HP XP P9000 Provisioning for Mainframe Systems User Guide
Table Of Contents
- HP XP P9000 Provisioning for Mainframe Systems User Guide
- Contents
- 1 Introduction to provisioning
- About provisioning
- Basic provisioning
- Fixed-sized provisioning
- Disadvantages
- When to use fixed-sized provisioning
- Custom-sized provisioning
- When to use custom-sized provisioning
- Basic provisioning workflow
- Thin Provisioning Overview
- Thin Provisioning Z
- Thin Provisioning Z concepts
- When to use Thin Provisioning Z
- Thin Provisioning Z advantages
- Thin Provisioning Z advantage example
- Thin Provisioning Z work flow
- Smart Tiers Z
- Tiers concept
- When to use Smart Tiers Z
- Resource groups strategies
- Complimentary strategies
- Key terms
- Before you begin
- About pool volumes
- 2 Configuring resource groups
- System configuration using resource groups
- Resource groups examples
- Meta_resource
- Resource lock
- User groups
- Resource group assignments
- Resource group license requirements
- Resource group rules, restrictions, and guidelines
- Creating a resource group
- Adding resources to a resource group
- Removing resources from a resource group
- Managing Resource Groups
- Using Resource Partition and other P9500 products
- 3 Configuring custom-sized provisioning
- Virtual LVI/Virtual LUN functions
- VLL requirements
- VLL specifications
- SSID requirements
- VLL size calculations
- Create LDEV function
- Blocking an LDEV
- Restoring a blocked LDEV
- Editing an LDEV name
- Deleting an LDEV (converting to free space)
- Formatting LDEVs
- Making external mainframe system volumes usable
- Assigning a processor blade
- Using a system disk
- 4 Configuring thin provisioning
- Thin Provisioning Z overview
- Smart Tiers Z overview
- Thin provisioning requirements
- Using Thin Provisioning Z or Smart Tiers Z with other P9500 products
- Thin Provisioning Z workflow
- Smart Tiers Z
- About tiered storage
- Tier monitoring and data relocation
- Smart Pool
- Tier monitoring and relocation cycles
- Tier relocation flow
- Tier relocation rules, restrictions, and guidelines
- Buffer area of a tier
- Smart Tiers Z cache specifications and requirements
- Execution modes for tier relocation
- Monitoring modes
- Notes on performing monitoring
- Downloading the tier relocation log file
- Tiering policy
- Tiering policy expansion
- Tiering policy examples
- Setting tiering policy on a THP V-VOL
- Tiering policy levels
- Viewing the tiering policy in the performance graph
- Reserving tier capacity when setting a tiering policy
- Example of reserving tier capacity
- Notes on tiering policy settings
- New page assignment tier
- Relocation priority
- Assignment tier when pool-VOLs are deleted
- Formatted pool capacity
- Rebalancing the usage level among pool-VOLs
- Execution mode settings and tiering policy
- Changing the tiering policy level on a THP V-VOL
- Changing new page assignment tier of a V-VOL
- Opening the Edit Tiering Policies window
- Changing a tiering policy
- Changing relocation priority setting of a V-VOL
- Smart Tiers Z workflow
- Smart Tiers Z tasks and parameters
- Managing Smart Tiers Z
- Changing a pool for Smart Tiers Z to a pool for Thin Provisioning Z
- Working with pools
- Working with THP V-VOLs
- Thresholds
- Working with SIMs
- Managing pools and THP V-VOLs
- Viewing pool information
- Viewing formatted pool capacity
- Viewing the progress of rebalancing the usage level among pool-VOLs
- Increasing pool capacity
- Changing a pool name
- Recovering a blocked pool
- Decrease pool capacity
- Deleting a tier in a pool
- Deleting a pool
- Changing external LDEV tier rank
- Increasing THP V-VOL capacity
- Changing the name of a THP V-VOL
- About releasing pages in a THP V-VOL
- Enabling/disabling tier relocation of a THP V-VOL
- Deleting a THP V-VOL
- 5 Configuring access attributes
- 6 Protecting volumes from I/O operations
- Overview of Volume Security for Mainframe
- Volume Security for Mainframe Requirements
- Volume Security for Mainframe Functions
- Protecting Volumes from I/O Operations at Mainframe Hosts
- Warnings Regarding Volume Security for Mainframe
- Supported Volume Emulation Types
- Maximum Number of Groups
- Maximum Number of Hosts and Volumes
- Launching Volume Security for Mainframe
- Viewing Security Settings
- Locating Volumes in a Specified Security Group
- Locating Security Groups that Contain a Specified Host
- Locating Volumes in a Security Group that Contains a Specified Host
- Locating Ports through Which Hosts Can Access Volumes
- Locating Security Groups that Contain a Specified Volume
- Locating Hosts in a Security Group that Contains a Specified Volume
- Locating Security Groups that Contain a Specified Host Group
- Locating Security Groups that Contain a Specified LDEV Group
- Limiting Host Access
- Prohibiting Host Access
- Protecting Volumes from Copy Operations
- Disabling Volume Security for Mainframe
