menus”. 2. Toolbar. Provides buttons that enable quick access to dialog boxes and functions. The available buttons vary depending on which tab (SAN or Dashboard) you select.
PAGE 51
Management server and client 1 Management server and client The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores device-related information; it does not have a user interface. To view information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines. If you are running Professional, the server and the client must be on the same machine.
PAGE 52
1 Management server and client 7. Click OK on the Login Banner dialog box. The Management application displays. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. Launching a remote client To launch a remote client, complete the following steps. 1. Open a web browser and enter the IP address of the Management application server in the Address bar.
PAGE 53
Management server and client 1 Clearing previous versions of the remote client The remote client link in the Start menu does not automatically upgrade when you upgrade the Management application. You must clear the previous version from the Java cache. To clear the Java cache, complete the following steps. 1. Select Start > Settings > Control Panel > Java. The Java Control Panel dialog box displays. 2. Click View on the General tab. The Java Cache Viewer dialog box displays. 3.
PAGE 54
1 Management server and client 4. Complete the following steps on the FTP/SCP/SFTP Server screen. a. Choose one of the following options: • Select Built-in FTP/SCP/SFTP Server to configure an internal FTP/SCP/SFTP server and select one of the following options: - Select Built-in FTP Server to configure an internal FTP server The internal FTP server uses a default account and port 21. You can configure your own account from the Options dialog box.
PAGE 55
Management server and client a. Select an address from the Server IP Configuration list. b. Select an address from the Switch - Server IP Configuration Preferred Address list. 1 NOTE If the “hostname” contains invalid characters, the host name does not display in the list. Valid characters include alphanumeric and dash (-) characters. The IP address is selected by default. If the an IPv6 address is selected, server start up will fail.
PAGE 56
1 Management server and client d. Enter a port number in the Starting Port Number field (default is 24600). NOTE For Professional software, the server requires 15 consecutive free ports beginning with the starting port number. NOTE For Trial and Licensed software, the server requires 18 consecutive free ports beginning with the starting port number. e. Enter a port number in the Syslog Port Number field (default is 514).
PAGE 57
Management server and client 1 11. Enter your user name and password. The defaults are Administrator and password, respectively. NOTE Do not enter Domain\User_Name in the User ID field for LDAP server authentication. 12. Click Login. 13. Click OK on the Login Banner. NOTE When you launch the Management application or navigate to a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading.
PAGE 58
1 Management server and client Disconnecting users To disconnect a user, complete the following steps. 1. Select Server > Active Sessions. The Active Sessions dialog box displays. 2. Select the user you want to disconnect and click Disconnect. 3. Click Yes on the confirmation message. 4. The user you disconnected receives the following message: The Client has been disconnected by User_Name from IP_Address at Disconnected_Date_and_Time. 5. Click Close.
PAGE 59
Management server and client TABLE 2 1 Server Properties Field/Component Description Java VM Vendor The Java Virtual Machine vendor. Java VM Version The Java Virtual Machine version running on the server. Server Name The server’s name. OS Architecture The operating system architecture on the server. OS Name The name of the operating system running on the server. OS Version The operating system version running on the server. Region The server’s geographical region.
PAGE 60
1 Management server and client FIGURE 6 Port Status dialog box 2. Review the port status details: • Name — The Port name. Options include CIM Indication for Event Handling, CIM Indication for HCM Proxy, FTP, SCP/SFTP, SNMP Trap, Syslog, Web Server (HTTP), and Web Server (HTTPS). • Port # — The required port number. • Status — The status of the port. The status options are as follows: Success — The port is listening or bound to the server.  Failed — The port fails to listen or bind to the server.
PAGE 61
Management server and client 1 • Communication Path — The “source” to “destination” vaules. Client and Server refer to the Management application client and server unless stated otherwise. Product refers to the Fabric OS, Network OS, or IronWare devices. • Open in Firewall — Whether the port needs to be open in the firewall.
PAGE 62
1 Management server and client TABLE 3 Port usage and firewall requirements (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 3892 LDAP Authentication Server Port UDP TCP LDAP server port for authentication if you use LDAP as an external authentication Server–LDAP Server Yes 4431,2 HTTPS server TCP HTTPS (HTTP over SSL) server port if you use secure client server communication Client-Server Yes 4432 HTTPS (HTTP over SSL) server port if you use secu
PAGE 63
Management server and client TABLE 3 Port Number Port usage and firewall requirements (Continued) Ports Transport Description Communication Path Open in Firewall Server-Managed Host Yes 63432 sFlow UDP Receives sFlow data from products if you are monitoring with sFlow Product-Server Yes 246001,2 JNP (Java Naming Protocol) port TCP Use for service location. Uses SSL for privacy. Client–Server Yes 246011,2 EJB (Enterprise Java Bean) connection port TCP Client requests to server.
PAGE 64
1 Accessibility features for the Management application TABLE 3 Port usage and firewall requirements (Continued) Port Number Ports Transport Description Communication Path Open in Firewall 34568 HCM Agent discovery port TCP Used for HBA management via JSON Server - Managed Host Yes 555561 Launch in Context (LIC) client hand shaking port TCP Client port used to check if a Management application client opened using LIC is running on the same host Client No NOTE: If this port is in use, th
PAGE 65
Accessibility features for the Management application TABLE 4 1 Keyboard shortcuts Menu Item or Function Keyboard Shortcut Internet Explorer SHIFT + F2 Master Log F5 FireFox SHIFT + F1 Paste CTRL + V Product List F9 Properties Alt-Enter Select All CTRL + A Show Ports F4 SSH Shift-F5 View Utilization CTRL + U Zoom In CTRL + NumPad+ Zoom Out CTRL + NumPad- Look and feel customization You can configure the Management application to mimic your system settings as well as define the
PAGE 66
1 Accessibility features for the Management application 2. Select Look and Feel in the Category list. 3. Choose from one of the following options: • Select Default to configure the look and feel back to the Management application defaults. • Select System to configure the Management application to have the look and feel of your system. This changes the look and feel for the components that use ‘Java Metal Look and Feel’.
PAGE 67
PostgreSQL database 1 PostgreSQL database You can connect to the database using one of the following options: • pgAdmin III • ODBC client • Command line interface Connecting to the database using pgAdmin III To access the PostgreSQL database, complete the following steps. 1. Choose one of the following options: • On Windows systems, launch the dbadmin.bat script in the Install_Home\bin\ directory. • On UNIX systems, launch the dbadmin script in the Install_Home\bin\ directory. 2.
PAGE 68
1 PostgreSQL database Connecting to the database using the ODBC client (Windows systems) The Open Database Connectivity (ODBC) driver enables you to configure the data source name (DSN) for the database. To install the ODBC driver and create a new data source, complete the following steps. 1. Double-click edb_psqlodbc.exe located on the DVD (DVD_Drive/Management_Application/odbc/Windows). 2.
PAGE 69
PostgreSQL database 1 20. Click Save. 21. Click OK on the ODBC Data Source Administrator dialog box. 22. To export data, select Data > Import External Data > New Database Query and complete the steps in the Data Connection Wizard. Connecting to the database using the ODBC client (Linux systems) NOTE The ODBC driver is not supported on 64-bit Linux systems. You must have the Open Database Connectivity (ODBC) driver to allow remote clients to export data and generate reports.
PAGE 70
1 PostgreSQL database Adding the Datasourse on Linux systems Before you edit the INI files, make sure the PostgreSQL database is up and running. NOTE For RedHat and Oracle Enterprise systems, the odbc.ini and odbcinst.ini files are located in /etc. For SUSE systems, the odbc.ini and odbcinst.ini files are located in /etc/unixODBC. 1. Open the odbc.ini file in an editor and enter the datasource information as follows: [TestDB] Description = PostgreSQL 8.4 Driver = /opt/PostgreSQL/psqlODBC/lib/psqlodbcw.
PAGE 71
PostgreSQL database 1 5. On the Set up user authentication screen, complete the following steps. a. Enter the database user name in the User name field. b. Select the Password required check box. c. Click Test Connection to test the connection. The Authentication Password dialog box displays. d. Enter the database password in the Password field and click OK. e. Click OK on the Connection Test dialog box.
PAGE 72
1 Supported open source software products If the new password and confirm password do not match, the following message displays: New password and confirm password do not match. Please try again. Press any key to continue. 3. Launch the Server Management Console. 4. Click the Services tab. 5. Click Stop to stop all services. 6. Click Close to close the Server Management Console. 7. Launch the Server Management Console. 8. Click Start to start all services.
PAGE 73
Supported open source software products TABLE 7 1 Open source software third-party software products Open Source Software License Type ApacheCommonsNet 2.0 Apache License v2.0 ApacheCommonsPool 1.5.4 Apache License v2.0 ApacheCommonsValidator 1.3.1 Apache License v2.0 Apache Extras Companion for Apache log4j 1.1 Apache License v2.0 ApacheFTPServer 1.0.3 Apache License v2.0 Apache Log4j 1.2.16 Apache License v2.0 ASM 3.2 Custom License Axis 1.4 Apache License v2.
PAGE 74
1 Supported open source software products TABLE 7 26 Open source software third-party software products Open Source Software License Type JCalendar 1.3.3 LGPL v2.1 JCommon 1.0.16 LGPL v2.1 JDOM 1.1.1 Apache Style JFreeChart 1.0.13 LGPL v2.1 JGoodiesForms 1.2.1 BSD JGoodiesLooks 2.2.2 BSD JGraph 5.13.0.1 BSD Style JIDE 2.10.1 JIDE Software License Jmesa 2.4.5 Apache JSON-RPCJava 1.0.1 Apache License v2.0 KajabityTools 0.1 Apache License v2.0 L2Fprod.comCommonComponents 7.
PAGE 75
SAN feature-to-firmware requirements 1 SAN feature-to-firmware requirements Use the following table to determine whether the Management application SAN features are only available with a specific version of the Fabric OS firmware as well as if there are specific licensing requirements. TABLE 8 SAN feature to firmware requirements Feature Fabric OS Access Gateway (AG) AG connected to Fabric OS devices requires firmware 5.2 or later. Call Home (Trial and Licensed version Only) Requires Fabric OS 5.
PAGE 76
1 TABLE 8 SAN feature-to-firmware requirements SAN feature to firmware requirements Feature Fabric OS Port Fencing (Trial and Licensed version Only) Requires Fabric OS 6.2 or later. Requires Fabric OS 6.3 or later for State Change and C3 Discard Frames violation types. Security Management Requires Fabric OS 5.2 and later for SCC Policy. Requires Fabric OS 5.2 and later for DCC Policy. Requires Fabric OS 5.3 and later for IP Filter Policy. Requires Fabric OS 6.
PAGE 77
Chapter 2 Licenses In this chapter • Licenses overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Managed count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Entering the license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Upgrading the Management application . . . . . . . . . . . . . . . . . . . . . . . . . . . . • License downgrade . . . . . . . . . . . . .
PAGE 78
2 Entering the license key Managed SAN port count calculation NOTE If you exceed the maximum port count for your version, software functionality is impacted and you must reduce the port count using the Discover Fabrics dialog box or contact your vendor to purchase an additional license for your version. The managed SAN port count is calculated using the following rules: • • • • • Only switches discovered from the SAN tab are counted. • • • • Access Gateway ports are counted.
PAGE 79
Upgrading the Management application 2 • License Key — License keys consist of an asterisk (*) followed by unique string of alphanumeric characters. License keys verify ownership of the Management application software as well as determine the maximum port count allowed or any additional features that you receive as part of the license. • Serial # — The serial number of the server associated with the license key. This field is not editable; it is populated after you set the license key on the server.
PAGE 80
2 Upgrading the Management application TABLE 10 IP upgrade paths Current software release To software release IP Professional IP Base Trial or Licensed version IP Base Trial IP Base Licensed version SAN + IP Enterprise Licensed version IP Base Licensed version (lower count) IP Base Licensed version (higher count) SAN + IP Enterprise Licensed version TABLE 11 SAN + IP upgrade paths Current software release To software release SAN + IP Professional SAN Professional Plus + IP Trial or Enterpri
PAGE 81
License downgrade 2 License downgrade You can downgrade from a higher Trial configuration to a licensed version with a lower configuration. NOTE You cannot downgrade to Professional Edition. NOTE Downgrading to a Trial version is not supported. NOTE You cannot downgrade during migration (Configuration Wizard). Downgrading the edition The following table list the available downgrade paths.
PAGE 82
2 34 License downgrade Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 83
Chapter 3 Patches In this chapter • Installing a patch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 • Uninstalling a patch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Installing a patch The patch installer enables you to update the Management application between releases. Each patch installer includes the previous patches within a specific release. For example, patch F (11.X.
PAGE 84
3 Uninstalling a patch • Extracts patch files to the Install_Home folder. • Creates a back up (zip) of the original files to be updated and copies the zip file to the Install_Home\patch-backup directory (for example, Install_Home\patch-backup\na_11-3-0a.zip). The first time you apply a patch, the back up patch zip file uses the following naming convention: _-- .zip (for example, Install_Home\patch-backup\na_11-3-0a.zip).
PAGE 85
Uninstalling a patch 3 6. Copy the artifact from the extracted folder to the source folder in the Install_Home/patch-backup directory. 7. Repeat step 5 and 6 for all artifacts listed in the restore.xml folder. 8. Go to the Install_Home/conf directory. 9. Open the version.properties file in a text editor. 10. Change the patch version (patch.version) value to the reverted patch (for example, if you are reverting from patch F to patch C then patch.version = c).
PAGE 86
3 38 Uninstalling a patch Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 87
Chapter 4 Discovery In this chapter • SAN discovery overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing the fabric discovery state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Troubleshooting fabric discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SAN Fabric monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SAN Seed switch . . . . . . . . . . . . . . . .
PAGE 88
4 SAN discovery overview NOTE Professional Plus edition can discover up to 2,560 ports. NOTE Professional Plus edition can discover, but not manage the Backbone chassis.Use the device’s Element Manager, which can be launched from the Connectivity Map, to manage the device. This device cannot be used as a Seed switch. FCS policy and seed switches The Management application requires that the seed switch is the primary Fabric Configuration Server (FCS) switch at the time of discovery.
PAGE 89
SAN discovery overview TABLE 13 4 Backbone Chassis discovery Device Professional Professional Plus Enterprise 16 Gbps 8-slot Backbone Chassis as member switch Yes for discovery; however, it cannot be managed. Yes for discovery; however, it cannot be managed. Yes 16 Gbps 4-slot Backbone Chassis as seed switch Yes Yes Yes 16 Gbps 4-slot Backbone Chassis as member switch Yes Yes Yes Discovering fabrics NOTE Fabric OS devices must be running Fabric OS 5.0 or later.
PAGE 90
4 SAN discovery overview FIGURE 8 Add Fabric Discovery dialog box (IP Address tab) 3. Enter a name for the fabric in the Fabric Name field. 4. Enter an IP address (IPv4 or IPv6) for a device in the IP Address field. To configure the preferred IP format for the Management application server to connect with Fabric OS devices, refer to “Configuring the preferred IP format” on page 123. If the product has both an IPv4 and IPv6 address, the Management server uses the preferred address.
PAGE 91
SAN discovery overview 4 For Admin Domain (AD) discovery, Fabric OS switch must have Physical AD visibility. For Virtual Fabric discovery device requirements, refer to “Virtual Fabrics requirements” on page 512. To discover a Virtual Fabric device, you must have the following permissions: • Switch user account with Chassis Admin role permission on the physical chassis. • Switch and SNMPv3 user account with access rights to all logical switches (all Fabric IDs (1 - 128).
PAGE 92
4 SAN discovery overview c. Enter the number of times to retry the process in the Retries field. d. Select the SNMP version from the SNMP Version list. • If you selected v1, continue with step e. • If you select v3, the SNMP tab displays the v3 required parameters. Go to step i. To discover a Fabric OS device (not virtual fabric-capable), you must provide the existing SNMPv3 username present in the switch.
PAGE 93
SAN discovery overview 4 Editing the password for multiple devices You can only edit password for Fabric OS devices in the same fabric. To edit the password for multiple devices within the same fabric, complete the following steps. 1. Select Discover > Fabrics. The Discover Fabrics dialog box displays. 2. Select multiple devices within the same fabric from the Discovered Fabrics table. 3. Click Edit. The Fabric_Name Edit Switches dialog box displays. FIGURE 10 Edit Switches dialog box 4.
PAGE 94
4 SAN discovery overview Configuring SNMP credentials 1. Select Discover > Fabrics. The Discover Fabrics dialog box displays. 2. Select an IP address from the Discovered Fabrics table. 3. Click Edit. The Add Fabric Discovery dialog box displays. 4. To revert to the default SNMPv3 settings, click the Automatic option. Go to step 19. 5. To manually configure SNMP, select the Manual option. Go to step 6. 6. Click the SNMP tab. FIGURE 11 7.
PAGE 95
SAN discovery overview 4 16. Enter the authorization password in the Auth Password field. • If you selected Configure for 256-Port_Director_Name, go to step 19. • If you did not select Configure for 256-Port_Director_Name, continue with step 17. 17. Select the privacy protocol in the Priv Protocol field. 18. Enter the privacy password in the Priv Password field. 19. Click OK on the Add Fabric Discovery dialog box. If the seed switch is not partitioned, continue with step 20.
PAGE 96
4 SAN discovery overview Removing a fabric from active discovery If you decide you no longer want the Management application to discover and monitor a specific fabric, you can delete it from active discovery. Deleting a fabric also deletes the fabric data on the server (both system collected and user-defined data) except for user-assigned names for the device port, device node, and device enclosure information. To delete a fabric from active discovery, complete the following steps. 1.
PAGE 97
Viewing the fabric discovery state 4 Viewing the fabric discovery state The Management application enables you to view device status through the Discover Setup dialog box. To view the discovery status of a device, complete the following steps. 1. Select Discover > Fabrics. The Discover Fabrics dialog box displays. 2. Right-click a fabric and select Expand All to show all devices in the fabric. The Name field displays the discovery status icons in front of the device name.
PAGE 98
4 Troubleshooting fabric discovery Managed count exceeded troubleshooting The following section states possible issues and the recommended solution when you exceed your managed count limits. Problem Resolution If you exceed your managed count limit, the Management application displays a “licensed exceeded” message on the topology.
PAGE 99
Troubleshooting fabric discovery Problem 4 Resolution Remove a device from active discovery To remove a fabric from active discovery, complete the following steps. 1 Select Discover > Fabrics. The managed count exceeded message displays. Managed counts that have been exceeded display with a light red background. Managed counts that are within the grace count limit display with a pale yellow background. 2 Click OK on the message. The Discover Fabrics dialog box displays.
PAGE 100
4 SAN Fabric monitoring Problem Resolution At the time of discovery, SNMP v3 is not configured. At the time of discovery, SNMP v3 is not configured for all other switches in the fabric. After discovery, a device is upgraded to Fabric OS 6.2 or later and is Virtual Fabric-enabled; however, SNMP v3 is not configured Configure the SNMP v3 information for the Virtual Fabric-enabled device. At the time of discovery or fabric refresh, the SNMP v3 user account does not have the Chassis Admin role.
PAGE 101
SAN Fabric monitoring 4 For Professional and Professional Plus, the default monitoring interval is 120 seconds (minimum interval is 120 seconds).
PAGE 102
4 SAN Fabric monitoring Stop monitoring of discovered switches NOTE You cannot stop monitoring the seed switch. When you stop monitoring a switch, the Management application performs the following actions: • Stops all data collection for the switch. • Unregisters as SNMP trap recipient from the switch. For Virtual Fabric switches, only unregister as SNMP trap recipient when all Virtual Fabric switches of that chassis are unmonitored. • Unregisters as SYSLOG recipient from the switch.
PAGE 103
SAN Fabric monitoring 4 2. Select one or more switches in the same fabric that you want to stop monitoring from the Discovered Fabrics table. NOTE You cannot select switches in different fabrics. 3. Click Unmonitor. The Unmonitor Status dialog box displays with the following details: • • • • • • • IP Address — The IP address of the switch. WWN — The WWN of the switch. Name — The name of the switch. FID — The FID of the switch. Fabric Name — The name of the associated fabric.
PAGE 104
4 SAN Seed switch Resume monitoring of discovered switches NOTE Monitoring is not supported on Hosts. NOTE You can only monitor a switch that is reachable and has valid credentials. To monitor a switch, complete the following steps. 1. Select Discovery > Fabrics. The Discover Fabrics dialog box displays. 2. Select one or more switches that you want to monitor from the Discovered Fabrics table. 3. Click Monitor. The Monitor Status dialog box displays with the status. 4.
PAGE 105
SAN Seed switch 4 This operation preserves historical and configuration data, such as performance monitoring and user-customized data for the selected fabric. ATTENTION If the seed switch firmware is downgraded from Fabric OS 5.2.X to an earlier version, then all RBAC-related data is discarded from the Management application.
PAGE 106
4 SAN Seed switch • Identifies which switches are Virtual Fabric-enabled switches (Fabric OS only). If there are Virtual Fabric-enabled switches, the Management application only uses these switches as recommended seed switches. If there are no Virtual Fabric-enabled switches, continue with the next check. • Identifies which switches are Virtual Fabric-capable devices (Fabric OS only).
PAGE 107
Host discovery 4 Host discovery The Management application enables you to discover individual hosts, import a group of Host from a comma separated values (CSV) file, or import all hosts from discovered fabrics or VM managers. NOTE Host discovery requires HCM Agent 2.0 or later. NOTE SMI and WMI discovery are not supported. Discovering Hosts by Network address or host name To discover a Host by Network address or host name, complete the following steps. 1. Select Discover > Host Adapters.
PAGE 108
4 Host discovery FIGURE 13 Add Host Adapters dialog box 3. (Optional) Enter a discovery request name (such as, Manual 06/12/2009) in the Discovery Request Name field. 4. Select Network Address from the list. 5. Enter the IP address (IPv4 or IPv6 formats) or host name in the Network Address field. 6. Click Add. The IP address or host name of the Host displays in the Host List. 7.
PAGE 109
Host discovery 4 13. Click OK on the Add Host Adapters dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Hosts table with pending status. To update the status from pending you must close and reopen the Discover Host Adapters dialog box. 14. Click Close on the Discover Host Adapters dialog box. Importing Hosts from a CSV file To discover Hosts by importing a CSV file, complete the following steps. 1.
PAGE 110
4 Host discovery The CSV file must meet the following requirements: • Comma separated IP address or host names • No commas within the values • No escaping supported For example, XX.XX.XXX.XXX, XX.XX.X.XXX, computername.company.com 6. Click Open. The CSV file is imported to the Add Host Adapters dialog box. During import, duplicate values are automatically dropped. When import is complete, the imported values display in the Host List. If the file cannot be imported, an error displays. 7.
PAGE 111
Host discovery FIGURE 15 4 Add Host Adapters dialog box 3. Enter a discovery request name (such as, MyFabric) in the Discovery Request Name field. 4. Select Hosts in Fabrics from the list. 5. Select All fabrics or an individual fabric from the list. 6. Click Add. All hosts which are part of a managed fabric and have a registered host name display in the list. If no host with a registered host name exists, an error message displays. Click OK to close the error message. 7.
PAGE 112
4 Host discovery 12. Click OK on the Add Host Adapters dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A Host Group displays in Discovered Hosts table with pending status. To update the status from pending you must close and reopen the Discover Host Adapters dialog box. 13. Click Close on the Discover Host Adapters dialog box. Importing Hosts from a VM manager To discover Hosts from a discovered VM manager, complete the following steps. 1.
PAGE 113
Host discovery 4 • To configure CIM server credentials, select the CIM server (ESXi only) option. Continue with step 8. If you do not need to configure Host credentials, skip to step 12. 8. Configure discovery authentication by choosing one of the following options: • To configure discovery with authentication, select the HTTPS from the Protocol list. • To configure discovery without authentication, select the HTTP from the Protocol list. 9. Enter the port number in the Port field.
PAGE 114
4 Host discovery 4. Configure discovery authentication by choosing one of the following options: • To configure discovery with authentication, select the HTTPS from the Protocol list. • To configure discovery without authentication, select the HTTP from the Protocol list. 5. Enter the port number in the Port field. HCM agent default is 34568. CIM server HTTPS default is 5989. CIM server HTTP default is 5988. 6. Enter your username in the User ID field. HCM agent default is admin.
PAGE 115
Host discovery 4 5. Click Close on the Discover Host Adapters dialog box. Deleting a host adapter from discovery To delete a host permanently from discovery, complete the following steps. 1. Select Discover > Host Adapters. The Discover Host Adapters dialog box displays. 2. Select the host you want to delete permanently from discovery in the Previously Discovered Addresses table. 3. Click Delete. 4. Click OK on the confirmation message. 5. Click Close on the Discover Host Adapters dialog box.
PAGE 116
4 VM Manager discovery • Brocade HBA Discovery Failed: HCM Agent connection failed • HCM Agent collection failed Troubleshooting host discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly. For more complete information about troubleshooting adapters, refer to the Brocade Adapters Troubleshooting Guide. 1. Verify IP connectivity by issuing a ping command to the host. a. Open the command prompt. b.
PAGE 117
VM Manager discovery FIGURE 18 4 Discover VM Managers dialog box 2. Click Add. The Add VM Manager dialog box displays. FIGURE 19 Add VM Manager dialog box 3. Enter the IP address or host name in the Network Address field. 4. Enter the VM manager port number in the Port field. 5. Enter the VM manager username in the User ID field. 6. Enter the VM manager password Password field. 7.
PAGE 118
4 VM Manager discovery 8. Select the Forward event to vCenter check box to enable event forwarding from the Management application to vCenter. Clear to disable event forwarding. 9. Click OK on the Add VM Manager dialog box. If an error occurs, a message displays. Click OK to close the error message and fix the problem. A VM manager displays in Discovered VM Managers table with pending status. To update the status from pending you must close and reopen the Discover VM Managers dialog box. 10.
PAGE 119
VM Manager discovery 4 Excluding a host from VM manager discovery To exclude host from VM manager discovery complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select the Host you want to exclude in the Discovered VM Managers list and click Exclude. 3. Click Close on the Discover VM Managers dialog box. Including a host in VM manager discovery To include host in VM manager discovery complete the following steps. 1.
PAGE 120
4 VM Manager discovery 4. Click OK on the confirmation message. The rediscovered VM manager displays in the Discovered VM Managers table. 5. Click Close on the Discover VM Managers dialog box. Deleting a VM manager from discovery To delete a host permanently from discovery, complete the following steps. 1. Select Discover > VM Managers. The Discover VM Managers dialog box displays. 2. Select the VM manager you want to delete permanently from discovery in the Previously Discovered Addresses table. 3.
PAGE 121
VM Manager discovery 4 Troubleshooting VM manager discovery If you encounter discovery problems, complete the following checklist to ensure that discovery was set up correctly. 1. Verify IP connectivity by issuing a ping command to the switch. a. Open the command prompt. b. From the Server, type ping Device_IP_Address. 2. Enter the IP address of the device in a browser to verify the SNMP settings. For example, http://10.1.1.11.
PAGE 122
4 74 VM Manager discovery Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 123
Chapter Application Configuration 5 In this chapter • Server Data backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 • Server Data restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 • SAN display settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 • SAN End node display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 124
5 Configurable preferences • SAN End Node Display — Use to display (or turn off display of) end nodes on the Connectivity map for newly discovered fabrics. Disabling end node display limits the Connectivity map to switch members only. For more information, refer to “SAN End node display” on page 86. • SAN Ethernet Loss Events — Use to enable events for a loss of ethernet connection to SAN switches. For more information, refer to “SAN Ethernet loss events” on page 87.
PAGE 125
Server Data backup 5 Server Data backup The Management application helps you to protect your data by backing it up automatically. Backup is a service process that periodically copies and stores application files to an output directory. The output directory is relative to the server and must use a network share format to support backup to the network. The data can then be restored, as necessary. NOTE Backing up data takes some time.
PAGE 126
5 Server Data backup Back up directory structure overview The Management server backs up data to two alternate folders. For example, if the backup directory location is D:\Backup, the backup service alternates between two backup directories, D:\Backup\Backup and D:\Backup\BackupAlt. The current backup is always D:\Backup and contains a complete backup of the system. The older backup is always D:\BackupAlt. If a backup cycle fails, the cause is usually a full CD-RW.
PAGE 127
Server Data backup 5 • Select the Include Technical Support directory check box, if necessary. Only available if the Include FTP Root directory check box is clear. • Select the Include Upload Failure Data Capture directory check box, if necessary. Only available if the Include FTP Root directory check box is clear. 5. Enter the time (using a 24-hour clock) you want the backup process to begin in the Next Backup Start Time Hours and Minutes fields. 6.
