1 / 44

XP120000 LUN Configuration and Security Manager

XP120000 LUN Configuration and Security Manager. Module 7. HP Restricted. Objectives. Describe host groups and their benefits Use the CV GUI and CLI to configure host groups and perform LUN operations, such as adding, changing, and deleting LUNs

ide
Download Presentation

XP120000 LUN Configuration and Security Manager

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XP120000 LUN Configuration andSecurity Manager Module 7 HP Restricted

  2. Objectives • Describe host groups and their benefits • Use the CV GUI and CLI to configure host groups and perform LUN operations, such as adding, changing, and deleting LUNs • Use the CV GUI and CLI to create command devices and make changes to port parameters • Describe the benefits provided by the Configuration File Loader • Describe LUN Security XP Extension operations HP Restricted

  3. LUN management overview • LUN management enables you to configure • LUNs • LU paths • LUN Security • Command devices for use by RAID Manager • Fibre Channel ports HP Restricted

  4. LUN Mapping? • “LUN Mapping” should really be called “Volume Mapping”, since that’s what is being accomplished. • LUN Mapping is the process of mapping a Volume to a CHIP (Client Host Interface Processor) port for the purpose of allowing an external host to use the volumes for storage. HP Restricted

  5. Mapping a Volume to a Port • An XP Volume (CU:LDEV) is visible to a server as a logical storage device (a LUN or Disk), only after being mapped to an array port that is connected to the server. • Alternate Paths: • A Volume mapped to more than one array port is said to have an alternate path. • A Volume with multiple paths to a server, will appear to a server as multiple and separate storage devices. • Two devices on a server with the same XP Array Volume (CU:LDEV) number are really alternate paths to the same Volume. HP Restricted

  6. LUN security overview • LUN Security is integrated with LUN Management • A default host group is associated to each port • To assign LUNs to a port, a host group must exist • Each host group can have a different host mode assigned to it • Permitted host WWNs are added through the host group HP Restricted

  7. Host group Host group Host group Host group HP-UX 01 HP-UX 02 HP-UX 03 Solaris 04 Port Port CL1 - B CL1 - A Disk subsystem Host group Host group Host gr oup Host group AIX 03 Solaris 04 HP-UX 01 HP-UX 02 (HP) CU:LDEV CU:LDEV CU:LDEV CU:LDEV LU N 0 LU N 0 LU N 0 LU N 0 00:20 02:01 01:05 00:22 LUN 1 LUN 1 LUN 1 LUN 1 00:21 02:02 01:06 00:23 LUN2 LUN2 02:06 02:06 1 1 LUN3 LUN3 01:23 03:06 2 2 LUN4 LUN4 00:24 03:07 3 3 LUN5 LUN5 04:27 03:08 1 1 LUN management and host groups HP Restricted

  8. XP512/48 and XP12000 Comparison XP12000 – 1024 LUNs/Port Port XP512/48 – 256 LUNs/Port LUN0 LDEV WWN Grp 0 Server A HP-UX LUN1 LDEV Port HP-UX LUN2 LDEV Server A LUN3 LDEV …….. …….. LDEV LUN0 Server B Solaris …….. Server B …….. WWN Grp 1 LUN1 LDEV LUN2 LDEV …….. …….. LUN3 LDEV …….. …….. Server X Server X NT WWN Grp X ………………. LUN#0 available for each Host Group LUN2 LUN0 LUN255 LUN3 LUN1 LUN7 LDEV LDEV LDEV LDEV LDEV LDEV Host Modeset for each Host Group Host Modeset for each port HP Restricted

  9. Comparison – HOST Port Logical HP Restricted

  10. LUN management • up to 1024 LUNs/host group & max. 1024 LUNs/port • up to 256 LUNs/NAS port • up to 255 host groups/port; 1024 WWN/ports & 1024 WWN/host group • max. 57,344 host groups/subsystem • max. 262144 LUNs/DKC • 64 CUs, 16384 LDEVs (2nd release, 8192LDEV 1st rel.) • some system modes can be set per host group • (CAUTION DO NOT USE!) HP Restricted