- Editing Security Groups
- Editing Host Groups
- Editing LDEV Groups
- 7 Troubleshooting
- 8 Support and other resources
- A RAID Manager command reference
- B Resource Partition GUI reference
- C LDEV GUI reference
- Parity Groups window
- Parity Groups window after selecting Internal (or External) under Parity Groups
- Window after selecting a parity group under Internal (or External) of Parity Groups
- Window after selecting Logical Devices
- Create LDEVs wizard
- Edit LDEVs wizard
- Change LDEV Settings window
- View SSIDs window
- Select Free Spaces window
- Select Pool window
- View LDEV IDs window
- View Physical Location window
- Edit SSIDs window
- Change SSIDs window
- Format LDEVs wizard
- Restore LDEVs window
- Block LDEVs window
- Delete LDEVs window
- LDEV Properties window
- Top window when selecting Components
- Top window when selecting controller chassis under Components
- Edit Processor Blades wizard
- Assign Processor Blade wizard
- View Management Resource Usage window
- D Thin Provisioning Z and Smart Tiers Z GUI reference
- Pools window after selecting pool (Pools window)
- Top window when selecting a pool under Pools
- Create Pools wizard
- Expand Pool wizard
- Edit Pools wizard
- Delete Pools wizard
- Expand V-VOLs wizard
- Restore Pools window
- Shrink Pool window
- Stop Shrinking Pools window
- Complete SIMs window
- Select Pool VOLs window
- Reclaim Zero Pages window
- Stop Reclaiming Zero Pages window
- Pool Property window
- View Tier Properties window
- Monitor Pools window
- Stop Monitoring Pools window
- Start Tier Relocation window
- Stop Tier Relocation window
- View Pool Management Status window
- Edit External LDEV Tier Rank wizard
- Edit Tiering Policies wizard
- Change Tiering Policy Window
- E Volume Retention GUI reference
- F Volume Security for Mainframe GUI reference
- Volume Security for Mainframe window
- Add/Change Security Group Dialog Box
- Add/Change Host Group Dialog Box
- Add/Change LDEV Group Dialog Box
- Select LDEV Dialog Box
- Select Port Dialog Box
- Specify Security Group Dialog Box
- Host to Security Group Dialog Box
- Host to LDEV Dialog Box
- Host Group to Security Group Dialog Box
- Host Group to Port Dialog Box
- LDEV to Security Group Dialog Box
- LDEV to Host Dialog Box
- LDEV Group to Security Group Dialog Box
- Error Detail Dialog Box
- Glossary
- Index
Protecting Volumes from I/O Operations at Mainframe Hosts
Volume Security for Mainframe enables you to protect volumes from unauthorized access by
mainframe hosts. To protect volumes from unauthorized access, you must create security groups
and register mainframe hosts and volumes in security groups. Security groups are classified in
access groups or pool groups. If you want to allow some but not all mainframe hosts to access
volumes, you must classify the security group as an access group. If you want to exclude all
mainframe hosts from access volumes, you must classify the security group as a pool group.
Enabling Only the Specified Hosts to Access Volumes
If you want to allow some but not all mainframe hosts in your network to access volumes, you must
register the mainframe hosts and the volumes in an access group. For example, if you register two
hosts (host_A and host_B) and two volumes (vol_C and vol_D) in an access group, only the two
hosts will be able to access vol_C and vol_D. No other hosts will able to access vol_C and vol_D.
If mainframe hosts are registered in an access group, the hosts will be able to access volumes in
the same access group, but will be unable to access other volumes. For example, if you register
two hosts (host_A and host_B) and two volumes (vol_C and vol_D) in an access group, the two
hosts can access vol_C and vol_D, but no other volumes.
To register hosts in an access group, you must create a host group, register the hosts in the host
group, and then register the host group in the desired access group. To register volumes in an
access group, you must create an LDEV group, register the volumes in the LDEV group, and then
register the LDEV group in the desired access group. Any access group may contain only one host
group and one LDEV group.
In security example shown in the next figure, six mainframe hosts are attached to a storage system.
Two access groups are created and the following security settings are applied:
• The ldev1 and ldev2 volumes are accessible from only host1, host2, and host3 because the
two volumes and the three hosts are registered to the same access group.
• The ldev4 volume is accessible from only host4 because ldev4 and host4 are registered to
the same access group.
• The ldev5 volume does not belong to any access group. For this reason, hosts that belong to
access groups cannot access ldev5. The ldev5 volume is accessible from only host5 and host6,
which are not registered to access groups.
140 Protecting volumes from I/O operations