FW V06.XX/HAFM SW V08.02.00 HP StorageWorks SAN High Availability Planning Guide (AA-RS2DD-TE, July 2004)
Table Of Contents
- SAN HA Planning Guide
- Contents
- About this Guide
- Introduction to HP Fibre Channel Products
- Product Management
- Planning Considerations for Fibre Channel Topologies
- Fibre Channel Topologies
- Planning for Point-to-Point Connectivity
- Characteristics of Arbitrated Loop Operation
- Planning for Private Arbitrated Loop Connectivity
- Planning for Fabric-Attached Loop Connectivity
- Planning for Multi-Switch Fabric Support
- Fabric Topologies
- Planning a Fibre Channel Fabric Topology
- Fabric Topology Design Considerations
- FICON Cascading
- Physical Planning Considerations
- Port Connectivity and Fiber-Optic Cabling
- HAFM Appliance, LAN, and Remote Access Support
- Inband Management Access (Optional)
- Security Provisions
- Optional Features
- Configuration Planning Tasks
- Task 1: Prepare a Site Plan
- Task 2: Plan Fibre Channel Cable Routing
- Task 3: Consider Interoperability with Fabric Elements and End Devices
- Task 4: Plan Console Management Support
- Task 5: Plan Ethernet Access
- Task 6: Plan Network Addresses
- Task 7: Plan SNMP Support (Optional)
- Task 8: Plan E-Mail Notification (Optional)
- Task 9: Establish Product and HAFM Appliance Security Measures
- Task 10: Plan Phone Connections
- Task 11: Diagram the Planned Configuration
- Task 12: Assign Port Names and Nicknames
- Task 13: Complete the Planning Worksheet
- Task 14: Plan AC Power
- Task 15: Plan a Multi-Switch Fabric (Optional)
- Task 16: Plan Zone Sets for Multiple Products (Optional)
- Index
Physical Planning Considerations
160 SAN High Availability Planning Guide
■ Is typically proprietary and protects only a specific vendor’s storage devices.
Storage-level access control may not be available for many legacy devices.
Security Best Practices
When implementing a enterprise data security policy, establish a set of best
practice conventions using methods described in this section in the following
order of precedence (most restrictive listed first):
1. SANtegrity Binding — The SANtegrity Binding feature is recommended for
large and complex SANs with fabrics and devices provided by multiple
OEMs or that intermix FCP and FICON protocols. The feature is required for
FICON-cascaded high-integrity SANs. SANtegrity Binding includes:
— Fabric binding (configured and enabled through the HAFM application)
that allows only user-specified directors or switches to attach to specified
fabrics in a SAN.
— Switch binding (configured and enabled through the Element Manager
application) that allows only user-specified devices and fabric elements to
connect to specified director or fabric switch ports.
SANtegrity Binding explicitly prohibits connections that are not user
configured (unauthorized ISLs or device connections do not initialize and
devices do not log in) and takes precedence over allowed connectivity in
PDCM arrays, allowed connectivity through hard or soft zoning, preferred
path configurations, or device-level access control.
2. PDCM arrays — In FICON environments, connectivity control is configured
and managed at the director or switch level using a PDCM array, where a user
specifies which logical port addresses are allowed or prohibited from
connecting with each other, including E_Port connectivity.
Port-to-port connectivity is hardware enforced at each fabric element, and
explicitly prohibited connections take precedence over allowed connectivity
through hard or soft zoning, preferred path configurations, or device-level
access control. However, a connection allowed through a PDCM array may
be prohibited through SANtegrity Binding.
3. Hardware-enforced zoning — The function of hard zoning is to ensure that
route tables are programmed at each fabric element that explicitly allow
devices to communicate only if the devices are in the same zone. Zoning
configurations are hardware-enforced at each fabric element source port. Hard
zoning impacts devices only and does not prohibit E_Port (ISL) connectivity.