PAGE 128
5 Server Data backup 9. Back up data to a CD by completing the following steps. NOTE This is not recommended on a permanent basis. CDs have a limited life, and may only last a month. An error message occurs if your Management application can no longer back up to the disc. a. Verify that the CD backup directory is correct (default directory is D:\Backup). It is assumed that drive D is a CD-RW drive. You can change the directory or use the Browse button to select another directory. b.
PAGE 129
Server Data backup 5 4. Click Apply or OK. Viewing the backup status The Management application enables you to view the backup status at a glance by providing a backup status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the backup function. TABLE 18 Backup status Icon Description Backup in Progress—displays the following tooltip: “Backup started at hh:mm:ss, in progress... XX directories are backed up.
PAGE 130
5 Server Data backup Starting immediate backup NOTE You must have backup privileges to use the Backup Now function. For more information about privileges, refer to “User Privileges” on page 1097. To start the backup process immediately, complete one of the following procedures: Using the Backup Icon, right-click the Backup icon and select Backup Now. The backup process begins immediately. OR 1. Select Server > Options. The Options dialog box displays. 2. Select Server Backup in the Category list. 3.
PAGE 131
Server Data restore 5 Server Data restore NOTE You cannot restore data from a previous version of the Management application. NOTE You cannot restore data from a higher or lower configuration (Trial or Licensed version) of the Management application. NOTE You cannot restore data from a different package of the Management application. NOTE You cannot restore data from a 64-bit server to a 32-bit server. The Management application helps you to protect your data by backing it up automatically.
PAGE 132
5 SAN display settings 5. Browse to the backup location. Browse to the location specified in the Output Directory field on the Options dialog box Backup pane. 6. Click Restore. Upon completion, a message displays the status of the restore operation. Click OK to close the message and the Server Management Console. For the restored data to take effect, re-launch the Configuration Wizard using the instructions in “Launching the Configuration Wizard” on page 5.
PAGE 133
SAN display settings FIGURE 22 5 Options dialog box (SAN Display pane) 3. Click Set Up FICON Display. Any table that contains end device descriptions move the following nine columns to the beginning of the table: Attached Port #, FC Address, Serial #, Tag, Device Type, Model, Vendor, Port Type, and WWN. 4. Click Apply or OK to save your work. Resetting your display You can reset your system to display the default display settings.
PAGE 134
5 SAN End node display 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Display in the Category list. 3. Click Reset Display. 4. Click Yes on the reset confirmation message. The display and view settings are immediately reset to the default display settings (as detailed in the Default display Settings table (Table 19)). 5. Click Apply or OK to save your work. SAN End node display The connectivity map can be configured to display or not display end nodes.
PAGE 135
SAN Ethernet loss events 5 SAN Ethernet loss events An Ethernet event occurs when the Ethernet link between the Management Server and the managed SAN device is lost. You can configure the application to enable events when the Ethernet connection is lost. Enabling SAN Ethernet loss events The Options dialog box enables you to configure the Management application to generate an Ethernet event after a device is offline for a specific period of time.
PAGE 136
5 Event storage settings Event storage settings You can configure the maximum number of historical events save to the repository, how long the events will be retained, as well as whether to store historical events to a file before purging them from the repository. Configuring event storage To configure event storage, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Event Storage in the Category list (Figure 25).
PAGE 137
Flyover settings 5 Storing historical events purged from repository To store historical events purged from the repository, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Event Storage in the Category list. 3. Select the Yes option. 4. Click OK. Purged events from the master log table are stored in the Install_Home\data\archive\events directory using the format event_MMDDYYY.zip (for example, event_04052011.zip.
PAGE 138
5 Flyover settings FIGURE 26 Options dialog box (Flyovers pane, Product tab) a. Select the protocol type from the Type list, if necessary. b. Select each property you want to display in the product flyover from the Available Properties table.
PAGE 139
Flyover settings 7. 5 Add connection properties you want to display on flyover by selecting the Connection tab (Figure 27) and completing the following steps. FIGURE 27 a. Options dialog box (Flyovers pane, Connection tab) Select the protocol type from the Type list, if necessary. Depending on which protocol you select, some properties may not be available for all protocols. b. Select each property you want to display in the connection flyover from the Available Properties table.
PAGE 140
5 SAN name settings FCoE • • • Name Node WWN MAC • • • Port# Port Type FCoE Index # c. Click the right arrow to move the selected properties to the Selected Properties table. d. Use the Move Up and Move Down buttons to reorder the properties in the Selected Properties table. The properties displayed in the Selected Properties table appear in the flyover display. 8.
PAGE 141
SAN name settings 5 Setting names to be unique You can edit duplicate names so that each device has a unique name. Note that the Duplicated Names dialog box only displays when you set names to be unique and there are duplicate names in the system. To edit duplicate names, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select SAN Names in the Category list. The SAN Names pane displays (Figure 28). FIGURE 28 Options dialog box (SAN Names pane) 3.
PAGE 142
5 SAN name settings 2. Select SAN Names in the Category list. 3. Select Set names to be non-unique to allow duplicate names on your system. 4. Click OK on the Options dialog box. Fixing duplicate names To fix duplicated names, complete the following steps. 1. Select Configure > Names. The Configure Names dialog box displays. 2. Click Fix Duplicates.
PAGE 143
SAN name settings    5 Operational Status — The operational status of the device. There are four possible values: Up — Operation is normal. Down — The port is down or the route to the remote destination is disabled. Disabled — The connection has been manually disabled. Backup Active — The backup TCP port is active due to a failover. Port # — The port number. Type — The type of device. 3. Select one of the following options.
PAGE 144
5 SAN name settings • Scope list — Select a search value (Name or WWN) from the list. • Search text box — Enter the name or WWN of the device for which you are searching. • Search button — Click to search on the value in the Search field. For more information, refer to “Searching for a device by name” on page 99. • Display table — This table displays the following information: Description–A description of the device. Name–The name of the device. Enter a name for the device.
PAGE 145
SAN name settings 5 4. Double-click in the Name column for the selected device or port and enter a name for the device or port. If you set names to be unique on the Options dialog box and the name you entered already exists, the entry is not accepted. To search for the device already using the name, refer to “Searching for a device by name” on page 99 or “Searching for a device by WWN” on page 100 in the Configure Names dialog box or “Searching for a device” on page 258 in the connectivity map.
PAGE 146
5 SAN name settings 5. Click OK on the Configure Names dialog box. Removing a name from a device 1. Select Configure > Names. The Configure Names dialog box displays. 2. In the Display table, select the name you want to remove. 3. Click Remove. An application message displays asking if you are sure you want clear the selected name. 4. Click Yes. 5. Click OK to close the Configure Names dialog box. 6. Click OK on the confirmation message.
PAGE 147
SAN name settings 5 5. Click OK to close the Configure Names dialog box. Importing Names If the name length exceeds the limitations detailed in the following table, you must edit the name (in the CSV file) before import. Names that exceed these limits will not be imported. If you migrated from a previous version, the .properties file is located in the Install_Home\migration\data folder. TABLE 20 Device Character limit Fabric OS switch 6.
PAGE 148
5 SAN name settings 4. Enter the name you want to search for in the Search field. You can search on partial names. NOTE To search for a device, the device must be discovered and display in the topology. 5. Click Search. All devices with the specified name (or partial name) are highlighted in the Display table. You may need to scroll to see all highlighted names. If the search finds no devices, a ‘no item found’ message displays. 6. Click OK to close the Configure Names dialog box.
PAGE 149
Miscellaneous security settings 5 Miscellaneous security settings You can configure the Server Name, login banner, modify whether or not to allow clients to save passwords, and modify whether or not to enforce the MD5 checksum during import. When the login banner is enabled, each time a client connects to the server, the login banner displays with a legal notice provided by you. The client's users must acknowledge the login banner to proceed, otherwise they are logged out.
PAGE 150
5 Miscellaneous security settings 5. Click Apply or OK to save your work. Enforcing MD5 file during import NOTE The MD5 checksum file is required when you load Fabric OS firmware into the Management application version 12.0 or later. You can configure the Management application to enforce the MD5 checksum file import during the import of the Fabric OS image into the firmware repository.
PAGE 151
Syslog Registration settings 5 4. Enter the message you want to display every time a user logs into this server in the Banner Message field. This field contains a maximum of 2048 characters. 5. Click Apply or OK to save your work. Disabling the login banner To disable the login banner display, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Security Misc in the Category list. 3. Clear the Display login banner upon client login check box.
PAGE 152
5 SNMP Trap Registration settings Configuring the Syslog listing port number 1. Select Server > Options. The Options dialog box displays. 2. Select Syslog Registration in the Category pane. The Syslog Registration pane displays (Figure 32). 3. Enter the Syslog listening port number of the Server in the Syslog Listening Port (Server) field, if necessary. The default Syslog listening port number is 514 and is automatically populated. 4. Click Apply or OK to save your work.
PAGE 153
SNMP Trap forwarding credential settings 5 3. Enter the SNMP listening port number of the Server in the SNMP Listening Port (Server) field, if necessary. The default SNMP listening port number is 162 and is automatically populated. 4. Click Apply or OK to save your work. SNMP Trap forwarding credential settings You can configure SNMP credentials for the traps forwarded by the server. Configuring SNMP v1 and v2c credentials To configure a SNMP v1 or v2c credentials, complete the following steps. 1.
PAGE 154
5 Software Configuration Configuring SNMP v3 credentials To configure a SNMP v1 or v2c credentials, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select Trap Forwarding Credentials in the Category pane. The Trap Forwarding Credentials pane displays (Figure 34). 3. Enter the SNMP v3 name (case sensitive, 1 to 16 characters) to identify the credentials in the User Name field. Allows all printable ASCII characters. 4.
PAGE 155
Software Configuration 5 Certificates Certificate management allows you to enable certificate validation between the Management application server and products when HTTPS is enabled and between server and client when SSL is enabled on server. For more information about product communication, refer to “Product communication settings” on page 122. Certificate management also allows you to manage the Management application server truststore as well as the Management application client truststore.
PAGE 156
5 Software Configuration The Certificates pane contains the following fields and components: • Enable certificate validation check box — Select to enable certificate validation. Clear to disable certificate validation • Keystore Certificates drop-down list — Select one of the following options: View — Click to view the keystore certificate details. For more information, refer to “Viewing a truststore certificate” on page 108.  Export — Click to export a keystore certificate.
PAGE 157
Software Configuration FIGURE 36 5 Details - Certificate Name dialog box The Details - Certificate Name dialog box contains the following fields: • Left-side text box — Name of the Issuer. • Right-side table — Displays the following certificate details: Version — Version of the certificate.  Serial Number — Serial number of the certificate.  Signature Algorithm — Signature algorithm used to sign the certificate. The signature algorithm is derived from the algorithm of the underlying private key.
PAGE 158
5 Software Configuration 5. Enter a unique alias for the certificate in the Alias Name field. 6. Click OK. 7. Click Apply or OK to save your work. Deleting a truststore certificate 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select the truststore you want to delete in the Truststore Certificates table. 4. Click Delete. 5. Click Yes on the confirmation message.
PAGE 159
Software Configuration 5 Viewing a keystore certificate 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select View from the Keystore Certificate list. The Details - Certificate Name dialog box displays with the following fields: • Left-side text box — Name of the Issuer. • Right-side table — Displays the following certificate details: Version — Version of the certificate.
PAGE 160
5 Software Configuration Replacing a keystore certificate NOTE Changes to this option take effect after an application restart. 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3. Select Replace from the Keystore Certificate list. The Replace Keystore Certificate dialog box displays. 4. To replace the current certificate with a new self-signed certificate, select the A new self signed certificate option. 5.
PAGE 161
Software Configuration 5 Enabling and disabling certificate validation The Management application server only validates the certifying authority and the date in the certificate. Certificate validation requires HTTPS connections between the server and the switches. To configure product communication to HTTPS, refer to “Product communication settings” on page 122. 1. Select Server > Options. The Options dialog box displays. 2. Select Certificates to in the Category list. The Certificates pane displays. 3.
PAGE 162
5 Software Configuration 4. Click Apply or OK to save your work. NOTE Changes to this option take effect after a client restart. 5. Click OK on the “changes take effect after client restart” message. Client/Server IP You can configure connections between the client or switches and the Management application server. Configuring the server IP address If your Operating System is IPv6-enabled (dual mode or IPv6 only), the server binds using an IPv6 address.
PAGE 163
Software Configuration FIGURE 38 5 Options dialog box (Client/Server IP option) 3. Choose one of the following options in the Server IP Configuration list. • Select All. Go to step 4. • Select a specific IP address. Continue with step 5. • Select localhost. Continue with step 5. When Server IP Configuration is set to All, you can select any available IP address as the Return Address. If you select a specific IP address, the Return Address list shows the same IP address and you cannot change it. 4.
PAGE 164
5 Software Configuration Configuring an explicit server IP address If you selected a specific IP address from the Server IP Configuration screen during installation and the selected IP address changes, you will not be able to connect to the server. To connect to the new IP address, you must manually update the IP address information. To change the IP address, complete the following steps. 1. Choose one of the following options: • On Windows systems, select Start > Programs > Management_Application 12.X.
PAGE 165
Software Configuration 5 8. Verify the IP address on the Server Configuration Summary screen and click Next. 9. Click Finish on the Start Server screen. 10. Click Yes on the restart server confirmation message. 11. Enter your user name and password. The defaults are Administrator and password, respectively. NOTE Do not enter Domain\User_Name in the User ID field for LDAP server authentication. 12. Click Login. 13. Click OK on the Login Banner.
PAGE 166
5 Software Configuration 4. Select the return IP address in the Client - Server IP Configuration Return Address list. When Server IP Configuration is set to All, you can select any available IP address as the Return Address. If you select a specific IP address, the Return Address field shows the same IP address and you cannot change it. 5. Click Apply or OK to save your work. NOTE Changes take effect after you restart the Management Server.
PAGE 167
Software Configuration 5 4. Enter the memory allocation (MB) for the client in the Client Memory Allocation field. If you enter an invalid value, an error message displays with the minimum value allowed. Click OK and edit the value again. The current configured number of megabytes for client memory allocation displays in the Current Value field. The default minimum number of megabytes for client memory allocation displays in the Default Minimum field.
PAGE 168
5 Software Configuration • Enterprise Medium : 1500 MB • Enterprise Large : 2048 MB Default values for SAN only Server Server Heap Size For a 32-bit Windows or Linux Server • Small : 768 MB • Medium : 950 MB • Large : 950 MB For a 64-bit Windows or Linux Server • Small : 1024 MB • Medium : 1500 MB • Large : 2048 MB NOTE There is no restriction on the maximum value for Server Heap Size in a 64-Bit Server. The correct server heap size value must be given according to the RAM present in the server. 6.
PAGE 169
Software Configuration 5 3. Enter how often you want to check for state changes in the Check for state change every field. Valid values are from 1 through 600 seconds. You cannot enter a value lower than the default minimum value. Default minimum values are as follows: • Small (Professional): 60 seconds • Medium: 120 seconds • Large: 180 seconds 4. Enter how often you want to check for state changes in the If no state change, Poll switch every field. Valid values are from 1 through 3,600 seconds.
PAGE 170
5 Software Configuration Viewing the network size status The Management application enables you to view the network size status at a glance by providing a status icon on the Status Bar. Double-click the icon to launch the Memory Allocation pane of the Options dialog box. NOTE If you exceed the recommended count, the network size status icon refreshes when the License is refreshed (every three hours) or after a client restart.
PAGE 171
Software Configuration FIGURE 40 5 Options dialog box (Product Communication pane) 3. To connect using HTTP, complete the following steps. a. Select the Connect using HTTP option. b. Enter the connection port number in the Port # field. Go to step 5. The default HTTP port number is 80. NOTE To manage FIPS-enabled Fabric OS fabrics, you must configure Product Communication using the Connect using HTTPS (HTTP over SSL) only option. 4.
PAGE 172
5 Software Configuration FTP/SCP/SFTP server settings NOTE For FIPS-enabled Fabric OS switches, you must configure the FTP/SCP/SFTP server communication to an external SCP server to download firmware and allow technical support. File Transfer Protocol (FTP) is a network protocol used to transfer data from one computer to another over a TCP computer network. During installation, a built-in FTP server and its services are installed.
PAGE 173
Software Configuration 5 Configuring an internal FTP server To configure the internal FTP server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select FTP/SCP/SFTP in the Category list. The FTP/SCP/SFTP pane displays (Figure 41). FIGURE 41 Options dialog box (FTP/SCP/SFTP pane) 3. Select the Use built-in FTP/SCP/SFTP Server option to use the default built-in FTP server. All active fields are mandatory. The default user name is admin.
PAGE 174
5 Software Configuration Configuring an internal SCP or SFTP server NOTE SCP is supported on Fabric OS devices running 5.3 and later. NOTE SFTP is supported on Fabric OS devices running 7.0 and later. To configure the internal SCP or SFTP server settings, complete the following steps. 1. Select Server > Options. The Options dialog box displays. 2. Select FTP/SCP/SFTP in the Category list. The FTP/SCP/SFTP pane displays (Figure 41). FIGURE 42 Options dialog box (FTP/SCP/SFTP pane) 3.
PAGE 175
Software Configuration 5 Configuring an external FTP, SCP, or SFTP server NOTE For FIPS-enabled Fabric OS switches, you must configure the FTP/SCP/SFTP server communication to an external SCP or SFTP server to download firmware and allow technical support. NOTE SCP is supported on Fabric OS devices running 5.3 and later. NOTE SFTP is supported on Fabric OS devices running 7.0 and later. To configure external FTP, SCP, or SFTP server settings, complete the following steps. 1. Select Server > Options.
PAGE 176
5 Software Configuration 5. To configure an external SCP server, complete the following steps. a. Select the SCP Server check box to configure the external SCP server. All fields are mandatory. b. Enter the IP address for the remote host in the SCP Host IP field. c. Enter a user name in the SCP Host User Name field. d. Enter the path to the remote host in the SCP Directory Path field. Use a slash (/) or period (.) to denote the root directory. Do not give an absolute path. e.
PAGE 177
Software Configuration 5 • If you are using the external FTP server, select the Use external FTP/SCP/SFTP Server option. For step-by-step instructions about configuring the built-in server, refer to “Configuring an external FTP, SCP, or SFTP server” on page 127. 4. Click Test. An “FTP, SCP, or SFTP Server running successfully” or an error message displays.
PAGE 178
5 Software Configuration 5. Enter a port number in the Starting Port # field. The default is 24600. For Professional, the server requires 15 consecutive free ports beginning with the starting port number. For Trial and Licensed versions, the server requires 18 consecutive free ports beginning with the starting port number. 6. Click Apply or OK to save your work. NOTE Changes to this option take effect after application restart. 7. Click OK on the “changes take effect after application restart” message.
PAGE 179
Software Configuration 5 5. Click Apply or OK to save your work. NOTE Changes to the server log levels reset to the default (INFO) after a server restart. NOTE Changes to the Log client support data log level is applicable for this client only. client. log file properties • Client logs are collected separately for each server. After successful login, a log file is created and prefixed with the network address provided in the Login dialog box. For example, 172.26.1.1.client.log or localhost.client.
PAGE 180
5 FIPS Support FIPS Support To manage FIPS-enabled Fabric OS fabrics and switches, make sure you complete the following configuration requirements: • Configure Product Communication to HTTPS (refer to “Configuring SAN communication” on page 122) to allow communication between the server and the Fabric OS switches. • Configure an external SCP server (refer to “Configuring an external FTP, SCP, or SFTP server” on page 127) to allow firmware download, product technical support, and supportSave.
PAGE 181
Fabric tracking 5 • Device Ports—This table shows a brief summary of the device ports including status (whether the device port will be added ( ) or removed ( ) from the fabric), device type, port, port WWN, node WWN, and attached port number.
PAGE 182
5 Fabric tracking • Fabric Name—Displays the name of the selected fabric. • Switches—This table shows a brief summary of the switches including status (whether the device port will be added ( ) or removed ( ) from the fabric), name, IP address, WWN, and domain ID. This table includes unmonitored switches which becomes segmented from the fabric.
PAGE 183
Fabric tracking 5 Accepting changes for a switch, access gateway, or phantom domain 1. Accept the changes to a switch, access gateway, or phantom domain by choosing one of the following options: • Select the switch, access gateway, or phantom domain on the Product List or Connectivity Map and select Monitor > Accept Changes. • Right-click the switch, access gateway, or phantom domain on the Product List or Connectivity Map and select Accept Change. The Accept Changes Summary dialog box displays.
PAGE 184
5 136 Fabric tracking Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 185
Chapter 6 User Account Management In this chapter • Users overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Areas of responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 186
6 Users overview Viewing configured users To view configured users, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Click the Users tab, if necessary. FIGURE 46 Users dialog box - Users tab The Users dialog box contains the following fields and components: • Authentication-Primary — The primary authentication server type configured through the Server Management Console.
PAGE 187
Users overview 6 • Users table — The configured users.         User ID — The unique name used to identity a user. Full Name — The user’s full name. Roles — List of Roles the user belongs to separated by comma. Area Of Responsibility — List of AORs the user belongs to separated by comma. E-mail Notification — Whether e-mail notification is enabled for user. Account Enabled — Whether the user account status is enabled. Policy Violations — Whether there is a current policy violation for the user.
PAGE 188
6 Users overview Default system roles for SAN only environments include: - SAN System Administrator Network Administrator Security Administrator Zone Administrator Operator Security Officer Host Administrator Description — A description of the role.  Add button — Click to add a new role (refer to “Creating a new role” on page 147).  Edit button — Click to edit the selected role (refer to “Editing a role” on page 148).
PAGE 189
User accounts 6 User accounts NOTE You must have User Management Read and Write privileges to add new accounts, set passwords for accounts, and apply roles to the accounts. For a list of privileges, refer to “User Privileges” on page 1097. Management application user accounts contain the identification of the Management application user, as well as privileges, roles, and AORs assigned to the user. Privileges provide access to the features in Management application.
PAGE 190
6 User accounts 4. Enter a password for the user in the Password and Confirm Password fields. Passwords displays as dots (.). For password policy details, refer to “Viewing your password policy” on page 163. 5. Select the Account Status - Enable check box to enable the account of the user. Account Status is enabled by default. 6. (Optional) Enter the full name of the user in the Full Name field. 7. (Optional) Enter a description for the user in the Description field. 8.
PAGE 191
User accounts 6 Editing a user account To make changes to an existing user account, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the user account you want to edit and click Edit under the Users table. The Edit User dialog box displays. 3. Complete step 3 through step 13 in “Creating a new user account” on page 141. 4. Click OK to save the user account and close the Edit User dialog box.
PAGE 192
6 User accounts Copying and pasting user preferences Enables you to copy user preference settings, such as window and dialog box sizes, table column and sort order, as well as other customizations, and all the user-defined views (including fabrics and hosts) from the selected user account to one or more other user accounts. If the fabric and hosts from the original user account are not included in the other user's AOR, then the copied fabrics and hosts do not display in the other user's views.
PAGE 193
User accounts 6 4. Click OK to save the user account and close the Edit User dialog box. If you make changes to the user’s role or AOR while the user is logged in, a confirmation message displays. When you click OK on the confirmation message, the user is logged out and must log back in to see the changes. 5. Click Close to close the Users dialog box. Removing roles and areas of responsibility from a user account To remove roles and AORs from an existing user account, complete the following steps. 1.
PAGE 194
6 User accounts Enabling a user account To re-activate a user account, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the disabled user account you want to enable in the Users table and click Enable. 3. Click Yes on the confirmation message. 4. Click Close to close the Users dialog box. Deleting a user account NOTE You cannot delete the default "Administrator" user account.
PAGE 195
Roles 6 Roles NOTE You must have User Management Read and Write privileges to view, add, modify, or delete roles. A role is a group of Management application tasks or privileges that can be assigned to several users who have similar functions. When you create a role, it immediately becomes available in the Users dialog box. Creating a new role To create a new role, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Click Add under the Roles table.
PAGE 196
6 Roles 6. Click OK to save the new role and close the Add Role dialog box. The new role displays in the Roles list of the Users dialog box. To add users to this role, follow the instructions in “Assigning roles and areas of responsibility to a user account” on page 144. 7. Click Close to close the Users dialog box Editing a role To make changes to an existing role, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2.
PAGE 197
Roles 6 Deleting a role To delete a role, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the role you want to delete in the Roles table and click Delete. 3. Click Yes on the confirmation message. 4. Click Close to close the Users dialog box. Adding privileges to a role Each option under the Management application main menu corresponds to a privilege.
PAGE 198
6 Areas of responsibility Removing privileges from a role You remove privileges from the Edit or Duplicate Users dialog boxes. To remove privileges from role, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the role you want to edit in the Roles table and click Edit or Duplicate under the Roles table. The Edit Roles or Duplicate Roles dialog box displays. 3.
PAGE 199
Areas of responsibility 6 Creating an AOR When creating an AOR, you assign devices or groups to that AOR. After you save the AOR, it can be assigned to one or more user account. Users of those accounts can then view the devices or groups in their assigned AOR. Users can deploy configurations and payloads only to devices in assigned AORs. When you create an AOR, it immediately becomes available in the Users dialog box. To create an AOR, complete the following steps. 1. Select Server > Users.
PAGE 200
6 Areas of responsibility Editing an AOR NOTE You cannot edit system AORs. To make changes to an existing AOR, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the AOR you want to edit in the AOR table and click Edit. The Edit AOR dialog box displays. 3. Complete step 3 through step 5 in “Creating an AOR” on page 151. 4. Click OK to save the AOR and close the Edit AOR dialog box.
PAGE 201
Areas of responsibility 6 Deleting an AOR NOTE You cannot delete system AORs. To delete an AOR, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Select the AOR you want to delete in the AOR table and click Delete. 3. Click Yes on the confirmation message. 4. Click Close to close the Users dialog box. Assigning products to an AOR You can assign fabricsand hosts to an AOR from the Add, Edit, or Duplicate AOR dialog box.
PAGE 202
6 Password policies 3. In the Selected Products table, select the products or groups you want to remove and click the left arrow button. Select multiple products or groups by holding down the CTRL key and clicking more than one item. 4. Click OK to save your work. 5. Click Close to close the Users dialog box. Password policies NOTE You must have User Management Read and Write privileges to configure password policy. Passwords are an important aspect of computer security.
PAGE 203
Password policies b. 6 Enter the minimum password length in the Minimum Length field. Only enabled when the Empty Password - Allow check box is clear. Valid values are 4 through 127. The default is 8. c. Enter the minimum number of uppercase characters required in the Upper Case Characters field. Only enabled when the Empty Password - Allow check box is clear. Valid values are 0 through 127. The default is 0. d.
PAGE 204
6 Password policies 7. Configure the password login policy by completing the following steps. a. Select Concurrent Login or Single Login from the Login Mode list. Single Login allows only one user to login at a time. If you selected Single Login, continue with step b. Concurrent Login allows multiple users to login at the same time. If you selected Concurrent Login, go to step 8. b. Select Reject New Sessions or Logout Existing Sessions from the Action list. 8.
PAGE 205
LDAP authorization on the Management server 6 LDAP authorization on the Management server NOTE You must have User Management Read and Write privileges to map roles and AORs to Active Directory (AD) groups. NOTE You must configure an LDAP server as the primary authentication server and set LDAP Authorization as the authorization preference (refer to “Configuring LDAP server authentication” on page 297).
PAGE 206
6 LDAP authorization on the Management server Removing roles and AORs from an AD group To remove roles and AORs from an AD group, complete the following steps. 1. Select Server > Users. The Users dialog box displays. 2. Click the LDAP Authorization tab. 3. Select the roles and AORs you want to remove in the Active Directory Groups table. Select multiple roles and AORs by holding down the CTRL key and clicking more than one role and AOR. 4. Click the left arrow button.
PAGE 207
LDAP authorization on the Management server 6 Deleting an AD group Deleting an AD group deletes the roles and AORs assigned to the group and removes the group from the Active Directory Groups table. To delete an AD group, complete the following steps. 1. Select one or more AD groups that you want to delete from the Active Directory Groups table. 2. Click Delete. 3. Click Yes on the confirmation message. 4. Click OK on the deletion successful message. 5. Click OK to save your work.
PAGE 208
6 LDAP authorization on the Management server Defining user accounts on the external LDAP server If you configure the external LDAP server as the primary authentication server in the server management console, you must define roles and AORs in the external LDAP server to match the Management application roles and AORs. Configuring roles and AORs on the external LDAP server Open the Management console on the Active Directory installed server and complete the following steps. 1. Select Start > Run. 2.
PAGE 209
User profiles 6 Configuring authorization details on the external LDAP server Open the ADSI Edit dialog box on the Active Directory installed server. 1. Select Start > Run. 2. Type adsiedit.msc and press Enter. 3. Right-click CN=User_Name in the CN=Users directory and select Properties. Where User_Name is the name of the user you created in “Creating an AD user account” on page 159. 4. Select NmAors in the Attributes list and click Edit. 5.
