440 likes | 602 Views
XP120000 LUN Configuration and Security Manager. Module 7. HP Restricted. Objectives. Describe host groups and their benefits Use the CV GUI and CLI to configure host groups and perform LUN operations, such as adding, changing, and deleting LUNs
E N D
XP120000 LUN Configuration andSecurity Manager Module 7 HP Restricted
Objectives • Describe host groups and their benefits • Use the CV GUI and CLI to configure host groups and perform LUN operations, such as adding, changing, and deleting LUNs • Use the CV GUI and CLI to create command devices and make changes to port parameters • Describe the benefits provided by the Configuration File Loader • Describe LUN Security XP Extension operations HP Restricted
LUN management overview • LUN management enables you to configure • LUNs • LU paths • LUN Security • Command devices for use by RAID Manager • Fibre Channel ports HP Restricted
LUN Mapping? • “LUN Mapping” should really be called “Volume Mapping”, since that’s what is being accomplished. • LUN Mapping is the process of mapping a Volume to a CHIP (Client Host Interface Processor) port for the purpose of allowing an external host to use the volumes for storage. HP Restricted
Mapping a Volume to a Port • An XP Volume (CU:LDEV) is visible to a server as a logical storage device (a LUN or Disk), only after being mapped to an array port that is connected to the server. • Alternate Paths: • A Volume mapped to more than one array port is said to have an alternate path. • A Volume with multiple paths to a server, will appear to a server as multiple and separate storage devices. • Two devices on a server with the same XP Array Volume (CU:LDEV) number are really alternate paths to the same Volume. HP Restricted
LUN security overview • LUN Security is integrated with LUN Management • A default host group is associated to each port • To assign LUNs to a port, a host group must exist • Each host group can have a different host mode assigned to it • Permitted host WWNs are added through the host group HP Restricted
Host group Host group Host group Host group HP-UX 01 HP-UX 02 HP-UX 03 Solaris 04 Port Port CL1 - B CL1 - A Disk subsystem Host group Host group Host gr oup Host group AIX 03 Solaris 04 HP-UX 01 HP-UX 02 (HP) CU:LDEV CU:LDEV CU:LDEV CU:LDEV LU N 0 LU N 0 LU N 0 LU N 0 00:20 02:01 01:05 00:22 LUN 1 LUN 1 LUN 1 LUN 1 00:21 02:02 01:06 00:23 LUN2 LUN2 02:06 02:06 1 1 LUN3 LUN3 01:23 03:06 2 2 LUN4 LUN4 00:24 03:07 3 3 LUN5 LUN5 04:27 03:08 1 1 LUN management and host groups HP Restricted
XP512/48 and XP12000 Comparison XP12000 – 1024 LUNs/Port Port XP512/48 – 256 LUNs/Port LUN0 LDEV WWN Grp 0 Server A HP-UX LUN1 LDEV Port HP-UX LUN2 LDEV Server A LUN3 LDEV …….. …….. LDEV LUN0 Server B Solaris …….. Server B …….. WWN Grp 1 LUN1 LDEV LUN2 LDEV …….. …….. LUN3 LDEV …….. …….. Server X Server X NT WWN Grp X ………………. LUN#0 available for each Host Group LUN2 LUN0 LUN255 LUN3 LUN1 LUN7 LDEV LDEV LDEV LDEV LDEV LDEV Host Modeset for each Host Group Host Modeset for each port HP Restricted
Comparison – HOST Port Logical HP Restricted
LUN management • up to 1024 LUNs/host group & max. 1024 LUNs/port • up to 256 LUNs/NAS port • up to 255 host groups/port; 1024 WWN/ports & 1024 WWN/host group • max. 57,344 host groups/subsystem • max. 262144 LUNs/DKC • 64 CUs, 16384 LDEVs (2nd release, 8192LDEV 1st rel.) • some system modes can be set per host group • (CAUTION DO NOT USE!) HP Restricted
XP12000/XP12000 host connectivity • LUN definition needs host group with LUN Security enabled • Up to 1024 WWNs per host group Host A HP Host B HP Host C Sun Host D Sun WWN0 WWN1 WWN2 WWN3 Host XP1024/128 Port : CL1-A (EF) Port : CL1-B (E8) Host Grp0 Host Grp1 Host Grp0 WWN0 WWN2 WWN1 WWN3 WWN0 LUN 0 (0:00) LUN 0 (0:20) LUN 0 (0:00) LUN 1 (0:01) LUN 1 (0:24) LUN 1 (0:01) LUN 2 (0:02) LUN 2 (2:36) LUN 2 (2:36) Cannot assign the sameWWN to different hostgroups on same port No limitation for LUNto volume assignments LUN to volume assignmentis independent across ports HP Restricted
LUN0 LUN0 LUN1 LUN1 LUN security Host group Host group HP-UX G01 Windows G02 PortCL1-A Host group Host group Windows G02 HP-UX G01 (HP) CU:LDEV CU:LDEV 02:00 01:05 02:01 02:02 HP Restricted