  11. XP12000/XP12000 host connectivity • LUN definition needs host group with LUN Security enabled • Up to 1024 WWNs per host group Host A HP Host B HP Host C Sun Host D Sun WWN0 WWN1 WWN2 WWN3 Host XP1024/128 Port : CL1-A (EF) Port : CL1-B (E8) Host Grp0 Host Grp1 Host Grp0 WWN0 WWN2 WWN1 WWN3 WWN0 LUN 0 (0:00) LUN 0 (0:20) LUN 0 (0:00) LUN 1 (0:01) LUN 1 (0:24) LUN 1 (0:01) LUN 2 (0:02) LUN 2 (2:36) LUN 2 (2:36) Cannot assign the sameWWN to different hostgroups on same port No limitation for LUNto volume assignments LUN to volume assignmentis independent across ports HP Restricted

  12. LUN0 LUN0 LUN1 LUN1 LUN security Host group Host group HP-UX G01 Windows G02 PortCL1-A Host group Host group Windows G02 HP-UX G01 (HP) CU:LDEV CU:LDEV 02:00 01:05 02:01 02:02 HP Restricted

  13. Host group 01 Host group Host group HP-UX G01 1A -G00 Windows G02 Port CL1 - A Host group Host group Host group 0 HP-UX G01 Windows G02 (HP) CU:LDEV LU N 0 00:01 LUN 1 01:04 Configuring LUN security disabled When LUN Security is disabled, hosts can only gain access to LUNs associated with host group XX-G00 HP Restricted

  14. Host group Host group HP-UX G01 Windows G02 Port CL1 - A Host group Windows G02 Host group HP-UX G01 (HP) CU:LDEV CU:LDEV LU N 0 LU N 0 01:05 02:00 LUN 1 LUN 1 02:01 02:02 Configuring LUN security enabled When LUN security is enabled, hosts can only gain access to LUNs associated with their host group HP Restricted

  15. Host groups • Basic capability with • LUN Security disabled • only host group XX-G00 visible • up to 512 LUNs with a single host mode • all hosts have access to all LUNs • LUN Security enabled • only LUNs in non-default host group are visible to hosts • up to 255 host groups per port with host modes • up to 1024 LUNs per host group • up to 1024 LUNs per port • 1024 WWNs per host group • 65k host groups per array HP Restricted

  16. Starting LUN Management GUI Select Modify mode Port pane shows configured CHIP ports Click LUN Management LUN Management pane WWN pane LDEV pane shows configured LDEVs HP Restricted

  17. Setting the security switch 1. Choose LUN Security:OFFONto enable port security 2. Click YES to enable port security 3. Click Apply to set configuration changes HP Restricted

  18. Defining LU paths overview Four major steps • Finding WWNs of open-system hosts • Creating host groups • Registering hosts (WWNs) in host groups • Associating host groups with logical volumes HP Restricted

  19. Creating (adding) a host group 1. Right-click theport and selectAdd New Host Group 2. Enter the HostGroup Nameand select theHost Mode.Click OK when done 3. Click Apply to set configuration changes HP Restricted

  20. Modifying a host group 1. Right-click thehost group and select Change Host Group 2. Input changes to the Host Group Name and Host Mode.Click OK when done 3. Click Apply to set changes HP Restricted

  21. Deleting a host group 1. Right-click the host group and select Delete Host Group 2. Click YES to confirm host group deletion 3. Click Apply to set changes HP Restricted

  22. Adding a WWN 1. Right-click the host group and select Add New WWN 2. Enter the WWNand Nickname.Click OK when done 3. Click Apply toset changes HP Restricted

  23. Modifying a WWN 1. Right-click the WWN and select Change WWN & Nickname 2. Edit the WWN and/or Nickname. Click OK when finished 3. Click Apply to set configuration changes HP Restricted

  24. Deleting a WWN 1. Right-click the WWN and select Delete WWN 2. Click YES to delete the WWN 3. Click Apply to set configuration changes HP Restricted

  25. Defining LU paths — associating host groups with logical volumes Select a host group. Click an LDEV to assign to a LUN #, drag and drop the LDEV onto the LUN # assignment 2. Click OK to confirm LUN path creation 3. Click Apply to set configuration changes HP Restricted

  26. Deleting an LU path 1. Right-click a LUN and select Release LU path 3. Click Apply to set configuration changes 2. Click OK to confirm LUN path deletion HP Restricted

  27. Creating a command device 1. Right-click a LUN and choose Command Device:OFFON 2. Click YES to confirm Command Device creation 3. Click Apply to set configuration changes HP Restricted