PAGE 210
6 User profiles • Full Name — Displays the name if entered while adding a user; otherwise, this field is blank. • Password — Displays your password as dots (.). If the password policy is configured for an empty password, this field is blank. To change your password, refer to “Changing your password” on page 163. • Confirm Password — Displays your password as dots (.). If the password policy is configured for an empty password, this field is blank.
PAGE 211
User profiles 7. 6 Click Filter to set up basic event filters. For step-by-step instructions about setting up basic event filters, refer to “Setting up basic event filtering” on page 975. 8. Change your e-mail, text message, or page address in the E-mail Address field. Enter more than one e-mail address, separating each with a semi-colon. To send a text message or page via e-mail, use the following format number@carrier.com, where number is your phone number and carrier.com is the SMS server.
PAGE 212
6 User profiles • Minimum Length—The minimum length allowed for the password. • Upper Case Characters—The minimum number of uppercase characters required in the password. • Lower Case Characters—The minimum number of lowercase characters required in the password. • Number of Digits—The minimum number of digits required in the password. • Punctuation Required—The minimum number of punctuation characters required in the password.
PAGE 213
User profiles 6 4. Enter your e-mail, text message, or page address in the E-mail Address field. Enter more than one e-mail address, separating each with a semi-colon. To send a text message or page via e-mail, use the following format number@carrier.com, where number is your phone number and carrier.com is the SMS server. For example, 3035551212@txt.att.net (text message) or 3035551212@page.att.net (page). NOTE Check with your carrier for the exact e-mail address. 5.
PAGE 214
6 166 User profiles Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 215
Chapter 7 Call Home In this chapter • About Call Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing Call Home configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Showing a Call Home center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Hiding a Call Home center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Editing a Call Home center . . . . . . . . . . . . . . .
PAGE 216
7 About Call Home About Call Home NOTE Call Home is supported on Windows systems for all modem and e-mail Call Home centers and is supported on UNIX for the e-mail Call Home centers. Call Home notification allows you to configure the Management application server to automatically send an e-mail alert or dial in to a support center to report system problems on specified devices (Fabric OS switches, routers, and directors).
PAGE 217
Viewing Call Home configurations 7 Call Home allows you to perform the following tasks: • • • • • Assign devices to and remove devices from the Call Home centers. Define filters from the list of events generated by Fabric OS devices. Edit and remove filters available in the Call Home Event Filters table. Apply filters to and remove filters from the devices individually or in groups. Edit individual Call Home center parameters to dial a specified phone number or e-mail a specific recipient.
PAGE 218
7 Viewing Call Home configurations • Products List — Displays all discovered products. The list allows for multiple selections and manual sorting of columns. This list displays the following information:        Product Icon — The status of the products’ manageability. Name — The name of the product. IP Address — The IP address (IPv4 or IPv6 format) of the product. Node WWN — The node world wide name of the product. Fabric Name — The name of the fabric. Vendor — The vendor ID of the product.
PAGE 219
Viewing Call Home configurations 7 • Call Home Centers list — The Call Home centers, products assigned to the Call Home centers, and event filters assigned to the Call Home centers and products. This list displays the following information:         Centers — A tree with Call Home centers as the parent node, assigned products as subnodes, and event filters as the child node to the assigned products.
PAGE 220
7 Showing a Call Home center Showing a Call Home center To show a Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Click Show/Hide Centers (beneath the Call Home Centers list). The Centers dialog box displays with a predefined list of Call Home centers (Figure 51). FIGURE 51 Centers dialog box 3. Select the check boxes of the Call Home centers you want to display. Clear the check box to hide the Call Home center.
PAGE 221
Editing a Call Home center 7 Editing a Call Home center To edit a Call Home center, select from the following procedures: • Editing the IBM Call Home center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Editing an e-mail Call Home center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Editing the EMC Call Home center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Editing the HP LAN Call Home center. . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 222
7 Editing a Call Home center 8. Enter how often you want to retry the heartbeat interval in the Retry Interval field. The default is 10 seconds. 9. Enter the maximum number of retries in the Maximum Retries field. The default is 3. 10. Enter the primary phone number or extension of the Call Home center in the Call Home Center - Primary Connection field. 11. Enter the backup phone number or extension of the Call Home center in the Call Home Center - Backup Connection field. 12.
PAGE 223
Editing a Call Home center FIGURE 53 7 Configure Call Home Center dialog box (Brocade, IBM, NetApp, or Oracle E-mail option) 4. Make sure the Call Home center type you selected displays in the Call Home Centers list. If the Call Home center type is incorrect, select the correct type from the list. 5. Select the Enable check box to enable this Call Home center. 6. Enter your contact name in the Customer Details - Name field. 7. Enter your company name in the Customer Details - Company field. 8.
PAGE 224
7 Editing a Call Home center 16. Enter an e-mail address in the E-mail Notification Settings - Send To Address field. For Brocade E-mail Call Home centers, enter callhomeemail@brocade.com. 17. Click Send Test to test the mail server. The selected Call Home center must be enabled to test the mail server. A faked event is generated and sent to the selected Call Home center. You must contact the Call Home center to verify that the event was received and in the correct format.
PAGE 225
Editing a Call Home center - Source — Details about the product. Includes the following data:                    -     Event Time Event Severity Event Reason Code FRU Code/Event Type Event Description Event Data — Information about the triggered event.
PAGE 226
7 Editing a Call Home center Editing the EMC Call Home center To edit an EMC Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the EMC Call Home center you want to edit in the Call Home Centers list. 3. Click Edit Centers (beneath the Call Home Centers list). The Configure Call Home Center dialog box displays (Figure 54). FIGURE 54 Configure Call Home Center dialog box (EMC option) 4.
PAGE 227
Editing a Call Home center 7 13. Click OK. The Call Home dialog box displays with the Call Home center you edited highlighted in the Call Home Centers list. 14. Click OK to close the Call Home dialog box. Editing the HP LAN Call Home center To edit an HP LAN Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the HP LAN Call Home center you want to edit in the Call Home Centers list. 3.
PAGE 228
7 Enabling a Call Home center 8. Click Send Test to test the address. The selected Call Home center must be enabled to test the IP address. A faked event is generated and sent to the selected Call Home center. You must contact the Call Home center to verify that the event was received and in the correct format. NOTE The HP LAN Call Home alert displays the directory separation characters with a double backslash (\\) instead of a single backslash (\). 9. Click OK to close the “Test Event Sent” message.
PAGE 229
Testing the Call Home center connection 7 Testing the Call Home center connection Once you add and enable a Call Home center, you should verify that Call Home is functional. To verify Call Home center functionality, complete the following steps. 1. Select Monitor > Event Notification > Call Home. 2. Click Edit Centers (beneath the Call Home Centers list). The Configure Call Home Center dialog box displays. 3. Select the Call Home center you want to check in the Call Home Centers list. 4.
PAGE 230
7 Viewing Call Home status Viewing Call Home status You can view Call Home status from the main Management application window or from the Call Home Notification dialog box. The Management application enables you to view the Call Home status at a glance by providing a Call Home status icon on the status bar. Table 23 illustrates and describes the icons that indicate the current status of the Call Home function.
PAGE 231
Assigning a device to the Call Home center 7 Assigning a device to the Call Home center Discovered devices (switches, routers, and directors) are not assigned to a corresponding Call Home center automatically. You must manually assign each device to a Call Home center before you use Call Home. To assign a device or multiple devices to a Call Home center, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2.
PAGE 232
7 Defining an event filter 3. Click the left arrow button. A confirmation message displays. 4. Click OK. All devices assigned to the selected Call Home center display in the Products List. Any assigned filters are also removed. 5. Click OK to close the Call Home dialog box. Defining an event filter To define an event filter, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Click Add beneath the Call Home Event Filter list.
PAGE 233
Assigning an event filter to a Call Home center 7 Assigning an event filter to a Call Home center Event filters allow Call Home center users to log in to a Management server and assign specific event filters to the devices. This limits the number of unnecessary or “acknowledge” events and improves the performance and effectiveness of the Call Home center. You can only select one event filter at a time; however, you can assign the same event filter to multiple devices or Call Home centers.
PAGE 234
7 Overwriting an assigned event filter Overwriting an assigned event filter A device can only have one event filter at a time; therefore, when a new filter is applied to a device that already has a filter, you must confirm the new filter assignment. To overwrite an event filter, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Select the event filter you want to apply in the Call Home Event Filters list.
PAGE 235
Removing an event filter from a device 7 Removing an event filter from a device To remove an event filter from a device, complete the following steps. 1. Select Monitor > Event Notification > Call Home. The Call Home dialog box displays. 2. Choose one of the following options in the Call Home Centers list: • Right-click a device to which the event filter is assigned and select Remove Filter. • Select an event filter assigned to a device and click the left arrow button.
PAGE 236
7 188 Searching for an assigned event filter Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 237
Chapter 8 Dashboard Management In this chapter • Dashboard overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Dashboard widgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Performance Dashboard monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • User-defined performance monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 238
8 Dashboard overview FIGURE 56 Dashboard tab 1. Menu bar — Lists commands you can perform on the dashboard. For a list of Dashboard tab menu commands, refer to “Dashboard main menus” on page 1061. The dashboard also provides a shortcut menu to reset the dashboard back to the defaults. Reset the dashboard back to the default settings by right-clicking in the white space and selected Reset to Default. 2. Toolbar — Provides buttons that enable quick access to dialog boxes and functions.
PAGE 239
Dashboard overview 8 Dashboard toolbar The toolbar (Figure 57) is located beneath the menu bar and provides icons and buttons to perform various functions. FIGURE 57 Toolbar Depending on which dashboard you are using the toolbar contains the following buttons: 1. Dashboard list — Select one of the following to choose the dashboard you want to view. • Main Dashboard — Select to display the Dashboard tab. • Dashboard 1 — Select to display the Performance Dashboard. 2.
PAGE 240
8 Dashboard overview 3. Click the Performance tab (Figure 58). The preconfigured performance monitor widgets display. You can create up to 100 performance monitors; however, you can only display up to 30 performance monitors. For more information about performance monitor widgets, refer to “Performance Dashboard monitors” on page 204.
PAGE 241
Dashboard overview 8 General functions The Management application also provides the following general functions which are applicable to all widgets and monitors: • Preference persistence — Any customization you make to the Dashboard tab or Performance Dashboard are persisted in that dashboard.
PAGE 242
8 Dashboard widgets 4. Click Save. The file is saved to the location you selected. Printing the dashboard display You can print the current dashboard display (all widgets and monitors) or a selected widget or monitor. 1. Select one of the following options from the Print list: • Dashboard — Prints the entire dashboard. • Name — Prints the selected widget (where Name is the name of the widget or monitor on the dashboard). The Page Setup dialog box displays. 2. Change the page setup options, as needed. 3.
PAGE 243
Dashboard widgets 8 Bottlenecked Ports widget The Bottlenecked Ports widget (Figure 59) displays the bottlenecked port violations for the specified fabric and time range in a table. FIGURE 59 Bottlenecked Ports widget The Bottlenecked Ports widget includes the following data: • Severity icon/violation count/widget title — The color of the worst severity and the total number of ports in violation displays before the widget title.
PAGE 244
8 Dashboard widgets Customizing the Bottlenecked Ports widget You can customize the widget to display data for a specific fabric and duration. • Display data by selecting the fabric you want to monitor from the Show list. Select All Fabrics to include all managed and monitored fabrics in your AOR. The default is All Fabrics. If the fabric you select is deleted from discovery, the widget refreshes and returns to the default (All Fabrics).
PAGE 245
Dashboard widgets 8 • Range list — Use to customize this widget to display a specific time range. Options include: This Hour, Last Hour, Today, Yesterday, Last 7 Days, and Last 30 Days. • Show Syslog check box — Select to include Syslog information (default) on the Event Summary.
PAGE 246
8 Dashboard widgets • Include Syslog information (default) on the Event Summary pane by selecting the Show Syslog check box. To exclude Syslog information, clear the Show Syslog check box. Accessing additional data from the Events widget Double-click a bar in the Events widget to navigate to an event custom report (HTML) that displays the events corresponding to the event type selected. For information about report details, refer to “Fault Management” on page 973.
PAGE 247
Dashboard widgets 8 Customizing the Host Adapter Inventory widget You can customize the Host Adapter Inventory widget to display product inventory for a specific grouping. The group type and number of products in the group displays to the left of the associated bar; for example, 2.3.0.005 [3], where 2.3.0.005 is the driver number and [3] is the number of products running that driver level.
PAGE 248
8 Dashboard widgets SAN Inventory widget The SAN Inventory widget (Figure 63) displays the SAN products inventory as stacked bar graphs. FIGURE 63 SAN Inventory widget The SAN Inventory widget includes the following data: • Severity icon/product count/widget title — The color of the worst severity followed by the number of products with that severity displays before to the widget title. • Group By list — Use to customize this widget to display a specific group of products.
PAGE 249
Dashboard widgets 8 • Change the grouping by selecting one of the following from the Group By list: - Firmware — The product inventory by firmware release. - Model — The product inventory by model. - Location — The product inventory by physical location. - Contact — The product inventory by contact name. • Zoom in on an area of the widget by dragging the mouse (upper left corner to lower right corner) to select one or more bars.
PAGE 250
8 Dashboard widgets • Pie chart — The device status as a percentage of the total number of devices. The pie chart displays the percentage in various colors on each slice. Tooltips showing the number of devices in that state are shown when you pause on the slice. When there is one status category with less than one percent of the total number of devices, the status widget displays the number of devices in each category on each slice.
PAGE 251
Dashboard widgets 8 Status widget The Status widget (Figure 65) displays the number of products managed and the number of events within the selected event time range. FIGURE 65 Status widget The Status widget displays the following items for each product license: • • • • Fibre Channel Fabrics — The number of managed fabrics. SAN Switches — The number of managed SAN switches. Hosts — The number of managed hosts. Events — The number of events within the last hour.
PAGE 252
8 Performance Dashboard monitors Customizing the VM Alarms widget You can customize the VM Alarms widget to display data for a specific fabric and duration. • Display data by fabric by selecting the fabric you want to monitor from the Show list. Select All Fabrics to include all managed and monitored fabrics in your AOR. The default is All Fabrics. If the fabric you select is deleted from discovery, the widget refreshes and returns to the default (All Fabrics).
PAGE 253
Performance Dashboard monitors 8 • Top Port Encode Error Out — Table view of the encode error out measure (All SAN FC port collector) • • • • Top Port Errors — Table view of the errors measure (port error count collector) Top Port Link Failures — Table view of the top port link failues (All SAN FC port collector) Top Port Link Resets — Table view of the top port link resets (All SAN FC port collector) Top Port Sync Losses — Table view of the top port synchronization failures (All SAN FC port collector)
PAGE 254
8 Performance Dashboard monitors Top Port C3 Discards monitor The Top Port C3 Discards monitor (Figure 66) displays the top ports with Class 3 frames discarded in a table. FIGURE 66 Top Port C3 Discards monitor The Top Port C3 Discards monitor includes the following data: • • • • • • • • • • Severity icon/monitor title— The worst severity of the data shown next to the monitor title. Port — The port affected by this monitor. C3 Discards/sec — The top ports with Class 3 frames discarded in seconds.
PAGE 255
Performance Dashboard monitors 8 Top Port C3 Discards RX TO monitor The Top Port C3 Discards RX TO monitor (Figure 67) displays the top ports with receive Class 3 frames received at this port and discarded at the transmission port due to timeout in a table. FIGURE 67 Top Port C3 Discards RX TO monitor The Top Port C3 Discards RX TO monitor includes the following data: • Severity icon/monitor title— The worst severity of the data shown next to the monitor title.
PAGE 256
8 Performance Dashboard monitors • Double-click a row to navigate to the SAN Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port CRC Errors monitor The Top Port CRC Errors monitor (Figure 68) displays the top ports with frames that contain cyclic redundancy check (CRC) errors in a table.
PAGE 257
Performance Dashboard monitors 8 • Double-click a row to navigate to the SAN Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Encode Error Out monitor The Top Port Encode Error Out monitor (Figure 69) displays the top ports with encoding errors outside of frames in a table.
PAGE 258
8 Performance Dashboard monitors • Double-click a row to navigate to the SAN Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Errors monitor The Top Port Errors monitor (Figure 70) displays the top ports with receive and transmit errors in a table.
PAGE 259
Performance Dashboard monitors 8 • Double-click a row to navigate to the Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Link Failures monitor The Top Port Link Failures monitor (Figure 71) displays the top ports with link failures in a table.
PAGE 260
8 Performance Dashboard monitors • Double-click a row to navigate to the SAN Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Link Resets monitor The Top Port Link Resets monitor (Figure 72) displays the top ports with link resets in a table.
PAGE 261
Performance Dashboard monitors 8 • Double-click a row to navigate to the SAN Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Sync Losses monitor The Top Port Sync Losses monitor (Figure 72) displays the top ports with synchronization failures in a table.
PAGE 262
8 Performance Dashboard monitors • Double-click a row to navigate to the SAN Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Traffic monitor The Top Port Traffic monitor (Figure 74) displays the top ports with receive and transmit traffic in a table.
PAGE 263
Performance Dashboard monitors 8 • Double-click a row to navigate to the Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895. Top Port Utilization Percentage monitor The Top Port Utilization monitor (Figure 75) displays the top port utilization percentages in a table.
PAGE 264
8 Performance Dashboard monitors Top Product CPU Utilization monitor The Top Product CPU Utilization monitor (Figure 76) displays the top product CPU utilization percentages in a table. FIGURE 76 Top Product CPU Utilization monitor The Top Product CPU Utilization monitor includes the following data: • • • • • • • • • • • • • • • • • Severity icon/monitor title — The worst severity of the data shown next to the monitor title. Product — The product affected by this monitor.
PAGE 265
Performance Dashboard monitors 8 Accessing additional data from the Top Product CPU Utilization monitor • Right-click a row in the monitor to access the shortcut menu available for the associated device. For more information about shortcut menus, refer to “Application menus” on page 1061. • Double-click a row to navigate to the IP Historical Graphs/Tables dialog box. For more information, refer to “Performance Data” on page 895.
PAGE 266
8 Performance Dashboard monitors • Location — The location of the product. • Contact — A contact name for the product. • Refreshed — The refresh time and selected time range for the monitor. To customize the monitor to display data by a selected time frame as well as customize the display options, refer to “Editing a preconfigured performance monitor” on page 220.
PAGE 267
Performance Dashboard monitors • • • • • • • • • 8 Status — The product status (for example, Reachable). Tag — The product tag. Serial # — The serial number of the product. Model — The product model. Port Count — The number of ports on the product. Firmware — The firmware level running on the product. Location — The location of the product. Contact — A contact name for the product. Refreshed — The refresh time and selected time range for the monitor.
PAGE 268
8 Performance Dashboard monitors • • • • • • • • • • • • • • Temperature — The top temperatures. Max — The maximum value of the measure in the specified time range. Fabric — The fabric to which the device belongs. Product Type — The type of product (for example, switch). State — The product state (for example, Offline). Status — The product status (for example, Reachable). Tag — The product tag. Serial # — The serial number of the product. Model — The product model.
PAGE 269
Performance Dashboard monitors 8 • Last 12 Hours — Displays data for the previous 12 hours beginning when you launch the dashboard. • Last 24 Hours — Displays data for the previous 24 hours beginning when you launch the dashboard. 3. (Top or Bottom performance monitors only) Select the number of products to include in a selected measure by entering a number in the For Top N, Bottom N Monitors, N= field. Valid values are from 1 through 25. The default is 10. 4.
PAGE 270
8 User-defined performance monitors User-defined performance monitors The Performance Dashboard makes it easy for you to customize performance monitors specific to your needs. You can define up to 100 performance monitors; however, you can only display up to 30 performance monitors at a time. Top or bottom product performance monitors The top or bottom product performance monitors (Figure 80) display the top or bottom number of products (for example, top 10 products) for the selected measure in a table.
PAGE 271
User-defined performance monitors • • • • • 8 Port Count — The number of ports on the product. Firmware — The firmware level running on the product. Location — The location of the product. Contact — A contact name for the product. Refreshed — The refresh time and selected time range for the monitor. To configure a product performance monitor, refer to “Configuring a user-defined product performance monitor” on page 227.
PAGE 272
8 User-defined performance monitors • Measure_Type — The percentage bar of the selected measure. Depending on the selected measure, more than one Measure_Type may display. By default, ports display sorted by the Measure_Type value (Top ports sort from highest to lowest and bottom ports sort lowest to highest). Click a column head to sort the columns by that value. • • • • • • • Product — The product affected by this monitor. Type — The type of port (for example, U-Port).
PAGE 273
User-defined performance monitors 8 The distribution performance monitor includes the following data: • Monitor title — The user-defined monitor title. • Number of Products/Ports (y-axis) — The y-axis always displays a numbered range (zero to the maximum number of objects) for the products or ports affected by the selected measure. • Measure_Type (x-axis) — The x-axis display depends on the Measure_Type you selected for this monitor.
PAGE 274
8 User-defined performance monitors Accessing additional data from the Distribution monitors • Place the cursor on a bar in the graph to display the number of products included in the count for the selected bar. For example, the tooltip “(Data Item 3, 22.6-33.8) = 6” means that there are six products within the third percentage range (displays the temperatures within the percentage range) for the selected measure (product temperature).
PAGE 275
User-defined performance monitors 8 Configuring a user-defined product performance monitor 1. Select Monitor > Performance > Dashboard. The Performance Dashboard displays in a new window. 2. Click the Customize Dashboard icon. The Customize Dashboard dialog box displays. 3. Click the Performance tab. 4. Click Add. The Add Performance Dashboard Monitor dialog box displays. 5. Enter a unique title for the monitor. The title can be up to 256 characters in length. 6.
PAGE 276
8 User-defined performance monitors • Last 12 Hours — Displays data for the previous 12 hours beginning when you launch the dashboard. • Last 24 Hours — Displays data for the previous 24 hours beginning when you launch the dashboard. 9. (Top N and Bottom N monitors only) Select the number products to include in a selected measure by entering a number in the For Top N, Bottom N Monitors, N= field. Valid values are from 1 through 25. The default is 10. 10.
PAGE 277
User-defined performance monitors 8 13. (Time series monitors only) Remove targets from the monitor by selecting one or more targets in the Targets list and clicking Remove. 14. Click OK on the Add Performance Dashboard Monitor dialog box. The Customize Dashboard dialog box displays with the new monitor in the Performance Monitors list. 15. Click OK on the Customize Dashboard dialog box. The Performance Dashboard dialog box displays with the new monitors at the bottom of the dashboard.
PAGE 278
8 User-defined performance monitors 9. Click the SAN tab. 10. Select SAN targets from the Available SAN Sources list. 11. Click the right arrow button to move the targets to the Selected Sources list. 12. Select FCIP targets from the Available list. 13. Click the right arrow button to move the targets to the Selected Sources list. 14. Click OK on the Performance Dashboard Monitor Targets dialog box. The targets display in the Targets list of the Add Performance Dashboard Monitor dialog box. 15.
PAGE 279
User-defined performance monitors 8 6. Select the port measure for the monitor in the Measure area: Common • Port Utilization Percentage • Traffic • CRC Errors FC • Link Resets • Signal Losses • Sync Losses • Link Failures • Sequence Errors • Invalid Transmissions • C3 Discards • C3 Discards TX TO • C3 Discards RX TO • C3 Discards Unreachable • C3 Discards Other • Encode Error Out • SFP Power • SFP Voltage • SFP Current • SFP Temperature 7.
PAGE 280
8 User-defined performance monitors 9. (Top N, Bottom N, and Distribution monitors only) Configure the monitor to show only values greater than or less than a specified value by completing the following steps. a. Select the Show values check box. b. Select greater than or less than from the list. c. Enter a value in the field. 10. (Time series monitors only) Add targets for the monitor by clicking Add and completing the steps in “Adding targets to a user-defined performance monitor” on page 229. 11.
PAGE 281
User-defined performance monitors 8 • Measure_Type — This column depends on which measure you select for the monitor. Memory Utilization Percentage — The memory utilization percentage for the product.  CPU Utilization Percentage — The CPU utilization percentage for the product.  Temperature — The temperature in Celsius for the product.  Fan Speed — The fan speed in RPM for the product.  Response Time — The response time in seconds for the product.
PAGE 282
8 User-defined performance monitors  - Signal Losses — The number of signal failures. - C3 Discards RX TO — The number of received class 3 frames discarded due to timeout. - C3 Discards Unreachable — The number of class 3 frames discarded due to unreachable destination. - C3 Discards Other — The number of class 3 frames discarded due to other reasons. - Encode Error Out — The number of encode errors outside of the frame. 234 Sequence Errors — The number of sequence errors.
PAGE 283
User-defined performance monitors • • • • • • 8 MAC Errors — The number of MAC errors. Back Packets Received — The number of bad packets received. Tx Errors — The number of transmit errors. Product — The product affected by this monitor. Type — The type of port (for example, U-Port). Identifier — The port identifier. Port Number— The port number. State — The port state (for example, Enabled). Status — The port status (for example, Up). 3. Click Close.
PAGE 284
8 236 User-defined performance monitors Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 285
Chapter 9 View Management In this chapter • SAN tab overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Icon legend. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Customizing the main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SAN Product List customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Search . . . . . . . . . . . . . . . .
PAGE 286
9 SAN tab overview 4 6 1 2 3 5 7 8 9 11 10 12 13 FIGURE 84 Main window - SAN tab 1. Menu bar — Lists commands you can perform on the SAN tab. Some menu items display as disabled unless you select the correct object from the product list or topology map. For a list of the many functions available on each menu, refer to “SAN main menus” on page 1062. 2. SAN main toolbar — Provides buttons that enable quick access to dialog boxes and functions.
PAGE 287
SAN tab overview 9 9. Connectivity Map — Displays the topology, including discovered and monitored devices and connections. For more information, refer to “Connectivity Map” on page 243. 10. Master Log — Displays all events that have occurred on the Management application. For more information, refer to “Master Log” on page 245. 11. Utilization Legend — (Trial and Licensed version only) Indicates the percentage ranges represented by the colored, dashed lines on the Connectivity Map.
PAGE 288
9 SAN tab overview View All list The View All list is located at the top left side of the window and enables you to create, copy, or edit a view, select to how to view the Product list (All Levels, Products and Ports, Products Only, or Ports Only) and to select which view you want to display in the main window. Does not display until you discover a fabric. To discover a fabric, refer to “Discovering fabrics” on page 41. 1 2 3 4 5 6 1. Create View — Select to create a new view. 2.
PAGE 289
SAN tab overview 9 Port Display buttons The Port Display buttons are located at the top right of the Product List and enable you to configure how ports display. You have the option of viewing connected (or occupied) product ports, unoccupied product ports, or attached ports. Not enabled until you discover a fabric or host. NOTE Occupied/connected ports are those that originate from a device, such as a switch. Attached ports are ports of the target devices that are connected to the originating device.
PAGE 290
9 SAN tab overview Product List The Product List, located on the SAN tab, displays an inventory of all discovered devices and ports. The Product List is a quick way to look up product and port information, including serial numbers and IP addresses. To display the Product List, select View > Show Panels > Product List or press F9. You can edit information in the Product List by double-clicking in a field marked with a green triangle. You can sort the Product List by clicking a column heading.
PAGE 291
SAN tab overview • • • • • 9 Symbolic Name — Displays the symbolic name for the port. TAG — Displays the tag number of the product. Vendor — Displays the name of the product’s vendor. WWN — Displays the world wide name of the product or port. Zone Alias — Displays the zone alias of the product or port. Product List functions • Customize — Customize the Product list. For more information, refer to “SAN Product List customization” on page 257. • Sort — Click a column head to sort the list.
PAGE 292
9 SAN tab overview Connectivity Map functions • Two-way selection — When you select an icon on the Topology Map, that device is highlighted in the Product List and vice versa. • • • • Device double-click — Double-click a device to launch Web Tools for the selected device. Zoom In/Zoom Out — Click the appropriate button to zoom in or out on the Topology Map. Tool tips — Mouse over a device or connection to view information. Right-click menus — Right-click a device to view the menu.
PAGE 293
SAN tab overview 9 Master Log The Master Log, which displays in the lower left area of the main window, lists the events and alerts that have occurred on the SAN. If you do not see the Master Log, select View > Show Panels > All Panels or press F5. You can sort the Master Log by clicking a column heading. By default, the Master Log is sorted by the Last Event Server Time column. To filter information in the Master Log, refer to “Filtering events in the Master Log” on page 1037.