Host group 01 Host group Host group HP-UX G01 1A -G00 Windows G02 Port CL1 - A Host group Host group Host group 0 HP-UX G01 Windows G02 (HP) CU:LDEV LU N 0 00:01 LUN 1 01:04 Configuring LUN security disabled When LUN Security is disabled, hosts can only gain access to LUNs associated with host group XX-G00 HP Restricted
Host group Host group HP-UX G01 Windows G02 Port CL1 - A Host group Windows G02 Host group HP-UX G01 (HP) CU:LDEV CU:LDEV LU N 0 LU N 0 01:05 02:00 LUN 1 LUN 1 02:01 02:02 Configuring LUN security enabled When LUN security is enabled, hosts can only gain access to LUNs associated with their host group HP Restricted
Host groups • Basic capability with • LUN Security disabled • only host group XX-G00 visible • up to 512 LUNs with a single host mode • all hosts have access to all LUNs • LUN Security enabled • only LUNs in non-default host group are visible to hosts • up to 255 host groups per port with host modes • up to 1024 LUNs per host group • up to 1024 LUNs per port • 1024 WWNs per host group • 65k host groups per array HP Restricted
Starting LUN Management GUI Select Modify mode Port pane shows configured CHIP ports Click LUN Management LUN Management pane WWN pane LDEV pane shows configured LDEVs HP Restricted
Setting the security switch 1. Choose LUN Security:OFFONto enable port security 2. Click YES to enable port security 3. Click Apply to set configuration changes HP Restricted
Defining LU paths overview Four major steps • Finding WWNs of open-system hosts • Creating host groups • Registering hosts (WWNs) in host groups • Associating host groups with logical volumes HP Restricted
Creating (adding) a host group 1. Right-click theport and selectAdd New Host Group 2. Enter the HostGroup Nameand select theHost Mode.Click OK when done 3. Click Apply to set configuration changes HP Restricted
Modifying a host group 1. Right-click thehost group and select Change Host Group 2. Input changes to the Host Group Name and Host Mode.Click OK when done 3. Click Apply to set changes HP Restricted
Deleting a host group 1. Right-click the host group and select Delete Host Group 2. Click YES to confirm host group deletion 3. Click Apply to set changes HP Restricted
Adding a WWN 1. Right-click the host group and select Add New WWN 2. Enter the WWNand Nickname.Click OK when done 3. Click Apply toset changes HP Restricted
Modifying a WWN 1. Right-click the WWN and select Change WWN & Nickname 2. Edit the WWN and/or Nickname. Click OK when finished 3. Click Apply to set configuration changes HP Restricted
Deleting a WWN 1. Right-click the WWN and select Delete WWN 2. Click YES to delete the WWN 3. Click Apply to set configuration changes HP Restricted
Defining LU paths — associating host groups with logical volumes Select a host group. Click an LDEV to assign to a LUN #, drag and drop the LDEV onto the LUN # assignment 2. Click OK to confirm LUN path creation 3. Click Apply to set configuration changes HP Restricted
Deleting an LU path 1. Right-click a LUN and select Release LU path 3. Click Apply to set configuration changes 2. Click OK to confirm LUN path deletion HP Restricted
Creating a command device 1. Right-click a LUN and choose Command Device:OFFON 2. Click YES to confirm Command Device creation 3. Click Apply to set configuration changes HP Restricted
Configuring Fibre Channel ports HP Restricted
Changing a port parameter 2. Select the new parameters to apply to the CHIP port 1. Select a CHIP port to configure Current CHIP port parameters 3. Click Set toapply changes 4. Click Apply to set configuration changes HP Restricted
Configuration File Loader HP Restricted
Configuration File Loader overview • Sets disk array configurations by applying a saved configuration definition file • Saves time and reduces errors when applying the same configuration to multiple arrays or making large-scale changes • Two main components • Configuration File Loader screen is used to • Export a spreadsheet file that includes the current configuration information • Import a file, which can be defined offline, that contains the new configuration • Spreadsheet file of current configuration information HP Restricted