  28. Configuring Fibre Channel ports HP Restricted

  29. Changing a port parameter 2. Select the new parameters to apply to the CHIP port 1. Select a CHIP port to configure Current CHIP port parameters 3. Click Set toapply changes 4. Click Apply to set configuration changes HP Restricted

  30. Configuration File Loader HP Restricted

  31. Configuration File Loader overview • Sets disk array configurations by applying a saved configuration definition file • Saves time and reduces errors when applying the same configuration to multiple arrays or making large-scale changes • Two main components • Configuration File Loader screen is used to • Export a spreadsheet file that includes the current configuration information • Import a file, which can be defined offline, that contains the new configuration • Spreadsheet file of current configuration information HP Restricted

  32. Requirements and main tasks • Requirements • Configuration File Loader comes preloaded from factory • In addition to the Command View requirements, also install • Spreadsheet software or text editor • LUN Configuration and Security Manager XP • Main tasks • Accessing Configuration File Loader • Exporting the current settings spreadsheet • Editing the spreadsheet • Importing the edited spreadsheet • Checking for errors HP Restricted

  33. LUN Security Extension overview • Provides data protection to an XP disk array from I/O operations performed on open systems hosts • Allows an access attribute to be assigned to each logical volume • With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost, and stolen • LUN Security Extension also offers the capability to freeze data activity within the environment. This ensures that logical volumes whose retention period expires will not return to Read/Write mode. This feature is called Expiration Lock (also called Audit Lock) HP Restricted

  34. LUN Security Extension overview • OpenLDEV Guard (Hitachi name) • Provides data protection to an XP disk array from I/O operations performed on open systems hosts. • Allows an access attribute to be assigned to each logical volume. • With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost and stolen. • Configuration through CV/XP or RaidManager • Retention time needs to be specified for each LDEV • Requires: • LUN Security Extension license key – license based on raw capacity • XP 1024 FW version 21.07.04 or later (21.08.05 strongly recommended) HP Restricted

  35. Access attributes • To restrict read and write operations on logical volumes, an access attribute must be assigned to each logical volume. • Three access attributes are available • Read/Write—Allows open systems hosts to perform both read and write operations on the logical volume • Read Only—Allows open systems hosts to perform read, but not write operations on the logical volume • Protect—Open systems hosts cannot access the logical volume or perform any read or write operations on it • Access attributes cannot be assigned to mainframe volumes or logical volumes that are not mapped to physical devices • Examples of access attributes HP Restricted

  36. Retention term • If you change the access attribute of a logical volume to Read Only or Protect, you will be prohibited from changing the access attribute to Read/Write for a selected period of time. • The LUN Security Extension pane displays the words Retention Term to define the period of time when attempts to change access attribute to Read/Write are prohibited. • You are prompted to specify a retention term when you change the access attribute of a logical volume to Read Only or to Protect. • After you specify the retention term, you can extend the term but cannot shorten it. HP Restricted

  37. LUN Security Extension operation HP Restricted

  38. Changing access attributes of logical volumes 1. 2. 3. 1. Select the access attribute. 2. Set the Retention Term 3. Click Apply HP Restricted

  39. Prohibiting changes to read/write volumes even after the retention term ends When expiration lock is OFF, access attributes of logical volumes can be changed to Read/Write even after the retention term ends. When expiration lock is ON, access attributes of logical volumes cannot be changed to Read/Write even after the retention term ends. HP Restricted

  40. Protecting Logical Volumes against CA and BC operations • Assigning the Read Only or Protect attribute is one way to prevent data in a volume from being overwritten by Continuous Access (CA) and Business Copy (BC) copy operations. • Volumes with the Read Only or Protect attribute are protected against these copy operations, but are also protected against any other form of write operations. • Lun Security Extension allows to prohibit a logical volume from being specified as a secondary volume (a copy destination volume) for CA or BC operations. HP Restricted

  41. Preventing Command View users from configuring LU paths and command devices • If the Reserved column displays a hyphen (-), Command View users can change LU path settings and command device settings on the logical volume • If the Reserved column displays RAID Manager, Command View users cannot change LU path or command device settings on the logical volume: only RAID Manager can be used HP Restricted

  42. Learning check HP Restricted

  43. Lab activity HP Restricted

  44. HP Restricted

More Related