PAGE 294
9 SAN tab overview Minimap The Minimap, which displays in the lower right corner of the main window, is useful for getting a bird’s-eye view of the topology, or to quickly jump to a specific place on the topology. To jump to a specific location on the topology, click that area on the Minimap. A close-up view of the selected location displays on the topology. Use the Minimap to view the entire topology and to navigate more detailed map views. This feature is especially useful if you have a large topology.
PAGE 295
SAN tab overview 9 Status bar The status bar displays at the bottom of the main window. The status bar provides a variety of information about the SAN and the application. The icons on the status bar change to reflect different information, such as the current status of products, fabrics, and backup. FIGURE 91 Status Bar The icons on your status bar will vary based on the licensed features on your system. 1. Connection Status — Displays the Server-Client connection status.
PAGE 296
9 Icon legend 10. Call-Home Status — (Trial and Licensed version only) Displays a call home status icon when one or more product are discovered, which allows you to determine the current call home status. Click to launch the Call Home Notification dialog box. For more information about Call Home status and icons, refer to “Viewing Call Home status” on page 182. 11. Server Name — Displays the name of the Server to which you are connected. Click to launch the Server Properties dialog box.
PAGE 297
Icon legend 9 Host product icons The following table lists the manageable Host product icons that display on the topology. Fabric OS manageable devices display with blue icons. Unmanageable devices display with gray icons. Some of the icons shown only display when certain features are licensed.
PAGE 298
9 Icon legend Host group icons The following table lists the manageable Host product group icons that display on the topology. TABLE 33 Icon Description Icon Description Host Group SAN port icons The following table lists the port icons that display in the Product List.
PAGE 299
Icon legend 9 TABLE 35 Icon Status Down/Failed Routed In Routed Out Unknown/Link Down Unreachable Event icons The following table lists the event icons that display on the topology and Master Log. For more information about events, refer to “Fault Management” on page 973.
PAGE 300
9 Customizing the main window Customizing the main window You can customize the main window to display only the data you need by displaying different levels of detail on the Connectivity Map (topology) or Product List. Zooming in and out of the Connectivity Map You can zoom in or out of the Connectivity Map to see products and ports. Zooming in To zoom in on the Connectivity Map, use one of the following methods: • Click the zoom-in icon ( ) on the Connectivity Map toolbar.
PAGE 301
Customizing the main window 9 Showing levels of detail on the Connectivity Map You can configure different levels of detail on the Connectivity Map, making device management easier. Viewing fabrics To view only fabrics, without seeing groups, products, or ports, select View > Show> Fabrics Only. Viewing groups To view only groups and fabrics, without seeing products, or ports, select View > Show> Groups Only. Viewing products To view products, groups, and fabrics, select View > Show> All Products.
PAGE 302
9 Customizing the main window • • • • Export information from the table Search for information Expand the table to view all information Collapse the table Displaying columns To only display specific columns, complete the following steps. 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays. FIGURE 93 Customize Columns dialog box 2. Choose from the following options: • Select the check box to display a column.
PAGE 303
Customizing the main window 9 Changing the order of columns To change the order in which columns display, choose from one of the following options. Rearrange columns in a table by dragging and dropping the column to a new location. OR 1. Right-click anywhere in the table and select Customize or Table > Customize. The Customize Columns dialog box displays. 2. Select the name of the column you want to move and use the Move Up button and Move Down button to move it to a new location. 3. Click OK.
PAGE 304
9 Customizing the main window Exporting table information You can export the entire table or a specific row to a text file. 1. Choose from one of the following options: • Right-click anywhere in the table and select Table > Export Table. • Select the table row that you want to export and select Table > Export Row. The Save table to a tab delimited file dialog box displays. 2. Browse to the location where you want to save the file. 3. Enter the file name in the File Name field. 4. Click Save.
PAGE 305
SAN Product List customization 9 SAN Product List customization You can customize the Product List on the SAN tab to display only the data you need by adding, editing, and deleting property labels. You can also edit property fields to change information. Adding a property label You can add a new column to the Product List. To add a new field, complete the following steps. 1. Right-click any column heading on the Product List and select Add Column. The Add Property dialog box displays. 2.
PAGE 306
9 Search Search You can search for a objects by text or regular expression. • Text—Enter a text string in the search text box. This search is case sensitive. For example, if you are searching for a device in the Product List, you can enter the first five characters in a device name. All products in the Product List that contain the search text display highlighted. • Regular Expression—Enter a Unicode regular expression in the search text box. (For hints, refer to “Regular Expressions” on page 1133.
PAGE 307
Search 9 2. Choose one of the following options: • Select Text from the search list and enter a text string in the search text box. This search is case sensitive. • Select Regular Expression from the search list and enter a Unicode regular expression in the search text box. This search is case insensitive 3. Press Enter or click the search icon. The search results display highlighted.
PAGE 308
9 SAN view management overview 2. Enter your search criteria in the search field. • Text—Enter a text string in the search text box. This search is case sensitive. For example, you can enter the first five characters in a device name. All products in the Product List that contain the search text display highlighted. • Regular Expression—Enter a Unicode regular expression in the search text box. (For hints, refer to “Regular Expressions” on page 1133.
PAGE 309
SAN view management overview 9 1. Select View > Manage View > Create View. The Create View dialog box displays. FIGURE 95 Create View dialog box - Fabrics tab 2. Enter a name (128-character maximum) in the Name field and a description (126-character maximum) in the Description field for the view. NOTE You cannot use the name “View” or “View All” in the Name field. NOTE You cannot use an existing name in the Name field. 3. Click the Fabrics tab. 4.
PAGE 310
9 SAN view management overview 6. In the Available Hosts table, select the hosts you want to include in the view and click the right arrow button to move your selections to the Selected Fabrics and Hosts table. The Available Hosts table displays the name, IP address, network address of the available hosts and the fabric in which the host is located. If this table is blank, it may be because all hosts have been selected and are displayed in the Selected Fabrics and Hosts table.
PAGE 311
SAN view management overview FIGURE 98 9 Edit View dialog box - Hosts tab 5. In the Available Hosts table, select the fabrics you want to include in the view and use the right arrow button to move your selections to the Selected Fabrics and Hosts table. The Available Hosts table displays the name, IP address, network address of the available hosts and the fabric in which the host is located.
PAGE 312
9 SAN view management overview Copying a view To copy a customized view, use the following procedure. 1. Use one of the following methods to open the Copy View dialog box: • Select View > Manage View > Copy View > View_Name. • Select Copy View from the View All list. The View All list does not display until you discover a fabric or host. The Copy View dialog box displays the name of the view you are copying. FIGURE 99 Copy View dialog box 2.
PAGE 313
SAN topology layout 7. 9 Click OK to save your changes and close the Copy View dialog box. NOTE When you open a new view, the SAN tab displays with a gray screen over the Product List and Topology Map while data is loading. 8. Verify that the copied view displays on the main window of the Management application.
PAGE 314
9 SAN topology layout • Port Display. Select to configure how ports display. - Occupied Product Ports. Select to display the ports of the devices in the fabrics (present in the Connectivity Map) that are connected to other devices. - UnOccupied Product Ports. Select to display the ports of the devices (shown in the Connectivity Map) that are not connected to any other device. - Attached Ports. Select to display the attached ports of the target devices. Switch to Switch Connections.
PAGE 315
SAN topology layout 9 • Square. Select to display the device icons in a square configuration. Default for Host and Storage groups. • Vertical. Select to display the device icons vertically. • Horizontal. Select to display the device icons horizontally. • Most Connected at Center. Select to display the node that has the most connections at the center of the topology. • Directional. Select to display the internal nodes in a position where they mirror the external groups to which they are connected. 3.
PAGE 316
9 SAN topology layout FIGURE 101 Choose a background color dialog box 3. Select a color from the swatches tab and click OK. • To specify a color based on hue, saturation, and value, click the HSV tab. Specify the hue (0 to 359 degrees), saturation (0 to 100%), value (0 to 100%), and transparency (0 to 100%). • To specify a color based on hue, saturation, and lightness, click the HSL tab. Specify the hue (0 to 360 degrees), saturation (0 to 100%), lightness (0 to 100%), and transparency (0 to 100%).
PAGE 317
SAN topology layout 9 Changing the product label To change the product label, complete the following steps. 1. Select a product in the Connectivity Map or Product List. 2. Select View > Product Label, and select one of the following options: • • • • • Name (Product). Displays the product name as the product label. WWN. Displays the world wide name as the product label. IP Address. Displays the IP address as the product label. Domain ID. Displays the domain ID as the product label. Zone Alias.
PAGE 318
9 Grouping on the topology 2. Repeat step 1 to select more than one port display option. Grouping on the topology To simplify management, devices display in groups. Groups are shown with background shading and are labeled appropriately. You can expand and collapse groups to easily view a large topology. Collapsing groups To collapse a single group on the topology, choose one of the following options: • Click the icon at the top right-hand corner of the group on the topology ( ).
PAGE 319
Grouping on the topology 9 Configuring custom connections NOTE Active zones must be available on the fabric. To create a display of the connected end devices participating in a single zone or group of zones, complete the following steps. 1. Select a fabric on the topology and select View > Connected End Devices > Custom. The Connected End Devices - Custom display for Fabric dialog box displays with a list of devices participating in a single zone or a group of zones in the Zones in Fabric list. 2.
PAGE 320
9 272 Grouping on the topology Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 321
Chapter 10 Third-party tools In this chapter • About third-party tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Starting third-party tools from the application . . . . . . . . . . . . . . . . . . . . . . • Launching a Telnet session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Launching an Element Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Launching Web Tools. . . . . . . . . . . . . . . . . . . .
PAGE 322
10 Starting third-party tools from the application Starting third-party tools from the application You can open third-party tools from the Tools menu or a device’s shortcut menu. Remember that you cannot open a tool that is not installed on your computer. You must install the tool on your computer and add the tool to the Tools menu or the device’s shortcut menu. NOTE Installing tools is only available with the Trial and Licensed version versions. To open an application, complete the following steps. 1.
PAGE 323
Launching an Element Manager 10 Launching an Element Manager Element Managers are used to manage Fibre Channel switches and directors. You can open a device’s Element Manager directly from the application. To launch a device’s Element Manager, complete the following steps. On the Connectivity Map, double-click the device you want to manage. The Element Manager displays. OR On the Connectivity Map, right-click the device you want to manage and select Element Manager > Hardware.
PAGE 324
10 Launching FCR configuration OR 1. Select a Fabric OS device. 2. Select Configure > Element Manager > Hardware. Web Tools displays. OR 1. Select a Fabric OS device. 2. Click the Element Manager icon on the toolbar. Web Tools displays. NOTE When you close the Management application client, any Web Tools instance launched from the clients closes as well.
PAGE 325
Launching Name Server 10 1. Select a Fabric OS device. 2. Select Configure > Element Manager > Router Admin. The FC Routing module displays. NOTE When you close the Management application client, any Web Tools instance launched from the clients closes as well. Launching Name Server Use Name Server to view entries in the Simple Name Server database. You can open the Name Server module directly from the Management application.
PAGE 326
10 Launching HCM Agent Launching HCM Agent Use Fabric OS HCM Agent to enable and manage Fabric OS HBAs. You can open HCM Agent directly from the application. For more information about HCM Agent, refer to the HCM Agent Administrator’s Guide. For more information about Fabric OS HBAs, refer to the documentation for the specific device. To launch a Fabric OS HBA’s Element Manager, complete the following steps.
PAGE 327
Adding a tool 10 OR 1. Select a Fabric OS device. 2. Select Monitor > Fabric Watch > Configure. Fabric Watch displays. Adding a tool You can specify third-party tools so they appear on the Setup Tools dialog box. From there, you can add them to the Tools menu and then open the tools directly from the Management application. To add a tool, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Tools Menu tab. 3. Click Define.
PAGE 328
10 Entering the server IP address of a tool Entering the server IP address of a tool If the third-party tool is a web-based application, you must enter the IP address of the applications server as a parameter to be able to open the application. To enter the server IP address, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Tools Menu tab.
PAGE 329
Adding an option to the Tools menu 10 FIGURE 103 Setup Tools dialog box (Tools menu tab) 3. Type a label for the option as you want it to appear on the Tools menu in the Menu Text field. 4. Select the application from the Tool list, or click Define if you want to specify a new tool. To specify a new tool, refer to “Adding a tool” on page 279. 5. (Optional) Enter parameters, such as a URL, in the Parameters field. 6. (Optional) Select a keyboard shortcut in the Keystroke list.
PAGE 330
10 Changing an option on the Tools menu Changing an option on the Tools menu You can edit parameters for third-party tools that display on the Tools menu. To edit a option to the tools menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Tools Menu tab. The Tool Menu Items table displays all configured tools, including the tool name as it displays on the Tools menu, parameters, and keystroke shortcuts. 3.
PAGE 331
Adding an option to a device’s shortcut menu 10 Adding an option to a device’s shortcut menu You can add an option to a device’s shortcut menu. To add an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Product Menu tab. The Product Popup Menu Items table displays all configured shortcut menu options. 3. Type or select the text in the Menu Text list as you want it to appear on the menu. 4.
PAGE 332
10 Changing an option on a device’s shortcut menu Changing an option on a device’s shortcut menu You can change the parameters for a tool that displays on a device’s shortcut menu. To edit an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Product Menu tab. The Product Popup Menu Items table displays all configured shortcut menu options. 3.
PAGE 333
Removing an option from a device’s shortcut menu 10 Removing an option from a device’s shortcut menu You can remove a tool that displays on a device’s shortcut menu. To remove an option to the device’s shortcut menu, complete the following steps. 1. Select Tools > Setup. The Setup Tools dialog box displays. 2. Click the Product Menu tab. The Product Popup Menu Items table displays all configured menu options. 3. Select the menu item you want to remove in the Product Popup Menu Items table. 4.
PAGE 334
10 Microsoft System Center Operations Manager (SCOM) plug-in SCOM plug-in requirements • Make sure you import the Management application management pack (Management_Application_Name.FabricView.xml) to the SCOM Server prior to registering the SCOM Plug-in. The management pack is located in the following directory on the DVD scom/OEM_Name. • Make sure the Management application server host is managed by the SCOM Server in agent managed mode.
PAGE 335
Microsoft System Center Operations Manager (SCOM) plug-in 10 3. Edit the domain name in the Domain field. 4. Enter your user ID and password. 5. Click OK. 6. Click Close. Removing a SCOM server To configure the SCOM plug-in, complete the following steps. 1. Select Tools > Plug-in for SCOM. The Plug-in for SCOM dialog box displays. 2. Select the SCOM server you want to delete in the SCOM Servers table. 3. Click Remove. 4. Click OK on the confirmation message. 5. Click Close.
PAGE 336
10 288 Microsoft System Center Operations Manager (SCOM) plug-in Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 337
Chapter 11 Server Management Console In this chapter • Server Management Console overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Services tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Ports tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • AAA Settings tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Restore tab. . . .
PAGE 338
11 Services tab Launching the SMC on Linux NOTE The Server Management Console is a graphical user interface and should be launched from the XConsole on Linux systems. Perform the following steps to launch the Server Management Console on Linux systems. 1. On the Management application server, go to the following directory: Install_Directory/bin 2. Type the following at the command line: .
PAGE 339
Services tab 11 3. Review the following information for each available service. • • • • Name—The name of the server; for example, FTP Server or Database Server. Process Name—The name of the process; for example, postgres.exe (Database Server). Status—The status of the service; for example, started or stopped. Start Time—The date and time the service started. The Start Time for Service Location Protocol displays as ‘Not Available’. 4. Click Close to close the Server Management Console.
PAGE 340
11 Services tab Starting all services NOTE The Start button restarts running services in addition to starting stopped services which causes client-server disconnect. To start all services, complete the following steps. 1. Launch the Server Management Console. 2. Click the Services tab. 3. Click Start to start all services. NOTE If the server is configured to use an external FTP server, the Server Management Console does not attempt to start the built-in FTP service. 4.
PAGE 341
Ports tab 11 6. Select the database user name for which you want to change the password in the User Name field. Options include dcmadmin and dcmuser. Changing the dcmadmin password requires all Management application services, except for the database server, to be stopped and then re-started. Changing the dcmuser password requires all ODBC remote client sessions to be restarted. 7. Enter your current password in the Old Password field. 8.
PAGE 342
11 AAA Settings tab AAA Settings tab Authentication enables you to configure an authentication server and establish authentication policies. You can configure the Management application to authenticate users against the local database (Management application server), an external server (RADIUS, LDAP, or TACACS+), or a switch. Authentication is configured to the local database by default.
PAGE 343
AAA Settings tab 11 1. Select the AAA Settings tab (Figure 105). FIGURE 105 AAA Settings tab 2. Select Radius Server from the Primary Authentication list. 3. Add or edit a Radius server by referring to “Configuring a Radius server” on page 296. 4. Rearrange the Radius servers in the table by selecting a server and click the Up or Down button to move it. 5. Delete a Radius server by selecting the server and click Delete. 6. Test the established active connection with the Radius server by clicking Test.
PAGE 344
11 AAA Settings tab Configuring a Radius server To add or edit a Radius server, complete the following steps. 1. Choose one of the following options from the AAA Settings tab: • Click Add. • Select an existing Radius server and click Edit. The Add or Edit Radius Server dialog box displays (Figure 106). FIGURE 106 Add or Edit Radius Server 2. Enter the radius server’s IP address in the IP Address field. 3. Enter the TCP port, if necessary, used by the Radius server in the TCP Port field. Default is 1812.
PAGE 345
AAA Settings tab 11 Configuring LDAP server authentication NOTE You cannot configure multiple Active Directory groups (domains) for the LDAP server. NOTE You cannot enter Domain\User_Name in the Management application dialog box for LDAP server authentication. If you are using an LDAP server for authentication, make the following preparations first: • Make sure that the LDAP server you want to use is on the network that the Management application manages. • Have the IP address of the server available.
PAGE 346
11 AAA Settings tab FIGURE 107 AAA Settings tab - LDAP server If you configure the external LDAP server as the primary authentication server, make the following preparations first: • Make sure that the external LDAP server and its user accounts have been properly configured (refer to “Creating an AD user account” on page 159). For example, you must define roles and areas of responsibility (AOR) in the external server to match the Management application roles and AOR.
PAGE 347
AAA Settings tab 7. 11 Enter your user name and password and click OK. Test attempts to contact the LDAP server by issuing a ping command and verifies the following: • Verifies connections to the LDAP Server • Verifies authentication with the LDAP Server • Verifies user privileges on the Local database 8. Set secondary authentication by selecting one of the following options from the Secondary Authentication list: • Local Database • None 9.
PAGE 348
11 AAA Settings tab Configuring an LDAP server To add or edit a LDAP server, complete the following steps. 1. Select the AAA Settings tab. 2. Select LDAP Server from the Primary Authentication list. 3. Choose one of the following options: • Click Add. • Select an existing LDAP server and click Edit. The Add or Edit LDAP Server dialog box displays (Figure 108). FIGURE 108 Add or Edit LDAP server 4. Enter the LDAP server’s hostname in the Network address field.
PAGE 349
AAA Settings tab 11 Configuring TACACS+ server authentication If you are using a TACACS+ server for authentication, make the following preparations first: • Make sure that the server you want to use is on the network that the Management application manages. • Make sure that the external server and its user accounts have been properly configured. For example, you must define roles and areas of responsibility (AOR) in the external server to match the Management application roles and AOR.
PAGE 350
11 AAA Settings tab 9. Set the fall back condition to secondary authentication by selecting one of the following options from the Fail Over Option list: • TACACS+ Server Not Reachable • TACACS+ Server Authentication Failed 10. Set the authorization preference by selecting one of the following options from the Authorization Preference list: • Local Database • Primary Authentication Server 11. Click Apply to save the configuration.
PAGE 351
AAA Settings tab 11 6. Enter the number of attempts to be made to reach a server before assuming it is unreachable in the Attempts field. Default is 3 attempts. 7. Click OK to return to the AAA Settings tab. The Radius Servers and Sequence table displays the following information: • Network Address—The network address of the TACACS+ server. • TCP Port—The TCP port number of the LDAP server. • TimeOut (Sec)—The timeout value in seconds specified when sending an authentication request to the server.
PAGE 352
11 AAA Settings tab 11. Click Close to close the Server Management Console. Configuring Windows authentication Windows authentication enables you to authenticate a user account against the Windows user accounts and the Management application server when running on Windows hosts.
PAGE 353
Restore tab 11 3. Click Test. The Test Authentication dialog box displays. 4. Enter your user ID and password and click Test. Test verifies your user ID and password for the local database and verifies user privileges on the Management application server. 5. Click Apply to save the configuration. To display the authentication audit trail, refer to “Displaying the client authentication audit trail” on page 305. 6. Click Close to close the Server Management Console.
PAGE 354
11 Restore tab NOTE You cannot restore data from a higher or lower configuration (Trial or Licensed version) of the Management application. NOTE You cannot restore data from a different package of the Management application. To restore the application data files, complete the following steps. 1. Click the Services tab. 2. Stop all services. 3. Click the Restore tab (Figure 111). FIGURE 111 Restore tab 4.
PAGE 355
Technical Support Information tab 11 Technical Support Information tab The Technical Support Information tab of the SMC allows you to capture technical support information for the Management application as well as the configuration files for all switches in discovered fabrics. This information is saved in a zip file in a location that you specify. Capturing technical support information To capture technical support information, complete the following steps. 1.
PAGE 356
11 HCM Upgrade tab NOTE For Linux systems, you cannot have blank spaces in the output path (target directory). If the output path contains blank spaces, the supportShow files are not complete. 4. Click Capture. A confirmation message displays when the capture is complete. 5. Click OK. HCM Upgrade tab The HCM Upgrade tab enables you to upgrade the Management application to include a new version of HCM. Upgrading HCM on the Management server To upgrade HCM, complete the following steps. 1.
PAGE 357
Performance Data Aging tab 11 Performance Data Aging tab Performance data samples are collected at regular intervals. The Performance Data Aging tab enables you to define the performance data collection interval for product and port measures. NOTE Changes to the performance data aging option requires a server restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 12.X.X > Server Management Console).
PAGE 358
11 SMI Agent Configuration Tool • Option 2—2 years data with the following samples   Raw samples for the last 8 days 1 day granularity for last 2 years (730 samples) If you change from Option 2 to Option 1, you will lose existing performance data for the 5 minutes granularity for last 8 days (2304 samples) interval. 3. Click Apply. The Login dialog box displays. 4. Enter your user name and password in the appropriate fields and click OK.
PAGE 359
SMI Agent Configuration Tool 11 2. Click Configure SMI Agent on the Server Management Console dialog box. The Log In dialog box displays. FIGURE 115 Log In dialog box 3. Enter your username and password in the appropriate fields. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. 4.
PAGE 360
11 SMI Agent Configuration Tool Launching the SMIA configuration tool on Unix NOTE All Management application services must be running before you can log into the SMIA Configuration Tool. To start the Management application services, click Start on the Server Management Console dialog box. Perform the following steps to launch the Server Management Console on Unix systems. 1. On the Management application server, go to the following directory: Install_Directory/bin 2.
PAGE 361
SMI Agent Configuration Tool 11 Service Location Protocol (SLP) support The Management application SMI Agent uses Service Location Protocol (SLP) to allow applications to discover the existence, location, and configuration of WBEM services in enterprise networks. You do not need a WBEM client to use SLP discovery to find a WBEM Server; that is, SLP discovery might already know about the location and capabilities of the WBEM Server to which it wants to send its requests.
PAGE 362
11 SMI Agent Configuration Tool This output shows the functionalities of the Management application SMI Agent: • accepts WBEM requests over HTTP using SSL on TCP port 5989 • accepts WBEM requests over HTTP without SSL on TCP port 5988 • slptool findattrs service:wbem:https://IP_Address:Port NOTE Where IP_Address:Port is the IP address and port number that display when you use the slptool findsrvs service:wbem command.
PAGE 363
SMI Agent Configuration Tool 11 (Classinfo=0,0),(RegisteredProfilesSupported=SNIA:SMI-S,DMTF:Profile Registration,SNIA:FC HBA,DMTF:LaunchInContext,SNIA:Fan,SNIA:Fabric, SNIA:Switch,DMTF:Role Based Authorization,SNIA:Power Supply,SNIA:Sensors, SNIA:Server) SLP on UNIX systems This section describes how to verify the SLP daemon on UNIX systems. SLP file locations on UNIX systems • SLP log—Install_Home/cimom /cfg/slp.log • SLP daemon—Install_Home/cimom /cfg/slp.
PAGE 364
11 SMI Agent Configuration Tool You can statically register an application that does not dynamically register with SLP using SLPAPIs by modifying this file. For more information about these files, read the comments contained in them, or refer to http://www.openslp.org/doc/html/UsersGuide/index.html. Verifying SLP service installation and operation on Windows systems 1. Launch the Server Management Console from the Start menu. 2. Click Start to start the SLP service. 3. Open a command window. 4.
PAGE 365
SMI Agent Configuration Tool 11 Accessing Management application features To access Management application features such as, fabric and host discovery, role-based access control, application configuration and display options, server properties, as well as the application name, build, and copyright, complete the following steps. 1. Click the Home tab, if necessary. 2. Select from the following to access the feature or dialog box.
PAGE 366
11 SMI Agent Configuration Tool 1. Click the Authentication tab. FIGURE 117 Authentication tab 2. Select the Enable Client Mutual Authentication check box, as needed. If the check box is checked, CIM client mutual authentication is enabled. If the check box is clear (default), client mutual authentication is disabled. 3. Select the Enable Indication Mutual Authentication check box, as needed. If the check box is checked, indication mutual authentication is enabled.
PAGE 367
SMI Agent Configuration Tool 11 1. Click the Authentication tab. 2. Choose from one of the following options: • Select No Authentication to allow the CIM client to query the CIMOM server without providing credentials; however, note that the CIMOM server requires the Management application credentials to connect to the Management application server to retrieve the required data. To provide Management application credentials, complete the following steps. a.
PAGE 368
11 SMI Agent Configuration Tool Configuring the SMI Agent port number To configure the SMI Agent port number, complete the following steps. 1. Click the CIMOM tab. FIGURE 118 CIMOM tab 2. Select or clear the Enable SSL check box, to enable or disable SSL for the SMI Agent. NOTE Disabling SSL will disable Indication and Client Mutual Authentication. If the check box is checked (default), SSL is enabled. If the check box is clear, SSL is disabled. 3.
PAGE 369
SMI Agent Configuration Tool 11 Configuring the CIMOM Bind Network Address NOTE You must have SAN - SMI Operation Read and Write privileges to view or make changes on the CIMOM tab. For more information about privileges, refer to “User Privileges” on page 1097. To configure the network bind address, complete the following steps. 1. Click the CIMOM tab. 2. Select a network address from the IP Configuration Bind Network Address list to which you want to bind the CIMOM server.
PAGE 370
11 SMI Agent Configuration Tool 3. Click Apply. NOTE Changes on this tab take effect after the next CIMOM server restart. NOTE You can only restart the server using the Server Management Console (Start > Programs > Management_Application_Name 12.X.X > Server Management Console). 4. Click Close to close the SMIA Configuration Tool dialog box. Certificate Management tab NOTE You must have SMI Operation Read and Write privileges to view or make changes on the Certificate Management tab.
PAGE 371
SMI Agent Configuration Tool 11 2. Select the Client or Indication from the Authentication list. The appropriate certificates display in the Certificates list. 3. Enter the full path or browse to the certificate you want to import (for example, on Windows the path is C:\Certificates\cimom-indication-auth2.cer and on Linux the path is opt/Certificates/cimom-indication-auth2.cer). You can only import certificate files with the CER extension (.cer). 4.
PAGE 372
11 SMI Agent Configuration Tool 4. Click Export Server Certificate. The Save As dialog box displays. 5. Browse to the directory where you want to export the certificate. 6. Edit the certificate name in the File Name field, if necessary. 7. Click Save. 8. Click Close to close the SMIA Configuration Tool dialog box. Deleting a certificate NOTE You must have SMI Operation Read and Write privileges to view or make changes to the Certificate Management tab.
PAGE 373
SMI Agent Configuration Tool 11 1. Click the Summary tab. FIGURE 120 Summary tab 2. Review the summary. NOTE When the CIMOM server is stopped, the server configuration information does not display on the Summary tab. The following information is included in the summary. TABLE 37 Field/Component Description Client Mutual Authentication Displays whether or not the client mutual authentication is enabled or disabled for the Server Configuration and the Current Configuration.
PAGE 374
11 SMI Agent Configuration Tool TABLE 37 Field/Component Description Log Level Displays the log level for the Server Configuration and the Current Configuration. Options include the following: • 10000—Off • 1000—Severe • 900—Warning • 800—Info (default) • 700—Config • 500—Fine • 400—Finer • 300—Finest • 0—All Managed Ports Displays the number of managed ports. For more information about managed port count rules, refer to “Managed count” on page 29.
PAGE 375
Chapter 12 SAN Device Configuration In this chapter • Configuration repository management . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enhanced group management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Firmware management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Frame viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Properties customization . . . . . . . . . . .
PAGE 376
12 Configuration repository management Saving switch configurations on demand NOTE Save switch configuration is only supported on Fabric OS switches. NOTE This feature requires a Trial or Licensed version. NOTE To save switch configuration on more than one switch at a time, you must have the Enhanced Group Management license.
PAGE 377
Configuration repository management 12 3. Click the right arrow to move the selected switches to the Selected Switches table. 4. Click OK. Configuration files from the selected switches are saved to the repository. 5. (Professional only) Browse to the location where you want to save the switch configuration. 6. (Professional only) Click Save Configuration. Configuration files from the selected switches are saved to the selected location.
PAGE 378
12 Configuration repository management Scheduling a switch configuration back up NOTE This feature requires a Trial or Licensed version. NOTE The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. You can schedule a backup of one or more switch configurations. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all fabrics discovered.
PAGE 379
Configuration repository management 12 2. Click the Enable scheduled backup check box. 3. Set the Schedule parameters. These include the following: - The desired Frequency for backup operations (daily, weekly, monthly). The Day you want back up to run. If Frequency is Daily, the Day list is grayed out. If Frequency is Weekly, choices are days of the week (Sunday through Saturday). If Frequency is Monthly, choices are days of the month (1 through 31). - The Time (hour, minute) you want back up to run.
PAGE 380
12 Configuration repository management Restoring a configuration from the repository If you delete a fabric or switch from discovery, the configuration remains in the repository until you delete it manually. Stored configurations are linked to the switch WWN; therefore, if the IP address or switch name is changed and then rediscovered, the Switch Configuration Repository dialog box displays the new switch name and IP address for the old configuration.
PAGE 381
Configuration repository management 12 • Discovered — Whether the switch is discovered or not. Yes — The switch is discovered.  No — The switch was deleted from discovery. Comments — Comments regarding the switch.  • 2. Select the configuration you want to restore, and click Restore. The configuration is downloaded to the device. If necessary, the restoration process prompts you to disable and reboot the device before the configuration begins.
PAGE 382
12 Configuration repository management FIGURE 125 Configuration file content 3. Click Close to close the dialog box. 4. Click Yes on the message. Searching the configuration file content NOTE This feature requires a Trial or Licensed version. To search the configuration file content, complete the following steps. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2. Click View.
PAGE 383
Configuration repository management 12 FIGURE 126 Configuration file content 4. Click Close to close the dialog box. 5. Click Yes on the message. Deleting a configuration NOTE This feature requires a Trial or Licensed version. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2. Select the configuration you want to delete, and click Delete.
PAGE 384
12 Configuration repository management 4. Click Export. The configuration is automatically named (Device_Name_Date_and_Time) and exported to the location you selected. Importing a configuration NOTE This feature requires a Trial or Licensed version. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays. 2. Click Import. The file chooser appropriate to your operating system displays.
PAGE 385
Configuration repository management 12 3. Source Location, which allows you to select the location of the configuration you wish to replicate. For more information about the fields and components of this step, refer to Table 39 on page 337. 4. Source Configuration, which allows you to select the source switch to replicate. For more information about the fields and components of this step, refer to Table 40 on page 338. 5. Destination Switches, which allows you to select the destination switch.
PAGE 386
12 Configuration repository management TABLE 40 Step 4. Source Configuration Field/Component Description Saved Switch Configuration table (Configuration Repository only) Lists the information related to the saved switch, if you selected Configuration Repository on the Source Location screen. Backup Date/Time (Configuration Repository only) The date and time the last backup occurred on the switch. Fabric Name The name of the fabric that is associated with the selected available switch.
PAGE 387
Configuration repository management TABLE 40 12 Step 4. Source Configuration (Continued) Field/Component Description State The port state, for example, online or offline. Status The operational status of the port.; for example, unknown or marginal. Symbolic Name The symbolic name for the port. Tag The tag number of the port Vendor The hardware vendor’s name. WWN The world wide name of the source switch to be replicated. Zone Alias The zone alias.
PAGE 388
12 Configuration repository management TABLE 41 Step 5. Destination Switches (Continued) Field/Component Description Status The operational status of the port.; for example, unknown or marginal. Symbolic Name The symbolic name for the port. Tag The tag number of the port Vendor The hardware vendor’s name. WWN The world wide name of the source switch to be replicated. Zone Alias The zone alias.
PAGE 389
Configuration repository management 12 3. Select Source Switch, which allows you to select the source device of the security policy configuration you wish to replicate. For more information about the fields and components of this step, refer to Table 45 on page 341. 4. Select Destination Switches, which allows you to select the destination devices. Only devices that can accept the selected security policy configuration display.
PAGE 390
12 Configuration repository management TABLE 45 Description Port Count The total number of ports. Firmware The firmware version. Location The customer site location. Contact The primary contact at the customer site. Description A description of the customer site. State The port state, for example, online or offline. Status The operational status of the port.; for example, unknown or marginal. TABLE 46 342 Step 3. Select Source Switch (Continued) Field/Component Step 4.
PAGE 391
Enhanced group management TABLE 47 12 Step 5. Validation Field/Component Description Validation Settings table The replication settings that have been configured in previous steps; for example, the configuration type, source configuration, and destination settings. Click Finish to approve the settings. TABLE 48 Step 6.
PAGE 392
12 Firmware management Firmware management A firmware file repository (Windows systems only) is maintained on the server in the following location: C:\Program Files\Install_Directory\data\ftproot\Firmware\Switches\7.0\n.n.n\n.n.n The firmware repository is used by the internal FTP, SCP, or SFTP server that is delivered with the Management application software, and may be used by an external FTP server if it is installed on the same platform as the Management application software.
PAGE 393
Firmware management 12 FIGURE 127 Firmware download 3. Select one or more switches from the Available Switches table. The Available Switches table lists the switches that are available for firmware download. 4. Click the right arrow to move the switches to the Selected Switches table. If you selected any switches that do not support firmware download, a message displays. Click OK on the message. The switches that support firmware download display in the Selected Switches table.
PAGE 394
12 Firmware management • Select the SCP Server option to download from the external SCP server. Continue with step 7. NOTE The Management application only supports WinSSHD as the third-party Windows external SCP server. Firmware upgrade and downgrade through WinSSHD is only supported on devices running Fabric OS 6.0 or later. • Select the SFTP Server option to download from the external SFTP server. Continue with step 7.
PAGE 395
Firmware management 12 Displaying the firmware repository The firmware repository is available on the Firmware Management dialog box. The Management application supports .zip and .gz compression file types for firmware files. Initially, the firmware repository is configured to use the built-in FTP, SCP, or SFTP server. To use an external FTP server, refer to “Configuring an external FTP, SCP, or SFTP server” on page 127.
PAGE 396
12 Firmware management • Release Notes View button — Click to view the release notes, if imported, which contain information about downloading firmware. • Supported Switch Type Information table — Shows the switch type, capable switch count, and number of installed switches. You can choose one of two switch groups:   Show switch types in my resource group. Show all supported switch types. 4.
PAGE 397
Firmware management 12 6. Enter or browse to the location of the MD5 file (.md5 file type). If the MD5 checksum file is located in the same directory as the firmware file and has the same file name (with the md5 extension), this field is auto-populated. The MD5 checksum file can be obtained from the Fabric OS product download site in the same location as the firmware file.
PAGE 398
12 Frame viewer Frame viewer NOTE Frame viewer is only supported on Fabric OS devices running 7.1.0 or later. Frame viewer enables you to view a list of devices with discarded frames due to c3 timeout, destination unreachable, and not routable. You can also view a summary of discarded frames for each device and clear the discarded frame log on the device. Viewing discarded frames from a device 1. Select a Fabric OS device running 7.1.0 or later and select Monitor > Discarded Frames.
PAGE 399
Frame viewer 12 3. Select a device in the top table to view detailed data about the discarded frames on that device. • Discarded Frame History for the Selected Product table — Summary of the discarded frames for the selected device.                  Count – Number of discarded frames logged in the frame log with the same timestamp, Tx Port, Rx Port, SID, DID, SFID, and DFID. The maximum number of duplicate frames stored for any 1 second timestamp is 20.
PAGE 400
12 Frame viewer Viewing discarded frames from a port 1. Select a port on a Fabric OS device running 7.1.0 or later and select Monitor > Discarded Frames. The Discarded Frames dialog box displays. 2. Review the data for the discarded frames from the selected port. • Discarded Frame History for the Selected Product table — Summary of the discarded frames for the selected port.
PAGE 401
Properties customization 12 Clearing the discarded frame log 1. Open the Discarded Frames dialog box (refer to “Viewing discarded frames from a device” on page 350 or “Viewing discarded frames from a port” on page 352). 2. Select one of the following options: • If you are in switch view, select a device in the upper table and click Clear to clear the discarded frames from the frame log. • If you are in port view, click Clear to clear the discarded frames from the frame log. 3. Click Close.
PAGE 402
12 Properties customization Editing a property label You can edit any label that you create on the Properties dialog box. To edit any field you create, complete the following steps. 1. Right-click any product icon and select Properties. The Properties dialog box displays. 2. Select the tab on which you want to edit a property. 3. Right-click the label for the property you want to edit. 4. Select Edit. The Edit Property dialog box displays. 5. Change the label and description for the property, as needed.
PAGE 403
Ports 12 Ports You can enable and disable ports, as well as view port details, properties, type, status, and connectivity. Viewing port connectivity The connected switch and switch port information displays for all ports. To view port connectivity, choose one of the following steps: • Right-click a Fabric and select Port Connectivity. • Right-click a product icon and select Port Connectivity. • Select a product icon and select Monitor > Port Connectivity.
PAGE 404
12 Ports TABLE 49 356 Port connectivity properties (Continued) Field Description Blade Number The number of the blade. Blocked Whether the selected port is blocked. Buffer Limited Whether buffers are limited. Buffers Needed/Allocated The ratio of buffers needed relative to the number of buffers allocated. Calculated Status The operational status. There are four possible operation status values: Healthy, Down, Marginal, and Unmonitored.
PAGE 405
Ports TABLE 49 12 Port connectivity properties (Continued) Field Description Fabric / Switch Name If launched from a fabric, displays the fabric name. If launched from a switch, displays the fabric name and the switch name. FC4 Type The active FC4 type; for example, SCSI. FC Address The Fibre Channel address. Each FC port has both an address identifier and a world wide name (WWN). Filter check box / link Select to filter results from the Port Connectivity View dialog box.
PAGE 406
12 Ports TABLE 49 Port connectivity properties (Continued) Field Description Switch in Order Delivery Whether switch in-order delivery is enabled. Switch IP The switch’s IP address. Switch Port Count The number of ports on the switch. Switch Port Type The port type; for example, E-Port, F-Port, U-port, and so on. Switch Role The role of the switch; for example, subordinate. Switch Routing Policy Whether a routing policy, for example, port-based routing policy, is enabled.
PAGE 407
Ports 12 Filtering port connectivity To filter results from the port connectivity view, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box The Filter dialog box displays (Figure 132). FIGURE 132 Filter dialog box 2. Click a blank cell in the Field column to select the property from which to filter the results. 3. Click a blank cell in the Relation column to select an action operation.
PAGE 408
12 Ports Resetting the filter Reset immediately clears all existing definitions. You cannot cancel the reset. To reset the Filter dialog box, complete the following steps. 1. Click the Filter link from the Port Connectivity View dialog box. The Filter dialog box displays. 2. Click Reset. All existing definitions are cleared automatically. You cannot cancel the reset. Enabling the filter To enable the filter, select the Filter check box.
PAGE 409
Ports 12 Viewing ports To view ports on the Connectivity Map, right-click a product icon and select Show Ports. NOTE Show Ports is not applicable when the map display layout is set to Free Form (default). NOTE This feature is only available for connected products. On bridges and CNT products, only utilized Fibre Channel ports display; IP ports do not display. Port types On the Connectivity Map, right-click a switch icon and select Show Ports.
PAGE 410
12 Ports Viewing port connection properties You can view the information about products and ports on both sides of the connection. 1. Right-click the connection between two end devices on the Connectivity Map and select Properties. OR Double-click the connection between two devices on the Connectivity Map. The Connection Properties dialog box displays.
PAGE 411
Ports TABLE 51 12 Port connection properties (Continued) Field Description 2-Port Type The port type of the second switch. 2-WWPN The world wide port number of the second switch. 2-MAC Address The MAC address of the second switch. 2-IP Address The IP address of the second switch. 2-Trunk Whether there is a trunk on the second switch. 2-Speed (Gbps) The speed of the second switch. 2-Tunnel ID The tunnel ID of the second switch. 2-Circuit ID The circuit ID of the second switch.
PAGE 412
12 Ports TABLE 51 Port connection properties (Continued) Field 364 Description Long Distance Setting Whether the connection is considered to be normal or longer distance. MAC Address The MAC address of the switch. Manufacturer The name of the manufacturer. Manufacturer Plant The name of the manufacturing plant. Name The name of the switch. NPIV Enabled Whether the NPIV port is enabled. Parameter The parameter of the switch.
PAGE 413
Ports TABLE 51 12 Port connection properties (Continued) Field Description Auto VPWWN The automatically generated VPWWN. User VPWWN The user-defined VPWWN. 3. Click Close to close the dialog box. Determining inactive iSCSI devices For router-discovered iSCSI devices, you can view all of the inactive iSCSI devices in one list. To do this, use the Ports Only view and then sort the devices by FC Address. The devices that have an FC address of all zeros are inactive. 1.
PAGE 414
12 Ports 2. Review the port optics information. • Combined Status — Displays the current status of the port. NOTE Requires a 16 Gbps capable port running Fabric OS 7.0 or later. NOTE The device must have a Fabric Watch license and threshold monitoring configured for the port. For more information, refer to the Fabric Watch Administrator’s Guide.
PAGE 415
Port commissioning overview • • • • • • • • • • • • 12 FC Speed (MB/s) (Fabric OS 6.4 or earlier) — The FC port speed; for example, 400 Mbps. Distance — The length of the fiber optic cable. Vendor — The vendor of the SFP. Vendor OUI — The vendor’s organizational unique identifier (OUI). Vendor PN — The part number of the SFP. Vendor Rev — The revision number of the SFP. Serial # — The serial number of the SFP. Data Code — The data code.
PAGE 416
12 Port commissioning overview Viewing existing CIMOM servers NOTE Port commissioning is only supported on Fabric OS devices running Fabric OS 7.1 or later. Before you can decommission or recommission an F-Port, you must register the CIMOM servers within the fabric affected by the action. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 135). FIGURE 135 Port Commissioning Setup dialog box The Port Commissioning Setup dialog box has two main areas.
PAGE 417
Port commissioning overview • • • • • 12 Description — User-defined description of the system. CIMOM Port — The CIMOM port number of the system. Namespace — The namespace of the CIM_FCPort. User ID — The user identifier for the system. Status — The system connectivity status. Updates when you test the reachability of the CIMOM server and when you contact the CIMOM server to respond to the F-Port decommission or recommission request.
PAGE 418
12 Port commissioning overview 5. Enter the namespace of the CIM_FCPort in the Namespace field. The default namespace is root/cimv2. 6. (Optional) Enter a user identifier for the CIMOM server in the Credentials User ID field. The credentials user identifier cannot be over 128 characters. 7. (Optional) Enter a password in the Password field. The password cannot be over 512 characters. 8. Click the right arrow button to add the new CIMOM server and credentials to the Systems List.
PAGE 419
Port commissioning overview 12 Importing CIMOM servers and credentials You can import one or more CIMOM servers (system and credentials) using a CSV formatted file. You can import a maximum of 2,000 CIMOM servers. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 135). 2. Click Import to import CIMOM server information from a file.
PAGE 420
12 Port commissioning overview Changing CIMOM server credentials You can edit the CIMOM server credentials for one or more CIMOM servers at the same time. 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 135). 2. Select one or more CIMOM servers from the System List table and click Change Credentials. The Edit Credentials dialog box displays. If you selected one CIMOM server, the credentials for the selected server display in the dialog box.
PAGE 421
Port commissioning overview 12 Deleting CIMOM server credentials 1. Select Configure > Port Commissioning > Setup. The Port Commissioning Setup dialog box displays (Figure 135). 2. Select one or more CIMOM server from the System List table and click the left arrow button. The details for the last selected CIMOM server row displays in the Add/Edit System and Credentials area. 3.
PAGE 422
12 Port commissioning overview Recommissioning an F-Port NOTE You must configure at least one CIMOM server (refer to “Registering a CIMOM server” on page 369) before you can recommission an F-Port. Select the F-Port, then select Configure > Port Commissioning > Recommission > Port. While recommissioning is in progress, an up arrow icon displays next to the port icon in the Product List.
PAGE 423
Port commissioning overview 12 Decommissioning all ports on a switch or blade NOTE (Virtual Fabrics only) All ports on the blade must be managed by the Management application. NOTE Fabric tracking must be enabled (refer to “Enabling fabric tracking” on page 132) to maintain the decommissioned port details (such as port type, device port wwn, and so on). Do not accept changes in the Management application client. 1.
PAGE 424
12 Port commissioning overview Recommissioning all ports on a switch or blade NOTE All ports on the switch or blade must be managed by the Management application. Select the switch or logical switch for which you want to recommission all ports, then select Configure > Port Commissioning > Recommission > All F-Ports on the Switch/Blade. NOTE You can only recommission ports from the logical switch, not the physical chassis.
PAGE 425
Administrative Domain-enabled fabric support 12 Administrative Domain-enabled fabric support The Management application provides limited support for AD-enabled fabrics. An Administrative Domain (Admin Domain or AD) is a logical grouping of fabric elements that defines which switches, ports, and devices you can view and modify. An Admin Domain is a filtered administrative view of the fabric. NOTE If you do not implement Admin Domains, the feature has no impact on users and you can ignore this section.
PAGE 426
12 Administrative Domain-enabled fabric support • If you try to enable Virtual Fabrics on an AD-enabled switch, that operation fails with the following message: “Failed to enable Virtual Fabric feature for Chassis (Remove All ADs before attempting to enable VF).” • Performs performance management (including Advance Performance Monitoring and Top Talkers) data collection and reports in a physical fabric context.
PAGE 427
Administrative Domain-enabled fabric support TABLE 52 12 Feature support for AD-enabled fabrics (Continued) Feature AD context ADO AD255 Not supported All AD User interface impact Performance Management > Configure Thresholds End-to-End Monitors Clear Counters X Filters AD-enabled fabric from the Fabrics list. Port Auto Disable X Filters AD-enabled fabric from the dialog box. Port Connectivity X Disables menu for a switch in an AD-enabled fabric.
PAGE 428
12 Port Auto Disable Port Auto Disable The Port Auto Disable dialog box allows you to enable and disable the port auto disable flag on individual FC_ports or on all ports on a selected device, as well as unblock currently blocked ports.
PAGE 429
Port Auto Disable 12 FIGURE 136 Port Auto Disable dialog box 2. Select one of the following from the Show list to determine what ports to display: • • • • All Ports (default) Disabled PAD Ports Enabled PAD Ports Blocked Ports 3. Review the port status and other information: • Products/Ports tree — Displays devices and associated ports. Also, displays a Warning icon for blocked FC ports (displayed with the port icon).
PAGE 430
12 Port Auto Disable • • • • • • • • • Port Type — Displays the port type. Port Number — Displays the port number. Port WWN — Displays the port world wide name. Port Name — Displays the port name. User Port # — Displays the user port number. PID — Displays the port identifier. Connected Port # — Displays the connected port number. Connected Port WWN — Displays the connected port world wide name. Connected Port Name — Displays the connected port name. 4. Click OK on the Port Auto Disable dialog box.
PAGE 431
Port Auto Disable 7. 12 Click OK on the Configure Port Auto Disable dialog box. 8. Click OK on the Port Auto Disable dialog box. Enabling port auto disable on individual ports NOTE The device must be running Fabric OS 6.3 or later. To enable port auto disable on individual ports, complete the following steps. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to enable port auto disable (PAD) from the Fabric list. 3.
PAGE 432
12 Port Auto Disable 4. Select the device on which you want to enable PAD on all ports. 5. Click Configure. The Configure Port Auto Disable dialog box displays. 6. Select one or more of the following event types: • • • • • Port Auto Disable Loss Of Sync — Requires devices running Fabric OS 7.0 or later. Loss Of Signal — Requires devices running Fabric OS 7.0 or later. OLS (Offline Primitive Sequence) — Requires devices running Fabric OS 7.0 or later.
PAGE 433
Port Auto Disable 7. 12 Click OK on the Configure Port Auto Disable dialog box. 8. Click OK on the Port Auto Disable dialog box. Disabling port auto disable on all ports on a device NOTE The device must be running Fabric OS 6.3 or later. To disable port auto disable on all ports on a device, complete the following steps. 1. Select Configure > Port Auto Disable. The Port Auto Disable dialog box displays. 2. Select the fabric on which you want to disable port auto disable (PAD) from the Fabric list. 3.
PAGE 434
12 386 Port Auto Disable Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 435
Chapter 13 Host Port Mapping In this chapter • Host port mapping overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Creating a new Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Renaming an HBA Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Deleting an HBA Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing Host properties . . . . . . . .
PAGE 436
13 Creating a new Host Creating a new Host To create a new Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. FIGURE 137 Host Port Mapping dialog box The Host Port Mapping dialog box includes the following details: • HBAs table — All unassigned HBAs. Lists the following information for all available HBAs. You can sort the table by clicking once on any of the column titles.
PAGE 437
Renaming an HBA Host 13 Renaming an HBA Host To rename a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Click the Host you want to rename in the Hosts table, wait a moment, and then click it again. The Host displays in edit mode. 3. Type a new name for the Host. The name of the Host appears in the Hosts table in alphabetical order with the new name.
PAGE 438
13 Associating an HBA with a Host Associating an HBA with a Host ATTENTION Discovered information overwrites your user settings. To associate an HBA with a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Select the Host to which you want to assign HBAs in the Hosts table or click New Host to create a new Host. 3. Select the HBA from the HBAs table on the left and click the right arrow.
PAGE 439
Importing HBA-to-Host mapping 13 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure and well-formed WWNs, and counts number of errors. If more than 5 errors occur, import fails and a ‘maximum error count exceeded’ message displays. Edit the Host port mapping file and try again. • Checks for duplicate HBAs. If duplicates exist, a message displays with the duplicate mappings detailed.
PAGE 440
13 Removing an HBA from a Host Removing an HBA from a Host To remove an HBA from a Host, complete the following steps. 1. Right-click an HBA icon in the Fabric topology and select Host Port Mapping. The Host Port Mapping dialog box displays. 2. Select the HBA from the Hosts table on the right and click the left arrow. The HBA you selected is removed from the Hosts table and the HBA is no longer associated with the Host.
PAGE 441
Exporting Host port mapping 13 4. Browse to the location where you want to save the export file. Depending on your operating system, the default export location are as follows: • Desktop\My documents (Windows) • \root (Linux) 5. Enter a name for the files and click Save. 6. Click OK to close the Host Port Mapping dialog box.
PAGE 442
13 394 Exporting Host port mapping Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 443
Chapter 14 Storage Port Mapping In this chapter • Storage port mapping overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Creating a storage array . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Adding storage ports to a storage array. . . . . . . . . . . . . . . . . . . . . . . . . . . . • Unassigning a storage port from a storage array . . . . . . . . . . . . . . . . . . . . • Reassigning mapped storage ports . . . . . . . . . . . . . . . .
PAGE 444
14 Creating a storage array Creating a storage array To create a storage array, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays with the following information. • Storage Ports table — Lists the following information for all available storage ports. You can sort the table by clicking once on any of the column titles. Fabric Name—The fabric name.
PAGE 445
Unassigning a storage port from a storage array 14 4. Click the right arrow. The storage port is added to the Storage Array. 5. Click OK to save your work and close the Storage Port Mapping dialog box. If the storage device is part of more than one fabric, a message displays: The selected Storage_Name/Storage_WWN is part of more than one fabric. The port nodes associated with the other fabrics will automatically be moved to the storage array. Click OK to close the message.
PAGE 446
14 Editing storage array properties 6. Click the right arrow button. The storage port moves from the Storage Ports table to the selected storage array. 7. Click OK to save your work and close the Storage Port Mapping dialog box. Editing storage array properties To edit storage array properties, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays. 2.
PAGE 447
Viewing storage array properties 14 4. Review the properties. 5. Click OK on the Properties dialog box. 6. Click OK on the Storage Port Mapping dialog box. Viewing storage array properties To view storage array properties, complete the following steps. 1. Select a storage port icon in the topology view, then select Discover > Storage Port Mapping. The Storage Port Mapping dialog box displays. 2. Select a storage array from the Storage Array list. 3. Click Properties. The Properties dialog box displays.
PAGE 448
14 Importing storage port mapping 4. Click Open on the Import dialog box. The file imports, reads, and applies all changes line-by-line and performs the following: • Checks for correct file structure (first entry must be the storage node name (WWN) and second entry must be the storage array name), well formed WWNs, and counts number of errors If more than 5 errors occur, import automatically cancels. Edit the storage port mapping file and try again.
PAGE 449
Exporting storage port mapping 14 Exporting storage port mapping The Storage Port Mapping dialog box enables you to export a storage port array. The export file uses the CSV format. The first row contains the headers (Storage Node Name (WWNN), Storage Array Name) for the file. Example Storage Node Name (WWNN), Storage Array Name 20000004CFBD7100,New Storage Array 20000004CFBD896E,New Storage Array 20000037E19CED,New Storage Array To export a storage port array, complete the following steps. 1.
PAGE 450
14 402 Exporting storage port mapping Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 451
Chapter 15 Host Management In this chapter • Host management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Brocade adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • HCM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Host adapter discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • VM Manager. . . . . . . . . .
PAGE 452
15 Brocade adapters The Management application, in conjunction with HCM, provides end-to-end management capability. For information about configuring, monitoring, and managing individual adapters using the HCM GUI or the Brocade Command Utility (BCU), refer to the Adapters Administrator’s Guide.
PAGE 453
Brocade adapters 15 Converged Network Adapters Table 56 describes available Brocade Converged Network Adapters (CNAs) for PCIe x 8 host bus interfaces, hereafter referred to as Brocade CNAs. These adapters provide reliable, high-performance host connectivity for mission-critical SAN environments.
PAGE 454
15 HCM software AnyIOTM technology Although the Brocade 1860 Fabric Adapter can be shipped in a variety of small form-factor pluggable (SFP) transceiver configurations, you can change port function to the following modes using Brocade AnyIOTM technology, provided the correct SFP transceiver is installed for the port: • HBA or Fibre Channel mode—This mode utilizes the Brocade Fibre Channel storage driver. An 8 or 16 Gbps Fibre Channel SFP transceiver can be installed for the port.
PAGE 455
HCM software 15 HCM features Common HBA and CNA management software features include the following: • Discovery using the agent software running on the servers attached to the SAN, which enables you to contact the devices in your SAN. • Configuration management, which enables you to configure local and remote systems.
PAGE 456
15 Host adapter discovery Host adapter discovery The Management application enables you to discover individual hosts, import a group of hosts from a CSV file, or import host names from discovered fabrics. The maximum number of host discovery requests that can be accepted is 1000. Host discovery requires HCM Agent 2.0 or later. ESXi host adapter discovery requires the Brocade HBA CIM provider to be installed on the ESXi host.
PAGE 457
HCM and Management application support on ESXi systems 7. 15 Click OK. The VMM discovery process begins. When complete, the vCenter server and all ESX and ESXi hosts managed by that vCenter display in the Host product tree. Editing a VM Manager The fields in the Edit VM Manager dialog box are identical to the fields in the Add VM Manager dialog box except for the Network Address field, which you cannot edit. 1. Click Edit on the Discover VM Managers dialog box. The Edit VM Manager dialog box displays.
PAGE 458
15 HCM and Management application support on ESXi systems ESXi CIM listener ports The Management application server uses two CIM indication listener ports to listen for CIM indications. • HCM Proxy Service CIM Indication Listener Port—This port is used to listen for CIM indications from ESXi hosts managed through HCM instances launched by the Management application. You can learn the value of these ports through the Port Status dialog box.
PAGE 459
Connectivity map 15 3. Select CIM server (ESXi only) as the Contact option. 4. (Optional) Select HTTP or HTTPS from the Protocol list. HTTPS is the default. 5. Click OK. Connectivity map The Connectivity Map, which displays in the upper right area of the main window, is a grouped map that shows physical and logical connectivity of Fabric OS components, including discovered and monitored devices and connections. These components display as icons in the Connectivity Map.
PAGE 460
15 Adapter software If you create a new host and associate HBAs to it, and then you try to discover a host with the same HBAs using Host discovery, the HBAs discovered using host discovery must match the HBAs associated to the host exactly; otherwise, host discovery will fail. Instructions for mapping a host to HBAs are detailed in Chapter 13, “Host Port Mapping”.
PAGE 461
Adapter software 15 • Name—The name of the host. The first three digits indicate the host’s operating system; for example, WIN or LIN. • Operating System—The host operating system; for example, Microsoft Windows or Red Hat Linux. • Driver Version—The host’s current driver version. • Architecture—The host’s architecture; for example, 32-bit or 64-bit. 3. Select one or more hosts from the Selected Hosts list.
PAGE 462
15 Adapter software FIGURE 141 Driver Repository dialog box 2. Click Import on the Driver Repository dialog box. The Import Driver Repository dialog box displays. 3. Locate the driver file using one of the following methods: • Search for the file you want from the Look In list. • Enter the name of the image file you want to import in the File Name field. 4. Click Open. After the import completes, you see a message that the driver imported successfully. 5. Click OK.
PAGE 463
Adapter software 15 Importing a boot image into the repository Boot images are required for adapters that are shipped without a boot image or when it is necessary to overwrite images on adapters that contain older or corrupted boot image versions. 1. From the Management application menu bar, select Configure > Host > Adapter Software. 2. Click the Boot Image tab. The Boot Image Management dialog box, shown in Figure 142, displays.
PAGE 464
15 Adapter software 3. From the Boot Image Management dialog box, click the Repository button. The Boot Image Repository dialog box, shown in Figure 143, displays. FIGURE 143 Boot Image Repository dialog box 4. Click Import on the Boot Image Repository dialog box. 5. The Import Boot Image dialog box displays. 6. Locate the boot image file using one of the following methods: • Search for the file you want from the Look In list. Boot image files version 2.0.0.0 and 2.1.0.0 are .
PAGE 465
Adapter software 15 Downloading a boot image to a selected host To download boot images to a selected host, perform the following tasks. 1. Select one or more hosts from the Available Hosts list on the Boot Image Management dialog box, and click the right arrow button to move the selected hosts to the Selected Hosts list. You can select up to 50 hosts. The first 20 hosts execute the download concurrently.
PAGE 466
15 Bulk port configuration Bulk port configuration Use the Adapter Host Port Configuration dialog box to create and assign port-level configurations to either a single or multiple adapter ports at a time. You can save up to 50 port-level configurations. The Management application supports the following default port configurations, which you can select and assign to one port or multiple ports. You cannot edit the default configurations, but you can delete them. • • • • Default Port—The port property.
PAGE 467
Bulk port configuration 15 Adding a port configuration The Add Port Configuration dialog box allows you to create a maximum of 50 customized port configurations which you can then select and assign to ports. 1. Click Add on the Configure Host Adapter Ports dialog box. The Add Port Configuration dialog box, shown in Figure 145, displays. FIGURE 145 Add Port Configuration dialog box 2. Enter a name for the port configuration in the Configuration Name field.
PAGE 468
15 Bulk port configuration - Target Rate Limiting—Enable the Target Rate Limiting feature to minimize congestion at the adapter port. Limiting the data rate to slower targets ensures that there is no buffer-to-buffer credit back-pressure between the switch due to a slow-draining target. NOTE NOTE: Target Rate Limiting and QoS cannot be enabled at the same time.
PAGE 469
Bulk port configuration 15 • Enter the minimum allowable output bandwidth in the Min Bandwidth (Mbps) box. The minimum bandwidth is 0 Mbps. A zero value of minimum bandwidth (the default) implies that no bandwidth is guaranteed for that vNIC. • BB Credit Recovery—Enables you to enable or disable buffer-to-buffer (BB) credits, which are a flow control mechanism that represent the availability of resources at the receiving port.
PAGE 470
15 Adapter port WWN virtualization Adapter port WWN virtualization Adapter port world wide name (WWN) virtualization enables the adapter port to use a switch-assigned WWN rather than the physical port WWN for communication, allowing you to preprovision the server with the following configuration tasks: • Create the zones with the Fabric Assigned WWN (FAWWN) before the servers and devices are connected to the switches, before they are exposed to the SAN network.
PAGE 471
Adapter port WWN virtualization 15 Enabling the FAWWN feature on a switch or AG ports 1. Select Configure > Fabric Assigned WWN. or Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port from the Fabric Assigned WWN - Configuration list. 3. Click the Enable button. The selected switch’s port status is enabled. 4. Click OK. The Fabric Assigned WWN Confirmation and Status dialog box displays. 5.
PAGE 472
15 Adapter port WWN virtualization Manually assigning a FAWWN to a switch or AG port 1. Select Configure > Fabric Assigned WWN. or Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Select a switch port or AG port from the Fabric Assigned WWN - Configuration list. 3. Click the Auto button. If the switch port does not have an Auto FAWWN map type and the FAWWN feature is not yet enabled on the port, a To Be Generated message displays. 4.
PAGE 473
Adapter port WWN virtualization 15 FAWWNs on attached AG ports The Configure Fabric Assigned Assigned WWNs dialog box, shown in Figure 147, enables you to configure the Fabric Assigned WWN feature on a selected attached Access Gateway (AG) port. 1. Select Configure > Fabric Assigned WWN. or Right-click the switch and select Fabric Assigned WWN. The Configure Fabric Assigned WWNs dialog box displays. 2. Click the Attached AG Ports tab.
PAGE 474
15 Adapter port WWN virtualization 5. Enter a valid world wide name (WWN), with or without colons, for the Access Gateway node. Optionally, you can select an existing AG Node WWN from the list. The AG Node WWN box includes all discovered AG Node WWNs that are connected to the selected switch. 6. Enter a port or a port range using numbers or a hyphen (-). For example, you can enter a range as 1-6 or you can separate values with a comma; for example: 1, 2, 5, 7-10, 20. 7.
PAGE 475
Role-based access control 15 Role-based access control The Management application enables you to create resource groups and assign users to the selected role within that group. This enables you to assign users to a role within the resource group. The Management application provides one preconfigured resource group (All Fabrics). When you create a resource group, all available roles are automatically assigned to the resource group.
PAGE 476
15 Host performance management Host performance management Real-time performance enables you to collect data from managed HBA and CNA ports. You can use real-time performance to configure the following options: • Select the polling rate from 20 seconds up to 1 minute. • Select up to 32 ports total from a maximum of 10 devices for graphing performance. • Choose to display the same Y-axis range for both the Tx MBps and Rx MBps measure types for easier comparison of graphs.
PAGE 477
Host security authentication TABLE 58 15 Counters (Continued) FC port measures HBA port measures CNA port measures Transmitted FCoE pause frames Received FCS error frames Transmitted FCS error frames Received alignment error frames Received length error frames Received code error frames Instructions for generating real-time performance data are detailed in “Generating a real-time performance graph” on page 903.
PAGE 478
15 Host security authentication FIGURE 148 Fibre Channel Security Protocol Configuration dialog box 3. Configure the following parameters on the Fibre Channel Security Protocol Configuration dialog box: a. Select the Enable Authentication check box to enable the authentication policy. If authentication is enabled, the port attempts to negotiate with the switch. If the switch does not participate in the authentication process, the port skips the authentication process. b.
PAGE 479
supportSave on adapters 15 supportSave on adapters Host management features support capturing support information for managed Brocade adapters, which are discovered in the Management application. You can trigger supportSave for multiple adapters at the same time. supportSave cannot be used to collect support information for ESXi hosts managed by a CIM Server. Refer to the Brocade Adapters Administrator’s Guide for information about supportSave on ESXi hosts.
PAGE 480
15 Host fault management Filtering event notifications The Management application provides notification of many different types of SAN events. If a user wants to receive notification of certain events, you can filter the events specifically for that user. NOTE The e-mail filter in the Management application is overridden by the firmware e-mail filter.
PAGE 481
Backup support 15 Backup support The Management application helps you to protect your data by backing it up automatically. The data can then be restored, as necessary. Configuring backup to a hard drive NOTE Configuring backup to a hard drive requires a hard drive. The drive should not be the same physical drive on which your operating system or the Management application is installed. To configure the backup function to a hard drive, complete the following steps. 1. Select Server > Options.
PAGE 482
15 Backup support Enabling backup Backup is enabled by default. However, if it has been disabled, complete the following steps to enable the function. 1. Select Server > Options. The Options dialog box displays. 2. Select Server Backup in the Category list. 3. Select the Enable Backup check box. 4. Click Apply or OK. Disabling backup Backup is enabled by default. If you want to stop the backup process, you must disable backup. To disable the backup function, complete the following steps. 1.
PAGE 483
Chapter 16 Fibre Channel over Ethernet In this chapter • FCoE overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enhanced Ethernet features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • FCoE protocols supported. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • FCoE licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 484
16 Enhanced Ethernet features DCBX exchange protocol Data Center Bridging Exchange (DCBX) protocol allows enhanced Ethernet devices to convey and configure their DCB capabilities and ensures a consistent configuration across the network. DCBX protocol is used between DCB devices, such as a converged network adapter (CNA) and an FCoE switch, to exchange configuration with directly connected peers. NOTE When DCBX protocol is used, any other LLDP implementation must be disabled on the host systems.
PAGE 485
FCoE protocols supported 16 Ethernet jumbo frames The basic assumption underlying FCoE is that TCP/IP is not required in a local data center network and the necessary functions can be provided with Enhanced Ethernet. The purpose of an “enhanced” Ethernet is to provide reliable, lossless transport for the encapsulated Fibre Channel traffic. Enhanced Ethernet provides support for jumbo Ethernet frames and in-order frame delivery.
PAGE 486
16 FCoE licensing FCoE licensing The FCoE license enables Fibre Channel over Ethernet (FCoE) functionality on the following supported DCB switches: • • • • Brocade 10 GbE 24-port 8 GbE 8 FC port switch Brocade VDX 6710, 6720, and 6730 switches Brocade VDX 8770-series switches Brocade VDX 2730 10 GbE connection blade for the Fujitsu PRIMERGY BX900 and BX400 Blade Servers Without the FCoE license, the DCB switches are pure Layer 2 Ethernet switches and do not allow FCoE bridging capabilities.
PAGE 487
Save running configurations 16 3. Highlight the selected switch and click OK to start the configuration. The running configuration is saved to the selected switch, effective on the next system startup. If you restore the DCB switch using the Restore Switch Configuration dialog box, you are prompted to select one of two restoration methods: • As the running configuration and reboot Rebooting a switch connected to a fabric will stop all traffic to and from the switch.
PAGE 488
16 DCB configuration management DCB configuration management Depending on the platform, the DCB switch has one of the configurations shown in Table 59.
PAGE 489
Switch policies 16 Switch policies You can configure and enable a number of DCB policies on a switch, port, or link aggregation group (LAG). The following switch policy configurations apply to all ports in a LAG: • DCB map and Traffic Class map • Link Layer Discovery Protocol (LLDP) The switch policies are described in the following sections.
PAGE 490
16 DCB Configuration DCB Configuration To launch the DCB Configuration dialog box, select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. NOTE The Protocol Down Reason column, shown in Figure 150, displays the values only for the external ports of embedded platforms but not for the internal ports.
PAGE 491
DCB Configuration 16 Creating a DCB map to carry the LAN and SAN traffic To create a DCB map to carry the LAN and SAN traffic, complete the following steps. NOTE This procedure is applicable for Fabric OS versions earlier than Fabric OS 7.0. For Fabric OS versions 7.0 and later, you can only edit the the default DCB map. 1. Select Configure > DCB. The DCB Configuration dialog box displays. 2. Select the switch to edit from the Products/Ports list and click Edit. The Edit Switch dialog box displays. 3.
PAGE 492
16 DCB Configuration • CoS - Click the CoS cell to launch the Edit CoS dialog box, where you can select and assign one or more priorities (PG ID 15.0 through 15.7). All of the eight CoS values (0-7) must be used in a DCB map. Duplicate CoS values in two or more priority groups are not allowed. You can only edit CoS fields that are displayed with a green tick mark. % Bandwidth (optional) - While in the Edit CoS dialog box, enter a bandwidth value for PG IDs 15.0 to 15.7.
PAGE 493
DCB Configuration 16 FIGURE 152 Edit Switch dialog box - LLDP-DCBX tab 4. Select the Global Configuration LLDP profile in the LLDP Profiles list. 5. Click the left arrow button to edit. 6. Select the FCoE Application and FCoE Logical Link check boxes in the Advertise list to advertise them on the network. 7. Click OK after changing the attributes of the current deployment. The Deployment Status dialog box displays. 8. Click Start on the Deployment Status dialog box to save the changes to the switch. 9.
PAGE 494
16 DCB Configuration 8. Select the DCB map you created in “Creating a DCB map to carry the LAN and SAN traffic” on page 443 from the Available DCB Maps list. 9. Click the LLDP-DCBX tab and select the Enable LLDP-DCBX on Te Port Number check box. 10. Select Assign the Global Configuration. 11. Click OK. The Deploy to Ports dialog box displays. 12. Click OK after changing the attributes of the current deployment. The Deployment Status dialog box launches. 13.
PAGE 495
DCB Configuration 16 Creating VLAN classifiers and activating on the DCB interface NOTE You can complete this procedure using the Management application for Fabric OS versions 7.0 and later. For Fabric OS versions earlier than Fabric OS 7.0, you must use the CLI. To create and activate the VLAN classifiers on the DCB interface, complete the following steps. 1. Log in to the switch and enter global configuration mode. switch:>cmsh switch#configure terminal 2.
PAGE 496
16 DCB Configuration 2. Select the DCB switch or one or more DCB ports from the Products/Ports list to add to a link aggregation group (LAG). 3. Click Add LAG or Edit LAG. The Add LAG or Edit LAG dialog box displays, as shown in Figure 153. FIGURE 153 Add LAG dialog box 4. Configure the following LAG parameters: NOTE Ports with 802.1x authentication or ports that are enabled in L2 mode or L3 mode are not supported in a LAG. • LAG ID - Enter the LAG identifier, using a value from 1 through 63.
PAGE 497
DCB Configuration 16 5. Select at least one available DCB port from the Available Members list and click the right arrow button to move it to the LAG Members list. The DCB ports are now part of the link aggregation group. 6. Continue to configure the following LAG parameters. These parameters are always enabled. • Type - Sets the limit on the size of the LAG. The type values include Standard, where the LAG is limited to 16 ports, and Brocade LAG, where the LAG is limited to 4 ports.
PAGE 498
16 DCB Configuration FIGURE 154 Edit Switch dialog box 4. Configure the policies for the Edit Switch dialog box tabs, which are described in the following sections: • • • • • “QoS configuration” on page 455 “FCoE provisioning” on page 461 “VLAN classifier configuration” on page 463 “LLDP-DCBX configuration” on page 467 “802.1x authentication” on page 470 5. When you have finished configuring the policies, apply the settings to the switch.
PAGE 499
DCB Configuration 16 Editing a DCB port 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a DCB port from the Products/Ports list. 3. Click Edit. The Edit Port dialog box displays, as shown in Figure 155. FIGURE 155 Edit Port dialog box 4. Modify the following DCB port parameters as required: • Interface Mode - Select None or L2. For external ports, the L3 interface mode displays in addition to None or L2.
PAGE 500
16 DCB Configuration 5. When you have finished configuring the policies, apply the settings to the DCB port. NOTE Clicking Cancel when there are pending changes launches a pop-up dialog box. 6. Click OK when you have finished modifying the DCB port parameters. The Deploy to Ports dialog box displays. 7. Click OK after changing the attributes of the current deployment. The Deployment Status dialog box launches. 8.
PAGE 501
DCB Configuration 16 4. Configure the following LAG parameters, as required: NOTE Ports with 802.1x authentication or ports that are enabled in L2 mode or L3 mode are not supported in a LAG. • LAG ID - The LAG identifier, which is not an editable field. • Status - Click the Enable check box to enable the LAG. You must enable the LAG to use the DCB functionality. • Interface Mode - Select None or L2. For external ports, the L3 interface mode displays, in addition to None or L2.
PAGE 502
16 DCB Configuration 8. Click Start on the Deployment Status dialog box to save the changes to the selected LAG or LAGs. NOTE If the primary or secondary IP address already exists on another interface, an error message displays in the Status area. 9. Click Close to close the Deployment Status dialog box. Enabling a DCB port or LAG If you select multiple switches or multiple ports and LAGs from two or more switches, both the Enable button and the Disable button are disabled. 1. Select Configure > DCB.
PAGE 503
QoS configuration 16 QoS configuration QoS configuration involves configuring packet classification, mapping the priority and traffic class, controlling congestion, and scheduling. The configuration of these QoS entities consist of DCB Map and Traffic Class Map configuration. In a Data Center Bridging (DCB) configuration, Enhanced Transmission Selection (ETS) and priority-based flow control (PFC) are configured by utilizing a priority table, a priority group table, and a priority traffic table.
PAGE 504
16 QoS configuration NOTE The 10 Gbps DCB/FC switch module can have only one DCB map. 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays, as shown in Figure 157. FIGURE 157 QoS, Create DCB Map dialog box 4. Select DCB from the Map Type list. 5.
PAGE 505
QoS configuration 16 % Bandwidth (optional) - While in the Edit CoS dialog box, enter a bandwidth value for priority group (PG) IDs 15.0 through 15.7. You must map each CoS to at least one of the PG IDs. Note the following points: • You cannot define a bandwidth percentage for strict priorities (PG ID 15.0 - 15.7). The total bandwidth percentage for PG ID 15.0 through 15.7 must equal 0. • If you set a CoS value to one or more of the PG IDs 0-7, you must also enter a non-zero bandwidth percentage.
PAGE 506
16 QoS configuration Deleting a DCB map You cannot delete the DCB map of a 10 Gbps DCB/FC switch module. To delete the DCB map of an 8 Gbps DCB switch, complete the following steps. 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays. 4. Select one or more DCB maps. 5. Click the left arrow button.
PAGE 507
QoS configuration 16 4. Click the Assign a map to check box to assign the selected port to a DCB map. If you do not enable this check box, all QoS edit features are disabled. 5. Select DCB Map in the Map Type list. 6. Select a DCB map in the Available DCB Maps list. If no DCB maps were created on the switch, the Available DCB Maps list is empty. Otherwise, the following DCB map details display: • PG - ID—Lists the priority group ID (15.0 through 15.
PAGE 508
16 QoS configuration 3. Click the QoS tab on the Edit Switch dialog box. The QoS dialog box displays. 4. Select a Traffic Class map from the Traffic Class Maps list and click the left arrow button to load its values to the left pane. The fields are now editable. If the name of the Traffic Class map already exists, an overwrite warning message displays. Click Yes to overwrite the existing Traffic Class map. 5. Keep the same Traffic Class map name and modify the values, as required. 6.
PAGE 509
FCoE provisioning 16 3. Click the QoS tab on the Edit Port or Edit LAG dialog box. The QoS dialog box displays. 4. Click the Assign a map check box. 5. Select Traffic Class in the Map Type list. 6. Select a Traffic Class map in the Traffic Class Map list. 7. When you have finished the configuration, click OK to launch the Deploy to Ports/LAGs dialog box. Refer to “Switch, port, and LAG deployment” on page 473 for more information.
PAGE 510
16 FCoE provisioning 3. Click the FCoE tab on the Edit Switch dialog box. The Edit Switch dialog box, FCoE tab displays the following FCoE map parameters: NOTE The FCoE tab does not display for the Brocade 8000 switch or the FCOE10-24 port blade. • Name—The name of the FCoE map that will be available for assignment to ports on this switch. This is a read-only field. • VLAN ID—Enter an FCoE VLAN identifier to associate with the FCoE map. The values range from 2 through 3583, and 1002 is the default.
PAGE 511
VLAN classifier configuration 16 4. If enabled, click the Enable FCoE check box to disable the port’s membership on the FCoE map. 5. When you have finished the configuration, click OK to launch the Deploy to Ports dialog box. 6. Click OK after changing the attributes of the current deployment. The Deployment Status dialog box launches. 7. Click Start on the Deployment Status dialog box to save the changes to the selected devices.
PAGE 512
16 VLAN classifier configuration FIGURE 158 Edit Switch dialog box, VLAN Classifiers tab 4. Click the Add button under the Available Rules list. The Add Rules dialog box displays, as shown in Figure 159. FIGURE 159 Add Rules dialog box The Rule ID field is pre-populated with the next available rule ID number. 5. Keep the rule ID number as it is, or change the number using a value from 1 through 256. 6. Select a rule type. Valid rule types are MAC (MAC address-based rule) and Proto (802.
PAGE 513
VLAN classifier configuration 16 9. Click OK to add the rule to the Available Rules list on the VLAN Classifiers tab of the Edit Switch dialog box and close the Add Rules dialog box. NOTE Clicking Apply also adds the rule to the Available Rules list on the VLAN Classifiers tab of the Edit Switch dialog box, and in addition, the Add Rules dialog box remains open and clears all entries for you to define the next rule. 10.
PAGE 514
16 VLAN classifier configuration Creating a VLAN classifier group You can assign existing rules to a selected VLAN classifier and form a VLAN classifier group. If no rules are available, you can add rules to a selected switch using the Add Rules dialog box. 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch and click Edit. 3. Click the VLAN Classifiers tab on the Edit Switch dialog box.
PAGE 515
LLDP-DCBX configuration 16 LLDP-DCBX configuration Link Layer Discovery Protocol (LLDP) provides a solution for the configuration issues caused by increasing numbers and types of network devices in a LAN environment, because, with LLDP, you can statically monitor and configure each device on a network.
PAGE 516
16 LLDP-DCBX configuration Adding an LLDP profile NOTE When a TE port is selected to assign to an LLDP profile, a yellow banner displays with the following error message: “LLDP-DCBX is disabled on this switch. The configuration becomes functional when LLDP-DCBX is enabled on the switch.” 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch, and click Edit. 3.
PAGE 517
LLDP-DCBX configuration 16 Editing an LLDP profile 1. Select Configure > DCB. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch, and click Edit. 3. Click the LLDP-DCBX tab on the Edit Switch dialog box. The LLDP-DCBX Profile dialog box displays. 4. Select an LLDP Profile in the LLDP Profile table. NOTE You can edit the profile. You cannot, however, delete or duplicate global configurations. 5.
PAGE 518
16 802.1x authentication Assigning an LLDP profile to a port or ports in a LAG You create LLDP profiles using the Edit Switch dialog box, which you access from the DCB Configuration dialog box. Global configuration parameters, which is the default selection, are displayed in the Assigned Profile table. NOTE A yellow banner displayed on the LLDP-DCBX dialog box indicates that LLDP-DCBX is disabled on the switch. The configuration options become functional when LLDP-DCBX is enabled on the switch. 1.
PAGE 519
802.1x authentication 16 Enabling 802.1x authentication 802.1x authentication is enabled or disabled globally on the switch using the Edit Switch dialog box. 1. Select Configure > DCB from the menu bar. The DCB Configuration dialog box displays, showing the status of all DCB-related hardware and functions. 2. Select a switch and click Edit. 3. Click the 802.1x tab on the Edit Switch dialog box. 4. Click the Enable 802.1x check box to enable 802.1x authentication, and click OK. 5. Configure the 802.
PAGE 520
16 802.1x authentication FIGURE 161 802.1x dialog box 5. Configure the following 802.1x parameters: • Wait Period - The number of seconds the switch waits before sending an EAP request. The value range is 15 to 65535 seconds. The default value is 30. • Retry Count - The maximum number of times that the switch restarts the authentication process before setting the switch to an unauthorized state. The value range is 1 to 10. The default value is 2.
PAGE 521
Switch, port, and LAG deployment 16 Switch, port, and LAG deployment The Deploy to Products, Deploy to Ports, and Deploy to LAGs dialog boxes provide the flexibility to commit DCB configurations either right away or at a scheduled time. These dialog boxes also allow you to commit the switch-level configuration changes to one or more target switches.
PAGE 522
16 Switch, port, and LAG deployment FIGURE 163 Deploy to Ports dialog box FIGURE 164 Deploy to LAGs dialog box 474 Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 523
Switch, port, and LAG deployment 16 4. Click one of the following deployment options: • • • • Deploy now Save and deploy now Save deployment only Schedule 5. Click one of the following save configuration options: • Save to running • Save to running and startup • Save to running and startup then reboot The name for the scheduled product deployment is pre-populated with a “DCB-MM-DD-YYYY-HR-MIN-SS” prefix. This is an editable field. 6. Provide a description for the product/port/LAG deployment. 7.
PAGE 524
16 Switch, port, and LAG deployment For LAGs: • LAG attributes (Interface Mode, etc.) • QoS, DCB Map / Traffic Class Map • LLDP Profiles 9. Click to move the available targets selected for configuration deployment to the Selected Targets list. 10. Click OK. The Deployment Status dialog box launches. 11. Click Start on the Deployment Status dialog box to save the changes to the selected devices. 12. Click Close to close the Deployment Status dialog box.
PAGE 525
DCB performance TABLE 61 16 Source to target switch Fabric OS version compatibility (Continued) Source Fabric OS version and device Target Fabric OS version supported Comments Brocade Converged 10 GbE switch module for IBM BladeCenter with Fabric OS 6.3.1_cee and 6.3.1_dcb Allows Brocade Converged 10 Gbe switch module for IBM BladeCenter with Fabric OS 6.3.1_cee, Fabric OS 6.3.1_dcb. Both source and target switches must support the FCoE map and VLAN classifiers.
PAGE 526
16 DCB performance FIGURE 165 Real Time Performance Graphs dialog box - SAN tab For complete information about Real Time Performance Graphs, refer to “SAN real-time performance data” on page 903. Generating a real-time performance graph from the IP tab To generate a real-time performance graph for a NOS DCB switch, complete the following steps. 1. Click the IP tab. 2. Select a DCB port from the DCB Configuration dialog box, and select Real Time Graph from the Performance list.
PAGE 527
DCB performance 16 Historical performance graph The Historical Performance Graph dialog box enables you to customize how you want the historical performance information to display. Generating a historical performance graph You can generate a historical performance graph by selecting FOS or NOS DCB devices from the SAN tab or the IP tab. 1. Select a DCB port from the DCB Configuration dialog box, and select Historical Graph from the Performance list.
PAGE 528
16 FCoE login groups FIGURE 167 Historical Performance Report dialog box For complete information about Historical Performance Graphs, refer to “SAN Historical performance data” on page 907. FCoE login groups The FCoE Configuration dialog box allows you to manage the FCoE login configuration parameters on the DCB switches in all discovered fabrics. FCoE login configuration is created and maintained as a fabric-wide configuration.
PAGE 529
FCoE login groups 16 FIGURE 168 FCoE Configuration dialog box 2. Perform one of the following tasks: Under Login Group: • Click Add to launch the Add Login Group dialog box, where you can select an existing switch or enter the WWN of a switch on which the FCoE login group will be created. See “Adding an FCoE login group” on page 481. • Click Edit to launch the Edit Login Group dialog box, where you can edit the login group parameters. See “Editing an FCoE login group” on page 483.
PAGE 530
16 FCoE login groups FIGURE 169 Add Login Group dialog box 3. Select an existing switch from the Switch list, or enter the WWN of the switch that will be added to the FCoE login group. 4. Select one of the following Login Members options: • Allow all—Click to allow all login members into the Available Members list. • Allow specific—Click to allow specific login members into the Available Members list.
PAGE 531
FCoE login groups 16 Editing an FCoE login group Complete the following steps to edit the name of a login group. You can manually add ports by entering the world wide name (WWN) or select available managed CNAs from all discovered hosts. Only directly-connected devices are supported. 1. Select Configure > FCoE from the menu bar. 2. Select a group from the Login Groups list and click Edit. The Edit Login Group dialog box displays, as shown in Figure 155.
PAGE 532
16 FCoE login groups 7. Click Start to apply the changes, or click Close to abort the operation. On closing the FCoE Login Group Confirmation and Status dialog box, the FCoE Configuration Dialog refreshes the data and the latest information is displayed. Deleting one or more FCoE login groups 1. Select Configure > FCoE from the menu bar. or Right-click the DCB device and select FCoE. The FCoE Configuration dialog box displays. 2. Select a group from the Login Groups list and click Delete.
PAGE 533
Virtual FCoE port configuration 16 3. The FCoE Login Group Configuration and Status dialog box displays. 4. Review the changes carefully before you accept them. 5. Click Start to apply the changes, or click Close to abort the operation. The FCoE login management feature is enabled on the selected switch. The value in the FCoE Login Management State column is Enabled after the FCoE Configuration dialog box refresh operation.
PAGE 534
16 Virtual FCoE port configuration FIGURE 171 Virtual FCoE Ports dialog box 3. Select one or more virtual ports from the Ports list. 4. Perform one of the following tasks: • Click Enable to enable a selected virtual FCoE port from the Virtual FCoE Ports tab. • Click Disable to disable a selected virtual FCoE port from the Virtual FCoE Ports tab. • Click Connected Devices to view a list of FCoE virtual ports and to what they are directly connected. 5. Click Close to close the dialog box.
PAGE 535
Virtual FCoE port configuration 16 4. Click Start to apply the changes, or click Close to abort the operation. On closing the DCB Confirmation and Status dialog box, the FCoE Configuration Dialog refreshes the data and the latest information about the FCoE ports are displayed.
PAGE 536
16 488 Virtual FCoE port configuration Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 537
Chapter Security Management 17 In this chapter • Layer 2 access control list management . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 • Security configuration deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 Layer 2 access control list management A Layer 2 access control list (ACL) enables you to filter traffic based on the information in the IP packet header using the MAC address and Ethernet type.
PAGE 538
17 Layer 2 access control list management Creating a standard Layer 2 ACL configuration (Fabric OS) To create a standard Layer 2 ACL configuration, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays. 2. Select New from the Add list. The Device_Name - Layer 2 ACL Configuration dialog box displays. FIGURE 172 Device_Name - Layer 2 ACL Configuration (Standard) dialog box 3.
PAGE 539
Layer 2 access control list management 17 11. Click OK on the Device_Name - Layer 2 ACL Configuration dialog box. The Deploy to Products - Layer 2 ACL dialog box displays. To save the configuration, refer to “Saving a security configuration deployment” on page 500 Editing a standard Layer 2 ACL configuration (Fabric OS) To create a standard Layer 2 ACL configuration on a Fabric OS device, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product.
PAGE 540
17 Layer 2 access control list management 4. To edit an existing ACL rule, complete the following steps. a. Select the rule you want to edit in the ACL Entries list and click the left arrow button. b. Complete step 5 through step 9 in “Creating a standard Layer 2 ACL configuration (Fabric OS)” on page 490. The updated ACL entry displays in the ACL Entries list. To edit additional ACL entries, repeat step 4. 5.
PAGE 541
Layer 2 access control list management 17 5. Enter a sequence number for the ACL in the Sequence field. 6. Select Permit or Deny from the Action list. 7. In the Source list, select one of the following options: • Any • Host • MAC Selecting MAC or Host enables the Source field. Enter the source address on which the configuration filters traffic in the Source field. 8.
PAGE 542
17 Layer 2 access control list management Editing an extended Layer 2 ACL configuration (Fabric OS) To edit an extended Layer 2 ACL configuration on a Fabric OS device, complete the following steps. 1. Select the device and select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays. 2. Select the ACL you want to edit in the ACLs list and click Edit. The Configuration_Name Edit Extended Layer 2 ACL Configuration dialog box displays. 3.
PAGE 543
Layer 2 access control list management 17 5. To add a new ACL rule, complete step 4 through step 12 in “Creating an extended Layer 2 ACL configuration (Fabric OS)” on page 492. The new ACL entry displays in the ACL Entries list. To add additional ACL entries, repeat step 5. 6. To delete an existing ACL rule, select the rule you want to edit in the ACL Entries list and click the left arrow button. 7. Click OK on the Duplicate - Layer 2 ACL Configuration dialog box.
PAGE 544
17 Layer 2 access control list management 4. Select the Assign ACL option and choose one of the following options from the first Assign ACL list: • Select ACLs on this Product to assign ACLs deployed on the product to the port. The second list is populated with the ACLs deployed on the switch or associated with a save deployment object. • Select ACLs bound to this port to assign ACLs bound to the interface to the port. The second list is populated with the ACLs bound to the interface.
PAGE 545
Layer 2 access control list management 17 4. Click OK on the Layer 2 ACL Saved Configurations dialog box. The new ACL displays in the ACLs list. 5. Click OK on the Device_Name - Layer 2 ACL Configuration dialog box. The Deploy to Products - Layer 2 ACL dialog box displays.
PAGE 546
17 Security configuration deployment Security configuration deployment Figure 175 shows the standard interface used to deploy security configurations. FIGURE 175 Deploy to Product/Ports dialog box Before you can deploy a security configuration, you must create the security configuration. For step-by-step instructions, refer to the following sections: Security Management enables you to configure, persist, and manage a security configuration as a “deployment configuration object”.
PAGE 547
Security configuration deployment 17 Deploying a security configuration on demand To deploy a security configuration immediately, complete the following steps. FIGURE 176 Deploy to Product/Ports dialog box 1. Choose one of the following options: • Deploy now — Select to deploy the configuration immediately on the product or port without saving the deployment definition.
PAGE 548
17 Security configuration deployment Saving a security configuration deployment To save a security configuration deployment, complete the following steps. FIGURE 177 Deploy to Product/Ports dialog box 1. Select the Save deployment only option to save the deployment definition for future deployment. 2. Select one of the following save configuration options: • Save to running — Select to update the running configuration; however, the deployment is not saved to the product’s flash memory.
PAGE 549
Security configuration deployment 17 Scheduling a security configuration deployment To schedule a security configuration deployment, complete the following steps. FIGURE 178 Deploy to Product/Ports dialog box 1. Select Configure > Security > Layer 2 ACL > Product. The Device_Name - Layer 2 ACL Configuration dialog box displays. 2. Choose one of the following options: • Select New from the Add list. The Add - Layer 2 ACL Configuration dialog box displays. • Select an ACL in the list and click Edit.
PAGE 550
17 Security configuration deployment 10. Choose one of the following options to configure the frequency at which deployment runs for the schedule: • To configure deployment to run only once, refer to “Configuring a one-time deployment schedule” on page 502. • To configure hourly deployment, refer to “Configuring an hourly deployment schedule” on page 502. • To configure daily deployment, refer to “Configuring a daily deployment schedule” on page 503.
PAGE 551
Security configuration deployment 17 Configuring a daily deployment schedule To configure a daily deployment schedule, complete the following steps. Select Daily from the Frequency list. Select the time of day you want deployment to run from the Time (hh:mm) lists. Where the hour value is from 1 through 12, the minute value is from 00 through 59, and the day or night value is AM or PM.
PAGE 552
17 504 Security configuration deployment Brocade Network Advisor SAN User Manual 53-1002696-01
PAGE 553
Chapter 18 FC-FC Routing Service Management In this chapter • Devices that support Fibre Channel routing . . . . . . . . . . . . . . . . . . . . . . . . • Fibre Channel routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Guidelines for setting up Fibre Channel routing . . . . . . . . . . . . . . . . . . . . . • Connecting edge fabrics to a backbone fabric . . . . . . . . . . . . . . . . . . . . . . • Configuring routing domain IDs . . . . . . . . . . . . . . . . . . . .
PAGE 554
18 Fibre Channel routing overview • Any of the following blades on a Backbone chassis: - 4 Gbps Router, Extension Blade - FC 8 GB 16-port Blade - FC 8 GB 32-port Blade - FC 8 GB 32-port Enhanced Blade (16 Gbps 4-slot or 16 Gbps 4-slot Backbone Chassis only) - FC 8 GB 48-port Blade - The shared ports area (ports 16-47) cannot be used as EX_Ports.
PAGE 555
Guidelines for setting up Fibre Channel routing 18 Figure 179 on page 507 shows a metaSAN with a backbone fabric and three edge fabrics. The backbone consists of one 4 Gbps Router, Extension Switch connecting hosts in Edge fabrics 1 and 3 with storage in Edge fabric 2 and the backbone fabric.
PAGE 556
18 Connecting edge fabrics to a backbone fabric Connecting edge fabrics to a backbone fabric The following procedure explains how to set up FC-FC routing on two edge fabrics connected through an FC router using E_Ports and EX_Ports. NOTE To configure an EX_Port, switches running Fabric OS 7.0.0 or earlier must have an FCR license. Switches running Fabric OS 7.0.1 or later configured in Brocade Native mode (IM0) or Brocade NOS mode (IM5) do not require an FCR license.
PAGE 557
Connecting edge fabrics to a backbone fabric 18 FIGURE 180 Router Configuration-Connect Edge Fabric dialog box 3. Select the FC router from the Available Routers list. 4. Click the right arrow button to move the FC router you selected to the Selected Router list. 5. Select a valid fabric ID from the Fabric ID list. You can choose any unique fabric ID as long as it is consistent for all EX_Ports that connect to the same edge fabric.
PAGE 558
18 Configuring routing domain IDs 9. Configure LSAN zones in each fabric that will share devices. For specific instructions, refer to “Configuring LSAN zoning” on page 739. Configuring routing domain IDs Logical (phantom) domains are automatically created to enable routed fabrics. Two types of logical domains are created: • A front domain is created in edge fabrics for every interfabric link (IFL). • A translate (Xlate) domain is created in routed fabrics that share devices.
PAGE 559
Chapter Virtual Fabrics 19 In this chapter • Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 • Virtual Fabrics requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 • Configuring Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 560
19 Virtual Fabrics requirements Terminology for Virtual Fabrics Table 62 lists definitions of Virtual Fabrics terms. TABLE 62 Virtual Fabrics terms Term Definition Physical chassis The physical switch or chassis from which you create logical switches and fabrics. Logical switch A collection of ports that act as a single Fibre Channel (FC) switch. When Virtual Fabrics is enabled on the chassis, there is always at least one logical switch: the default logical switch.
PAGE 561
Virtual Fabrics requirements 19 • Discover a Virtual Fabrics-enabled seed physical chassis running Fabric OS 6.2.0 or later with Virtual Fabrics enabled, and at least one logical switch defined on the core switch. The physical chassis displays as a virtual switch. • Upgrade a physical chassis already in your SAN to Fabric OS 6.2.0 or later. Virtual Fabrics is disabled by default. This switch displays as a legacy switch. Once upgraded, you must enable Virtual Fabrics.
PAGE 562
19 Configuring Virtual Fabrics TABLE 64 Blade and port types supported on logical switches for backbone chassis (Continued) Logical switch Base switch • • • • • • • • • • Extension Blade—GE_Ports and VE_Ports FC 8 GB Port Blade—E_Ports and F_Ports FC 16 GB Port Blade—E_Ports and F_Ports 8 Gbps Extension Blade - FC ports: E_Ports, F_Ports, and VE_Ports - GE ports: VE_Ports 8-slot and 4-slot Backbone Chassis— ICL ports Extension Blade—GE_Ports and VEX_Ports FC 8 GB Port Blade—E_Ports and EX_Ports FC 16
PAGE 563
Configuring Virtual Fabrics 19 3. Set up logical switches in each physical chassis. a. Create logical switches in each physical chassis and assign ports to them. Make sure the logical switches are configured to allow XISL use. Refer to “Creating a logical switch or base switch” on page 516 for instructions. b. Disable all of the logical switches in each physical chassis. Right-click each logical switch in the Connectivity Map or Product List and select Enable/Disable > Disable. c.
PAGE 564
19 Configuring Virtual Fabrics Creating a logical switch or base switch Before you can create a logical switch, you must enable Virtual Fabrics on at least one physical chassis in your fabric. Optionally, you can define the logical switch to be a base switch. Each chassis can have only one base switch. NOTE The 8 Gbps Extension Switch does not support base switches. 1. Select Configure > Virtual Fabric > Logical Switches. The Logical Switches dialog box displays.
PAGE 565
Configuring Virtual Fabrics 19 The New Logical Switch dialog box displays. FIGURE 184 New Logical Switch dialog box 5. Click the Fabric tab and enter fabric-wide parameters. a. Enter a fabric identifier in the Logical Fabric ID field. This assigns the new logical switch to a logical fabric. If the logical fabric does not exist, this creates a new logical fabric as well as assigning the new logical switch. b.
PAGE 566
19 Configuring Virtual Fabrics e. (Optional) For Backbone Chassis only, select an option in the 256 Area Limit list to use 256-area addressing mode (zero-based or port-based) or to disable this mode (default). The 256-area addressing mode can be used in FICON environments, which have strict requirements for 8-bit area FC addresses. 6. Click the Switch tab and enter switch parameters. a. Enter a name for the logical switch in the Name field. b. Select a domain ID in the Preferred Domain ID list.
PAGE 567
Configuring Virtual Fabrics 19 Assigning ports to a logical switch A port can be assigned to only one logical switch. All ports are initially assigned to the default logical switch. When you create a logical switch, it has no ports and you must explicitly assign ports to it. When you assign a port to a logical switch, it is removed from the original logical switch and assigned to the new logical switch. 1. Select Configure > Virtual Fabric > Logical Switches. The Logical Switches dialog box displays. 2.
PAGE 568
19 Configuring Virtual Fabrics 5. Click the left arrow button. A message displays indicating that the ports will be moved to the default logical switch. 6. Click OK on the warning message. The selected ports are removed from the logical switch and automatically reassigned to the default logical switch. The selected ports are highlighted in the Ports list. 7. (Optional) Perform the following steps to assign the ports to a logical switch other than the default logical switch. a.
PAGE 569
Configuring Virtual Fabrics 19 NOTE Ports are disabled before moving from one logical switch to another. 6. (Optional) Select the Unbind Port Addresses while moving them check box. 7. Click Start to send these changes to the affected chassis. NOTE Most changes to logical switches will disrupt data traffic in the fabric. The status of each change is displayed in the Status column and Status area in the dialog box. 8. When the changes are complete, click Close.
PAGE 570
19 Configuring Virtual Fabrics Leave this check box blank to allow the domain ID to be changed if a duplicate address exists. 8. Click OK on the New Logical Fabric Template dialog box. The new logical fabric template displays under the Discovered Logical Switches node in the Existing Logical Switches list (already highlighted). All of the logical fabric templates have the same name, “NewFabric”. You can differentiate among the templates by the FID number.
PAGE 571
Configuring Virtual Fabrics 19 Moving a logical switch to a different fabric You can move a logical switch from one fabric to another by assigning a different fabric ID. 1. Select Configure > Virtual Fabric > Logical Switches. The Logical Switches dialog box displays. 2. Right-click anywhere in the Existing Logical Switches list and select Table > Expand All. 3. Select the logical switch you want to move to another logical fabric. 4. Click Edit. The Edit Properties dialog box displays. 5.
PAGE 572
19 Configuring Virtual Fabrics 2. Right-click anywhere in the Existing Logical Switches list and select Table > Expand All. 3. Select the logical switch you want to change to a base switch. 4. Click Edit. The Edit Properties dialog box displays. 5. Clear the Base Fabric for Transport check box. This check box is applicable only to logical switches that are not base switches. 6. Select the Base Switch check box. 7. Click OK on the Edit Properties dialog box.
PAGE 573
Chapter 20 SAN Encryption Configuration In this chapter • Encryption Center features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Encryption user privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Network connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Blade processor links .
PAGE 574
20 Encryption Center features • Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Disk device decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Rekeying all disk LUNs manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Thin provision LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing time left for auto rekey . . . . . . . . . . . . .
PAGE 575
Encryption user privileges 20 • “Blade processor links” on page 539 describes the steps for interconnecting encryption switches or blades in an encryption group through a dedicated LAN. This must be done before the encryption engines are enabled. Security parameters and certificates cannot be exchanged if these links are not configured and active.
PAGE 576
20 Smart card usage TABLE 65 Encryption privileges (Continued) Privilege Read/Write Storage Encryption Security • • • • • • • • • • • • Launch the Encryption center dialog box. View switch, group, or engine properties. View Encryption Group Properties Security tab. View LUN centric view. View all rekey sessions. View encryption targets, hosts, and LUNs. Create a master key. Backup a master key. Edit smart card.
PAGE 577
Smart card usage 20 • Establishing a trusted link with the NetApp LKM/SSKM key vault. • Decommissioning a LUN. When a quorum of authentication cards is registered for use, authentication must be provided before you are granted access. Registering authentication cards from a card reader To register an authentication card or a set of authentication cards from a card reader, have the cards physically available.
PAGE 578
20 Smart card usage 3. Locate the Authentication Card Quorum Size and select the quorum size from the list. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
PAGE 579
Smart card usage 20 Registering authentication cards from the database Smart cards that are already in the Management program’s database can be registered as authentication cards. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box (Refer to Figure 185 on page 526). 2. Select an encryption group from the Encryption Center Devices table, then select Group > Security from the menu task bar to display the Encryption Group Properties dialog box.
PAGE 580
20 Smart card usage Deregistering an authentication card Authentication cards can be removed from the database and the switch by deregistering them. Complete the following procedure to deregister an authentication card. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box (Refer to Figure 185 on page 526). 2.
PAGE 581
Smart card usage 20 Using system cards System cards are smart cards that can be used to control activation of encryption engines. You can choose whether the use of a system card is required or not. Encryption switches and blades have a card reader that enables the use of a system card. System cards discourage theft of encryption switches or blades by requiring the use of a system card at the switch or blade to enable the encryption engine after a power off.
PAGE 582
20 Smart card usage Enabling or disabling the system card requirement To use a system card to control activation of an encryption engine on a switch, you must enable the system card requirement. If a system card is required, it must be read by the card reader on the switch. You access the system card GUI from the Security tab. Complete the following procedure to enable or disable the system card requirement. 1.
PAGE 583
Smart card usage 20 Deregistering system cards System cards can be removed from the database by deregistering them. Use the following procedure to deregister a system card: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 185 on page 526.) 2. Select the switch from the Encryption Center Devices table, then select Switch > System Cards from the menu task bar. The System Cards dialog box displays. (Refer to Figure 190 on page 533.) 3.
PAGE 584
20 Smart card usage • Usage: Usage content varies based on the card type. • For Authentication cards, the Usage column shows the number of groups for which the card is registered. • For System cards, the Usage column shows the number of encryption engines for which the card is registered. • For Recovery cards, the Usage column shows the group name and the creation date. • First Name: The first name of the person (up to 64 characters) to whom the smart card is assigned.
PAGE 585
Smart card usage 20 FIGURE 191 Smart Card asset tracking dialog box 3. Select a smart card from the table, then do one of the following: • Click Delete to remove the smart card from the Management application database. Deleting smart cards from the Management application database keeps the Smart Cards table at a manageable size, but does not invalidate the smart card. The smart card can still be used. You must deregister a smart card to invalidate its use.
PAGE 586
20 Smart card usage Editing smart cards Smart cards can be used for user authentication, master key storage and backup, and as a system card for authorizing use of encryption operations. 1. From the Encryption Center dialog box, select Smart Card > Edit Smart Card from the menu task bar to display the Edit Smart Card dialog box (Figure 192). FIGURE 192 Edit Smart Card dialog box 2. Insert the smart card into the card reader. 3.
PAGE 587
Network connections 20 Network connections Before you use the encryption setup wizard for the first time, you must have the following required network connections: • The management ports on all encryption switches and 8-slot Backbone Chassis CPs that have Encryption Blades installed must have a LAN connection to the SAN management program, and must be available for discovery.
PAGE 588
20 Encryption node initialization and certificate generation Configuring blade processor links To configure blade processor links, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 185 on page 526.) 2. Select the encryption engine from the Encryption Center Devices table, then select Engine > Blade Processor Link from the menu task bar to display the Blade Processor Link dialog box (Figure 193).
PAGE 589
Key Management Interoperability Protocol 20 Setting encryption node initialization Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a configuration. Encryption nodes may also be initialized from the Encryption Center dialog box. 1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from the menu task bar. 2. Select Yes after reading the warning message to initialize the node.
PAGE 590
20 Supported encryption key manager appliances HA support should be set before you register the key vault. Three settings are supported; however, certain settings are determined by the compliant key vault type that is being used: • Transparent: The client assumes the entire HA is implemented on the key vault. Key archival and retrieval is performed without any additional hardening checks. • Opaque: The primary and secondary key vaults are both registered on the Fabric OS encryption switch.
PAGE 591
Supported encryption key manager appliances 20 The following key vault types are supported: • RSA Data Protection Manager (DPM): If an encryption group contains mixed firmware nodes, the Encryption Group Properties Key Vault Type name is based on the firmware version of the group leader. For example, If a switch is running Fabric OS 7.1.0 or later, the Key Vault Type is displayed as “RSA Data Protection Manager (DPM).”If a switch is running a Fabric OS version prior to v7.1.
PAGE 592
20 Steps for connecting to a DPM appliance Steps for connecting to a DPM appliance All switches that you plan to include in an encryption group must have a secure connection to the RSA Data Protection Manager (DPM). The following is a suggested order of steps needed to create a secure connection to the DPM. NOTE The Fabric OS encryption switch uses the manual enrollment of identities with client registration to connect with DPM 3.x servers.
PAGE 593
Steps for connecting to a DPM appliance 20 4. Do one of the following: • If a CSR is present, click Export. • If a CSR is not present, select a switch from the Encryption Center Devices table, then select Switch > Init Node from the menu task bar. This generates switch security parameters and certificates, including the KAC CSR. 5. Save the file. The default location for the exported file is in the Documents folder. NOTE The CSR is exported in Privacy Enhanced Mail (.pem) format.
PAGE 594
20 Steps for connecting to a DPM appliance In the example above, the certificate validity is active until “Dec 4 18:03:14 2010 GMT.” After the KAC certificate has expired, the registration process must be redone. NOTE In the event that the signed KAC certificate must be re-registered, you will need to log in to the key vault web interface and upload the new signed KAC certificate for the corresponding Fabric OS encryption switch Identity.
PAGE 595
Steps for connecting to a DPM appliance 7. 20 Open another web browser window, and start the RSA management user interface. You will need the URL, and have the proper authority level, user name, and password. NOTE The Identity Group name used in the next step might not exist in a freshly installed DPM. To establish an Identity Group name, click the Identity Group tab, and create a name. The name Hardware Retail Group is used as an example in the following steps. 8. Select the Key Classes tab.
PAGE 596
20 Steps for connecting to a DPM appliance Uploading the KAC certificate onto the DPM appliance (manual identity enrollment) NOTE The Fabric OS encryption switch will not use the Identity Auto Enrollment feature supported with DPM 3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x server with the Fabric OS encryption switch as described in this section. You need to install the switch public key certificate (KAC certificate).
PAGE 597
Steps for connecting to an LKM/SSKM appliance 20 . FIGURE 195 Encryption Group Properties with Key Vault Certificate 2. Select Load from File and browse to the location on your client PC that contains the downloaded CA certificate in .pem format. Steps for connecting to an LKM/SSKM appliance The NetApp KeySecure Lifetime Key Manager (LKM) and Storage Secure Key Manager (SSKM) reside on an FIPS 140-2 Level 3-compliant network appliance.
PAGE 598
20 Steps for connecting to an LKM/SSKM appliance 5. If required, create an LKM/SSKM cluster for high availability. Refer to “LKM/SSKM key vault high availability deployment” on page 552.
PAGE 599
Steps for connecting to an LKM/SSKM appliance 20 5. If you are using the Management application, the path to the file must be specified ion the Select Key Vault dialog box when creating a group leader. If the proper path is entered, the file is imported. Exporting and registering the switch KAC certificates on LKM/SSKM 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box (Refer to Figure 185 on page 526). 2.
PAGE 600
20 Steps for connecting to an LKM/SSKM appliance Establishing the trusted link You must generate the trusted link establishment package (TEP) on all nodes to obtain a trusted acceptance package (TAP) before you can establish a trusted link between each node and the NetApp LKM/SSKM appliance. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 185 on page 526.) 2.
PAGE 601
Steps for connecting to an LKM/SSKM appliance 20 When dual LKM/SSKMs are used with the encryption switch or blade, the dual LKM/SSKMs must be clustered. There is no enforcement done at the encryption switch or blade to verify whether or not the dual LKM/SSKMs are clustered, but key creation operations will fail if you register non-clustered dual LKM/SSKMs with the encryption switch or blade.
PAGE 602
20 Steps for connecting to an ESKM/SKM appliance LKM/SSKM key vault deregistration Deregistration of either the primary or secondary LKM/SSKM key vault from an encryption switch or blade is allowed independently. • Deregistration of Primary LKM/SSKM: You can deregister the Primary LKM/SSKM from an encryption switch or blade without deregistering the backup or secondary LKM/SSKM for maintenance or replacement purposes.
PAGE 603
Steps for connecting to an ESKM/SKM appliance 20 6. Enable an SSL connection. Refer to “Enabling SSL on the Key Management System (KMS) Server” on page 560. 7. Configure a cluster of ESKM/SKM appliances for high availability. Refer to: • “Creating an ESKM/SKM High Availability cluster” on page 560. • “Copying the local CA certificate for a clustered ESKM/SKM appliance” on page 561 • “Adding ESKM/SKM appliances to the cluster” on page 561 8.
PAGE 604
20 Steps for connecting to an ESKM/SKM appliance Registering the ESKM/SKM Brocade group user name and password The Brocade group user name and password you created when configuring a Brocade group on ESKM/SKM must also be registered on each encryption node. NOTE This operation can be performed only after the switch is added to the encryption group. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box (Refer to Figure 185 on page 526). 2.
PAGE 605
Steps for connecting to an ESKM/SKM appliance 20 • If you change the user name and password, the keys created by the previous user become inaccessible. The Brocade group user name and password must also be changed to the same values on ESKM/SKM to make the keys accessible.
PAGE 606
20 Steps for connecting to an ESKM/SKM appliance FIGURE 198 Creating an HP ESKM/SKM local CA 5. Under Certificates & CAs, select Trusted CA Lists to display the Trusted Certificate Authority List Profiles. 6. Click on Default under Profile Name. 7. In the Trusted Certificate Authority List, click Edit. 8. From the list of Available CAs in the right panel, select the CA you just created. Repeat these steps any time another local CA is needed.
PAGE 607
Steps for connecting to an ESKM/SKM appliance 20 Creating and installing the ESKM/SKM server certificate To create the ESKM/SKM server certificate, complete the following steps: 1. Click the Security tab. 2. Under Certificates and CAs, select Certificates. 3. Enter the required information under Create Certificate Request. - Enter a Certificate Name and Common Name. The same name may be used for both. Enter your organizational information.
PAGE 608
20 Steps for connecting to an ESKM/SKM appliance 17. Select the server certificate name you just created from the certificate list, and select Properties. The Certificate Request Information window displays. 18. Click Install Certificate. The Certificate Installation window displays. 19. Paste the signed certificate data you copied under Certificate Response, then click Save. The status of the server certificate should change from Request Pending to Active.
PAGE 609
Steps for connecting to an ESKM/SKM appliance 20 4. For Local Port, use the default value of 9001 unless you are explicitly directed to use a different value for your site. 5. Type the cluster password in the Create Cluster section of the main window to create the new cluster, then click Create. 6. In the Cluster Settings section of the window, click Download Cluster Key and save the key to a convenient location, such as your computer's desktop.
PAGE 610
20 Steps for connecting to an ESKM/SKM appliance 9. Click Save. 10. Select the Device tab. 11. In the Device Configuration menu, click Cluster. 12. Click Join Cluster. In the Join Cluster section of the window, leave Local IP and Local Port set to their default settings. 13. Enter the original cluster member’s local IP address into Cluster Member IP. 14. Enter the original cluster member’s local Port into Cluster Member Port. 15. Click Browse, then select the Cluster Key File you saved. 16.
PAGE 611
Steps for connecting to an ESKM/SKM appliance 20 12. Paste the file contents that you copied in step 3 in the Certificate Request Copy area. 13. Select Sign Request. 14. Download the signed certificate to your local system as signed_kac_eskm_cert.pem or signed_kac_skm_cert.pem, depending on your key vault type. This file is ready to be imported to the encryption switch or blade.
PAGE 612
20 Steps for connecting to an ESKM/SKM appliance Disk keys and tape pool keys support DEK creation, retrieval, and update for disk and tape pool keys are as follows: • DEK creation: The DEK is first archived to the virtual IP address of the ESKM/SKM cluster. The request gets routed to the primary or secondary ESKM/SKM, and is synchronized with other ESKMs or SKMs in the cluster.
PAGE 613
Steps for connecting to a TEKA appliance 20 Steps for connecting to a TEKA appliance TEKA provides a web user interface for management of clients, keys, admins, and configuration parameters. A Thales officer creates domains, groups, and managers (a type of administrator), assigns groups to domains, and assigns managers to manage groups. Managers are responsible for creating clients and passwords for the groups they manage.
PAGE 614
20 Steps for connecting to a TEKA appliance 1. Log in to the Thales management program as admin and select the Network tab (Figure 200). FIGURE 200 TEKA Network Settings 2. Enter the management IP address information under Management Interface. 3. Enter the client IP address information under KM Server Interface. 4. Enter a host name for the appliance, Internet or intranet domain, and, if used, the primary and secondary DNS IP address under Common Settings. 5. Set Service Settings.
PAGE 615
Steps for connecting to a TEKA appliance 20 Creating a client on TEKA This step assumes the group brocade has been created by an administrator. If the group brocade does not exist, you must log in to TEKA as officer, create the group, and assign the group to a manager. 1. From the Encryption Center Devices table, select a switch that needs to have a TEKA Client, then select Properties. 2. Click Key Vault User Name. The Key Vault User Information dialog box displays (Figure 201).
PAGE 616
20 Steps for connecting to a TEKA appliance 9. Select the group brocade from the group pull-down menu, then click Add Client. A TEKA client user is created and is listed in the table. Establishing TEKA key vault credentials on the switch The credentials established for the TEKA client must be presented to TEKA by the switch. 1. From the Encryption Center Devices table, select a switch, then select Switch > Key Vault Credentials from the menu task bar.
PAGE 617
Steps for connecting to a TEKA appliance 20 Signing the encryption node KAC CSR on TEKA The KAC certificate signing request (KAC CSR) generated when the encryption node is initialized must be exported for each encryption node and signed by the local CA on TEKA. The signed certificate must then be imported back into the encryption node. 1. From the Encryption Center, select Switch > Export Certificate. The Export Switch Certificate dialog box displays. 2.
PAGE 618
20 Steps for connecting to a TKLM appliance Steps for connecting to a TKLM appliance All switches you plan to include in an encryption group must have a secure connection to the Tivoli Key Lifecycle Manager (TKLM). A local LINUX host must be available to transfer certificates. NOTE Ensure that the time zone and clock time setting on the TKLM server and encryption nodes are the same. A difference of only a few minutes can cause the TLS connectivity to fail.
PAGE 619
Steps for connecting to a TKLM appliance 20 Exporting the Fabric OS node self-signed KAC certificates Each Fabric OS node generates a self-signed KAC certificate as part of the node initialization process as described under “Encryption node initialization and certificate generation”. These certificates must be exported from each switch and stored on a local LINUX host to make them available for importing to TKLM. 1.
PAGE 620
20 Steps for connecting to a TKLM appliance Creating a self-signed certificate for TKLM You must create a self-signed certificate for TKLM that can be downloaded to the Fabric OS encryption engines to verify the authenticity of TKLM. 1. Select Tivoli Key Lifecycle Manager > Configuration. The Configuration page displays. 2. Select Create self-signed certificate. 3. Under Certificate label in key store, enter a certificate label. 4. Under Certificate description (common name), enter a descriptive name. 5.
PAGE 621
Steps for connecting to a TKLM appliance 20 For Windows: \ibm\tivoli\tiptklmV2\bin\wsadmin.bat -username TKLMAdmin -password -lang jython 2. Check the certificate list using the following command: print AdminTask.tklmCertList('[]') The listing will contain the UUID for all certificates. Use the UUID of the server certificate to export the server certificate from the database to the file system. print AdminTask.
PAGE 622
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) Steps for connecting to a KMIP appliance (SafeNet KeySecure) With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP) KeySecure Management Console can be used on the Fabric OS encryption switch. Any KMIP-compliant server can be reregistered as a KMIP key vault. NOTE Currently, only KMIP with SafeNet KeySecure for Key Management (SSKM) native hosting LKM is supported.
PAGE 623
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 Setting FIPS compliance 1. From the KeySecure Management Console, select the Security tab, then select Advanced Security, > High Security. The High Security Configuration page displays (Figure 206). FIGURE 206 KeySecure High Security Configuration page 2. Under FIPS Compliance, set FIPS Compliance to Yes. This ensures that only TLS 1.0 connections are supported between the Fabric OS encryption switch and the KeySecure.
PAGE 624
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) Creating a local CA 1. From the KeySecure Management Console, select the Security tab, then select CAs & SSL Certificates > Local CAs. The Certificate and CA Configuration page displays (Figure 207). FIGURE 207 KeySecure Certificate and CA Configuration - Create Local Certificate Authority 2. Under Create Local Certificate Authority, enter the organization information in the fields provided, then click Create.
PAGE 625
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 Creating a server certificate 1. From the Security tab, select CAs & SSL Certificates > SSL Certificates. The Certificate and CA Configuration page displays (Figure 209). FIGURE 209 KeySecure Certificate and CA Configuration page 2. Under Create Certificate Request, enter your organization information in the fields provided, then click Create Certificate Request. (The example is using “Safenet75ServerCert” as the server certificate name.
PAGE 626
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) FIGURE 210 KeySecure Certificate and CA Configuration - Certificate List 4. Click on the server certificate name you just created (Safenet75ServerCert), which will display the certificate contents (Figure 211). FIGURE 211 KeySecure Certificate and CA Configuration page - Certificate Request Information 5. Copy the certificate contents.
PAGE 627
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 6. From the Security tab, select CAs & SSL Certificates > Local CAs. The Certificate and CA Configuration page displays (Figure 212). FIGURE 212 KeySecure Certificate and CA Configuration - Local Certificate Authority List 7. Under Local Certificate Authority List, select the local CA certificate you just created (SafeNetCA), then click Sign Request. The Sign Certificate Request dialog box displays (Figure 213).
PAGE 628
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) 9. Paste the server certificate contents that you copied (refer to step 5) in the Certificate Request text box, then click Sign Request. The Certificate and CA Configuration page refreshes and the certificate information is displayed under Certificate Request Information (Figure 214). FIGURE 214 KeySecure Certificate and CA Configuration - Certificate Request Information 10.
PAGE 629
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 13. Paste the server certificate request contents in the Certificate Installation text box, then click Save (Figure 215). FIGURE 215 KeySecure Certificate and CA Configuration - Certificate Installation After the page refreshes, the new certificate information is displayed in the Certificate List table (Figure 216). 14. Verify the server certificate status is shown as Active.
PAGE 630
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) Creating a cluster 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Cluster. The Cluster Configuration page displays (Figure 217). FIGURE 217 KeySecure Cluster Configuration page 2. Under Create Cluster, enter a user-defined password in the fields provided, then click Create.
PAGE 631
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 FIGURE 218 KeySecure Cluster Configuration page 4. Under Cluster Settings, click Download Cluster Key (Figure 219). You will be prompted to enter a local file name.
PAGE 632
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) Signing the encryption node KAC CSR on KMIP The KAC certificate signing request generated when the encryption node is initialized must be exported for each encryption node and signed by the Brocade local CA on KMIP. The signed certificate must then be imported back into the encryption node. 1. Select Configure > Encryption from the menu task bar to display the The Encryption Center dialog box (Refer to Figure 185 on page 526). 2.
PAGE 633
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 FIGURE 220 Certificate and CA Configuration page - Sign Certificate Request 9. Select Sign with Certificate Authority from the drop-down list. (The example is using “SafeNetCA (maximum of 3550 days)”. 10. Select Client as Certificate Purpose. 11. Set Certificate Duration. Default is 3649 days (recommended). 12. Paste the file contents that you copied in step 3 in the Certificate Request area. 13. Select Sign Request. 14.
PAGE 634
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) The Import Signed Certificate dialog box displays (Figure 221). FIGURE 221 Import Signed Certificate dialog box 3. Browse to the location where the signed certificate is stored, then click OK. The signed certificate is stored on the switch. Backing up the certificates 1. From the KeySecure Management Console, select the Device tab, then select Maintenance > Backup & Restore > Create Backup. The Backup and Restore page displays (Figure 222).
PAGE 635
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 FIGURE 223 Backup and Restore - Device items 5. Select the items for backup, then click Continue. The Create Backup dialog box displays (Figure 224), which is used for setting backup details. FIGURE 224 Backup and Restore - Backup details 6. Enter backup details in the fields provided, then click Backup to initiate the backup process. 7. Restore this backup file on the secondary clustered SSKM server.
PAGE 636
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) Configuring the KMIP server 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Key Server > Key Server. The Cryptographic Key Server Configuration page displays (Figure 225). FIGURE 225 KeySecure Cryptographic Key Server Configuration page 2. Under Cryptographic Key Server Settings, select KMIP as the protocol. 3. Ensure that the Use SSL check box is selected. 4.
PAGE 637
Steps for connecting to a KMIP appliance (SafeNet KeySecure) 20 Adding a node to the cluster Perform the following steps on the secondary KeySecure node when adding it to the cluster. 1. From the KeySecure Management Console, select the Device tab, then select Device Configuration > Cluster. The Cluster Configuration page displays (Figure 226). FIGURE 226 KeySecure Cluster Configuration page 2. Under Join Cluster, enter the cluster information that you configured for the primary KeySecure node.
PAGE 638
20 Steps for connecting to a KMIP appliance (SafeNet KeySecure) FIGURE 227 KeySecure Cluster Configuration - Cluster Members 7. From the Devices tab, select Maintenance > Backup and Restore > Restore Backup. The Backup and Restore page displays (Figure 228). FIGURE 228 KeySecure Backup and Restore page 8. Under Restore Backup, select Upload from browser, then enter a file name or browse to the file location.
PAGE 639
Encryption preparation 20 9. Enter the Backup Password in the field provided, then click Restore. 10. After the certificate is restored to the secondary node from the previously backed-up primary node, select Maintenance > Services. The Services Configuration page displays (Figure 229). NOTE A message displays, advising that the secondary node requires a restart. FIGURE 229 KeySecure Services Configuration page 11.
PAGE 640
20 Creating a new encryption group • Switch KAC certificates have been signed by a CA and stored in a known location. • Key management system (key vault) certificates have been obtained and stored in a known location. Creating a new encryption group The following steps describe how to start and run the encryption setup wizard and create a new encryption group. NOTE When a new encryption group is created, any existing tape pools in the switch are removed. 1.
PAGE 641
Creating a new encryption group 20 6. Confirm the configuration. 7. Configuration Status. 8. Read Instructions. FIGURE 231 Configure Switch Encryption wizard - welcome screen 4. From the Configure Switch Encryption welcome screen, click Next to begin. The Designate Switch Membership dialog box displays (Figure 232).
PAGE 642
20 Creating a new encryption group FIGURE 232 Designate Switch Membership dialog box 5. For this procedure, verify that Create a new encryption group containing just this switch is selected, then click Next. NOTE If you are adding a switch to an encryption, refer to “Adding a switch to an encryption group” on page 630. The Create a New Encryption Group dialog box displays (Figure 233).
PAGE 643
Creating a new encryption group 20 The dialog box contains the following information: • Encryption Group Name text box: Encryption group names can have up to 15 characters. Letters, digits, and underscores are allowed. The group name is case-sensitive. • Failback mode: Selects whether or not storage targets should be automatically transferred back to an encryption engine that comes online after being unavailable. Options are Automatic or Manual.
PAGE 644
20 Creating a new encryption group Using this dialog box, you can select a key vault for the encryption group that contains the selected switch. Prior to selecting your Key Vault Type, the selection is shown as None. The dialog box contains the following information: • Key Vault Type: If an encryption group contains mixed firmware nodes, the Encryption Group Properties Key Vault Type name is based on the firmware version of the group leader.
PAGE 645
Creating a new encryption group 20 • Backup Certificate File: (Optional.) If a backup key vault is entered, the backup certificate file must also be entered. Navigate to and select the secondary public key certificate from your desktop, if applicable. • Serial Number: (TKLM only.) Serial number of the switch, which is required for registering the switch on the key vault. • Device Group: (TKLM only.) The name of the device group of which the switch is a member.
PAGE 646
20 Creating a new encryption group FIGURE 235 Select Key Vault dialog box for DPM 1. Enter the IP address or host name for the primary key vault. If you are clustering DPM appliances for high availability, IP load balancers are used to direct traffic to the appliances. Use the IP address of the load balancer. 2. Enter the name of the file that holds the Primary Key Vault’s CA Key Certificate or browse to the desired location. 3.
PAGE 647
Creating a new encryption group 20 FIGURE 236 Specify Certificate Signing Request File Name dialog box 5. Enter the filename in which you want to store the certificate information, or browse to the file location. The certificate stored in this file is the switch’s Switch Certificate Signing file. You will need to know this path and file name to install the switch’s Switch Certificate Signing file on the key management appliance. 6. Click Next.
PAGE 648
20 Creating a new encryption group FIGURE 237 Specify Master Key File Name dialog box 7. Enter the location of the file in which you want to store back up master key information, or browse to the desired location. 8. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 9. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays (Figure 238).
PAGE 649
Creating a new encryption group 20 FIGURE 238 Select Security Settings dialog box 10. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards.
PAGE 650
20 Creating a new encryption group FIGURE 239 Confirm Configuration dialog box The Configuration Status dialog box displays (Figure 240). FIGURE 240 Configuration Status dialog box 12. Review the post-configuration instructions, which you can copy to a clipboard or print for later, then click Next. The Next Steps dialog box displays (Figure 241). Instructions for installing public key certificates for the encryption switch are displayed.
PAGE 651
Creating a new encryption group 20 FIGURE 241 Next Steps dialog box 13. Review the post-configuration instructions, which you can copy to a clipboard or print for later, then click Finish to exit the wizard.
PAGE 652
20 Creating a new encryption group Configuring key vault settings for NetApp Link Key Manager (LKM/SSKM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard. If you have not already done so, go to “Creating a new encryption group” on page 592. Figure 242 shows the key vault selection dialog box for LKM/SSKM. FIGURE 242 Select Key Vault dialog box for LKM/SSKM 1. Enter the IP address or host name for the primary key vault. 2.
PAGE 653
Creating a new encryption group 20 FIGURE 243 Specify Public Key Certificate (KAC) File Name dialog box 4. Specify the location of the file in which you want to store the public key certificate that is used to authenticate connections to the key vault. The certificate stored in this file is the switch’s public key certificate. You will need to know this path and file name to install the switch’s public key certificate on the key management appliance. 5. Click Next.
PAGE 654
20 Creating a new encryption group FIGURE 244 Select Security Settings dialog box 6. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards.
PAGE 655
Creating a new encryption group 20 FIGURE 245 Confirm Configuration dialog box The Configuration Status dialog box displays (Figure 246). FIGURE 246 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
PAGE 656
20 Creating a new encryption group After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. See “Understanding configuration status results” on page 629 for more information. 8. Verify the information is correct, then click Next. The Next Steps dialog box displays (Figure 247). Instructions for installing public key certificates for the encryption switch are displayed. These instructions are specific to the key vault type.
PAGE 657
Creating a new encryption group 20 Configuring key vault settings for HP Enterprise Secure Key Manager (ESKM/SKM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard. If you have not already done so, go to “Creating a new encryption group” on page 592. Figure 248 shows the key vault selection dialog box for ESKM/SKM. FIGURE 248 Select Key Vault dialog box for ESKM/SKM 1. Enter the IP address or host name for the primary key vault. 2.
PAGE 658
20 Creating a new encryption group FIGURE 249 Specify Certificate Signing Request File Name dialog box 6. Enter the location of the file in which you want to store the certificate information, or browse to the desired location, then click Next. The Specify Master Key File Name dialog box displays (Figure 250). FIGURE 250 Specify Master Key File Name dialog box 7. 610 Enter the passphrase, which is required for restoring the master key.
PAGE 659
Creating a new encryption group 20 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays (Figure 251). FIGURE 251 Select Security Settings dialog box 9. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards.
PAGE 660
20 Creating a new encryption group FIGURE 252 Confirm Configuration dialog box The Configuration Status dialog box displays (Figure 253). FIGURE 253 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
PAGE 661
Creating a new encryption group 20 After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. See “Understanding configuration status results” on page 629 for more information. 11. Review important messages, then click Next. The Next Steps dialog box displays (Figure 254). Instructions for installing public key certificates for the encryption switch are displayed. FIGURE 254 Next Steps dialog box 12.
PAGE 662
20 Creating a new encryption group FIGURE 255 Select Key Vault dialog box for TEKA 1. Enter the IP address or host name for the primary key vault. 2. Enter the name of the file that holds the primary key vault’s public key certificate, or browse to the desired location. 3. Enter the password you created for the Brocade group TEKA client. 4.
PAGE 663
Creating a new encryption group 20 FIGURE 256 Specify Master Key File Name dialog box 6. Enter the name of the file used for backing up the master key or browse to the desired location. 7. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays (Figure 257).
PAGE 664
20 Creating a new encryption group 9. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards. The actual number of authentication cards registered is always more than the quorum size, so if you set the quorum size to five, for example, you will need to register at least six cards in the subsequent steps.
PAGE 665
Creating a new encryption group 20 FIGURE 259 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
PAGE 666
20 Creating a new encryption group FIGURE 260 Next Steps dialog box 12. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 13. Click Finish to exit the Configure Switch Encryption wizard. 14. Refer to “Understanding configuration status results” on page 629.
PAGE 667
Creating a new encryption group 20 Configuring key vault settings for IBM Tivoli Key Lifetime Manager (TKLM) The following procedure assumes you have already configured the initial steps in the Configure Switch Encryption wizard. If you have not already done so, go to “Creating a new encryption group” on page 592. Figure 261 shows the key vault selection dialog box for TKLM. FIGURE 261 Select Key Vault dialog box for TKLM 1. Enter the IP address or host name for the primary key vault. 2.
PAGE 668
20 Creating a new encryption group FIGURE 262 Specify Public Key Certificate (KAC) File Name dialog box 5. Enter the name of the file in which the switch’s public key certificate is stored, or browse to the desired location, then click Next. The Specify Master Key File Name dialog box displays (Figure 263). FIGURE 263 Specify Master Key File Name dialog box 6. Enter the name of the file used for backing up the master key, or browse to the desired location.
PAGE 669
Creating a new encryption group 7. 20 Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 8. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays (Figure 264). FIGURE 264 Select Security Settings dialog box 9. Set quorum size and system card requirements.
PAGE 670
20 Creating a new encryption group FIGURE 265 Confirm Configuration dialog box The Configuration Status dialog box displays (Figure 266). FIGURE 266 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified.
PAGE 671
Creating a new encryption group 20 After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. 11. Click Next. The Next Steps dialog box displays (Figure 267). Instructions for installing public key certificates for the encryption switch are displayed. These instructions are specific to the key vault type. FIGURE 267 Next Steps dialog box 12.
PAGE 672
20 Creating a new encryption group Figure 268 shows the key vault selection dialog box for KMIP. FIGURE 268 Select Key Vault dialog box for KMIP 1. Select the High Availability mode. Options are: • Opaque: Both the primary and secondary key vaults are registered on the Fabric OS encryption switch. The client archives the key to a single (primary) key vault. For disk operations, an additional hardening check is done on the secondary key vault before the key is used for encryption.
PAGE 673
Creating a new encryption group 20 6. Select the Certificate Type. Options are: • CA Signed: The Fabric OS encryption switch KAC certificate is signed by a CA, imported back onto the Fabric OS encryption switch, and registered as a KAC certificate. The CA will be registered as a key vault certificate on the Fabric OS encryption switch. • Self Signed: The self-signed certificates are exchanged and registered on both ends.
PAGE 674
20 Creating a new encryption group FIGURE 270 Specify Master Key File Name dialog box 9. Enter the name of the file used for backing up the master key, or browse to the desired location. 10. Enter the passphrase, which is required for restoring the master key. The passphrase can be between eight and 40 characters, and any character is allowed. 11. Re-enter the passphrase for verification, then click Next. The Select Security Settings dialog box displays (Figure 271).
PAGE 675
Creating a new encryption group 20 FIGURE 271 Select Security Settings dialog box 12. Set quorum size and system card requirements. The quorum size is the minimum number of cards necessary to enable the card holders to perform the security sensitive operations listed above. The maximum quorum size is five cards.
PAGE 676
20 Creating a new encryption group FIGURE 272 Confirm Configuration dialog box 14. Confirm the encryption group name and switch public key certificate file name you specified are correct, then click Next. The Configuration Status dialog box displays (Figure 273).
PAGE 677
Creating a new encryption group 20 All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified. After configuration of the encryption group is completed, the Management application sends API commands to verify the switch configuration. 15. Click Next.
PAGE 678
20 Adding a switch to an encryption group 3. Register the key vault. The Management application registers the key vault using the cryptocfg --reg keyvault command. 4. Enable the encryption engines. The Management application initializes an encryption switch using the cryptocfg --initEE [] and cryptocfg --regEE [] commands. 5. Create a new master key. (Opaque key vaults only). The Management application checks for a new master key.
PAGE 679
Adding a switch to an encryption group 20 FIGURE 275 Configure Switch Encryption wizard - welcome screen 3. Click Next. The Designate Switch Membership dialog box displays (Figure 276). FIGURE 276 Designate Switch Membership dialog box 4. For this procedure, select Add this switch to an existing encryption group, then click Next. The Add Switch to Existing Encryption Group dialog box displays (Figure 277).
PAGE 680
20 Adding a switch to an encryption group The dialog box contains the following information: • Encryption Groups table: Enables you to select an encryption group in which to add a switch. • Member Switches table: Lists the switches in the selected encryption group. NOTE If you are creating a new encryption group, refer to “Creating a new encryption group” on page 592. FIGURE 277 Add Switch to Existing Encryption Group dialog box 5. Select the group in which to add the switch, then click Next.
PAGE 681
Adding a switch to an encryption group 20 FIGURE 278 Specify Public Key Certificate (KAC) File Name dialog box 6. Enter the location where you want to store the public key certificate that is used to authenticate connections to the key vault, or browse to the desired location, then click Next. The Confirm Configuration dialog box displays (Figure 279). Confirm the encryption group name and switch public key certificate file name you specified are correct, then click Next.
PAGE 682
20 Adding a switch to an encryption group FIGURE 280 Configuration Status dialog box All configuration items have green check marks if the configuration is successful. A red stop sign indicates a failed step. A message displays below the table, indicating the encryption switch was added to the group you named, and the public key certificate is stored in the location you specified. 7. Review important messages, then click Next. The Error Instructions dialog box displays (Figure 281).
PAGE 683
Adding a switch to an encryption group 20 FIGURE 281 Error Instructions dialog box 8. Review the post-configuration instructions, which you can copy to a clipboard or print for later. 9. Click Finish to exit the Configure Switch Encryption wizard.
PAGE 684
20 Replacing an encryption engine in an encryption group Replacing an encryption engine in an encryption group To replace an encryption engine in an encryption group with another encryption engine within the same DEK Cluster, complete the following steps: 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. (Refer to Figure 185 on page 526.) 2.
PAGE 685
High availability (HA) clusters 20 High availability (HA) clusters A high availability (HA) cluster is a group of exactly two encryption engines (EEs). One encryption engine can take over encryption and decryption tasks for the other encryption engine, if that member fails or becomes unreachable. NOTE High Availability clusters between two EEs should not be confused with High Availability opaque mode that is supported in KMIP.
PAGE 686
20 High availability (HA) clusters FIGURE 283 Encryption Group Properties dialog box - HA Clusters tab NOTE If you are creating a new HA cluster, a dialog box displays requesting a name for the new HA cluster. HA Cluster names can have up to 31 characters. Letters, digits, and underscores are allowed. Removing engines from an HA cluster Removing the last engine from an HA cluster also removes the HA cluster.
PAGE 687
High availability (HA) clusters 20 Swapping engines in an HA cluster Swapping engines is useful when replacing hardware. Swapping engines is different from removing an engine and adding another because when you swap engines, the configured targets on the former HA cluster member are moved to the new HA cluster member. 1. Select Configure > Encryption from the menu task bar to display the Encryption Center dialog box. 2.
PAGE 688
20 Configuring encryption storage targets Configuring encryption storage targets Adding an encryption target maps storage devices and hosts to virtual targets and virtual initiators within the encryption switch. The storage encryption wizard enables you to configure encryption for a storage device (target). NOTE It is recommended that you configure the host and target in the same zone before configuring them for encryption.
PAGE 689
Configuring encryption storage targets 20 FIGURE 284 Encryption Targets dialog box 3. Click Add. The Configure Storage Encryption welcome screen displays (Figure 285). FIGURE 285 Configure Storage Encryption welcome screen 4. Click Next. The Select Encryption Engine dialog box displays (Figure 286).
PAGE 690
20 Configuring encryption storage targets FIGURE 286 Select Encryption Engine dialog box The dialog box contains the following information: • Encryption engine: The name of the encryption engine. The list of engines depends on the scope being viewed: • If an encryption group was selected, the list includes all engines in the group. • If a switch was selected, the list includes all encryption engines for the switch. • If a single encryption engine was selected, the list contains only that engine.
PAGE 691
Configuring encryption storage targets 20 FIGURE 287 Select Target dialog box The dialog box contains the following information: • Target Port WWN: The world wide name of the target port in the same fabric as the encryption engine. • Target Port Name: The name of the target port in the same fabric as the encryption engine. • Target Node WWN: The world wide name of the target node in the same fabric as the encryption engine. • Target Node Name: The name of the target device.
PAGE 692
20 Configuring encryption storage targets FIGURE 288 Select Hosts dialog box The dialog box contains the following information: • Hosts in Fabric table: Lists the available hosts in the fabric. • Selected Hosts table: Lists the hosts that have been selected to access the target. • Port WWN: The world wide name of the host ports that are in the same fabric as the encryption engine. • Node WWN: The world wide name of the host nodes that are in the same fabric as the encryption engine.
PAGE 693
Configuring encryption storage targets 20 • Right arrow button: Moves a host from the Host in Fabric table to the Selected Hosts table. • Left arrow button: Removes a host from the Selected Hosts table. • Add button: Click to manually add host port world wide names or host node world wide names to the Selected Hosts table. 8. Select hosts using either of the following methods: a.
PAGE 694
20 Configuring encryption storage targets FIGURE 290 Confirmation dialog box The screen contains the following information: • Encryption Engine: The slot location of the encryption engine. • Container Name: The logical encryption name used to map storage targets and hosts to virtual targets and virtual initiators. • • • • Target Device Port: The world wide name of the target device port. Host Node WWN: The world wide name of the host node. Host Port WWN: The world wide name of the host port.
PAGE 695
Configuring encryption storage targets 20 FIGURE 291 Configuration Status screen The screen contains the following information: • Device: The device type (target or host). • Device Port WWN: The port world wide name. • Represented by VI/VT: The virtual target (VT) mapped to the physical target or virtual initiator (VI) representing the host. • VI/VT Port WWN: The port world wide name of the virtual target or virtual initiator.
PAGE 696
20 Configuring hosts for encryption targets FIGURE 292 Next Steps screen The screen contains the following information: • Important Instructions: Instructions about post-configuration tasks you must complete after you close the wizard. For example, you must zone the physical hosts and the target together and then you encrypt the LUNs using the Storage Device LUNs dialog box. • Copy to Clipboard button: Saves a copy of the instructions. • Print button: Prints the configuration. 14.
PAGE 697
Configuring hosts for encryption targets 20 NOTE You can also select a group, switch, or engine from the Encryption Center Devices table, then click the Targets icon. The Encryption Targets dialog box displays (Figure 293). FIGURE 293 Encryption Targets dialog box 3. Select a target storage device from the list, then click Hosts. The Encryption Target Hosts dialog box displays (Figure 294). The Hosts in Fabric table lists the configured hosts in a fabric.
PAGE 698
20 Adding target disk LUNs for encryption NOTE Both the Host Ports in Fabric table and the Selected Hosts table now contain a Port ID column to display the 24-bit PID of the host port. 4. Select one or more hosts in a fabric using either of the following methods: a. Select a maximum of 1024 hosts from the Hosts in Fabric table, then click the right arrow to move the hosts to the Selected Hosts table. (The Port WWN column contains all target information that displays when using the nsshow command.) b.
PAGE 699
Adding target disk LUNs for encryption 20 The Encryption Disk LUN View dialog box displays (Figure 295). FIGURE 295 Encryption Disk LUN View dialog box The dialog box provides a convenient way to view and manage disk LUNs that are provisioned from different hosts, identify conflicts between configuration policies on storage systems, and to provide a launching point for the Add New Path wizard for configuring multiple I/O paths to the LUN.
PAGE 700
20 Adding target disk LUNs for encryption FIGURE 296 Select Target Port dialog box The dialog box is used to select a target port when configuring multiple I/O paths to a disk LUN. The dialog box contains the following information: • Storage Array: The Storage Array selected from the LUN view prior to launching the Add New Path wizard. • Host: The host selected from the LUN view prior to launching the Add New Path wizard.
PAGE 701
Adding target disk LUNs for encryption 20 The dialog box is used to select an initiator port when configuring multiple I/O paths to a disk LUN. The dialog box contains the following information: • Storage Array: Displays the storage array that was selected from the LUN view prior to launching the wizard. • Host: The host selected from the LUN view prior to launching the wizard.
PAGE 702
20 Adding target disk LUNs for encryption • LUN table: Available LUNs identified by the following: • Host • LUN Number • LUN Serial Number • Current LUN State: Options are Encrypted, which is automatically selected if the LUN has a key ID; Clear Text, and