Requirements and main tasks • Requirements • Configuration File Loader comes preloaded from factory • In addition to the Command View requirements, also install • Spreadsheet software or text editor • LUN Configuration and Security Manager XP • Main tasks • Accessing Configuration File Loader • Exporting the current settings spreadsheet • Editing the spreadsheet • Importing the edited spreadsheet • Checking for errors HP Restricted
LUN Security Extension overview • Provides data protection to an XP disk array from I/O operations performed on open systems hosts • Allows an access attribute to be assigned to each logical volume • With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost, and stolen • LUN Security Extension also offers the capability to freeze data activity within the environment. This ensures that logical volumes whose retention period expires will not return to Read/Write mode. This feature is called Expiration Lock (also called Audit Lock) HP Restricted
LUN Security Extension overview • OpenLDEV Guard (Hitachi name) • Provides data protection to an XP disk array from I/O operations performed on open systems hosts. • Allows an access attribute to be assigned to each logical volume. • With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost and stolen. • Configuration through CV/XP or RaidManager • Retention time needs to be specified for each LDEV • Requires: • LUN Security Extension license key – license based on raw capacity • XP 1024 FW version 21.07.04 or later (21.08.05 strongly recommended) HP Restricted
Access attributes • To restrict read and write operations on logical volumes, an access attribute must be assigned to each logical volume. • Three access attributes are available • Read/Write—Allows open systems hosts to perform both read and write operations on the logical volume • Read Only—Allows open systems hosts to perform read, but not write operations on the logical volume • Protect—Open systems hosts cannot access the logical volume or perform any read or write operations on it • Access attributes cannot be assigned to mainframe volumes or logical volumes that are not mapped to physical devices • Examples of access attributes HP Restricted
Retention term • If you change the access attribute of a logical volume to Read Only or Protect, you will be prohibited from changing the access attribute to Read/Write for a selected period of time. • The LUN Security Extension pane displays the words Retention Term to define the period of time when attempts to change access attribute to Read/Write are prohibited. • You are prompted to specify a retention term when you change the access attribute of a logical volume to Read Only or to Protect. • After you specify the retention term, you can extend the term but cannot shorten it. HP Restricted
LUN Security Extension operation HP Restricted
Changing access attributes of logical volumes 1. 2. 3. 1. Select the access attribute. 2. Set the Retention Term 3. Click Apply HP Restricted
Prohibiting changes to read/write volumes even after the retention term ends When expiration lock is OFF, access attributes of logical volumes can be changed to Read/Write even after the retention term ends. When expiration lock is ON, access attributes of logical volumes cannot be changed to Read/Write even after the retention term ends. HP Restricted
Protecting Logical Volumes against CA and BC operations • Assigning the Read Only or Protect attribute is one way to prevent data in a volume from being overwritten by Continuous Access (CA) and Business Copy (BC) copy operations. • Volumes with the Read Only or Protect attribute are protected against these copy operations, but are also protected against any other form of write operations. • Lun Security Extension allows to prohibit a logical volume from being specified as a secondary volume (a copy destination volume) for CA or BC operations. HP Restricted
Preventing Command View users from configuring LU paths and command devices • If the Reserved column displays a hyphen (-), Command View users can change LU path settings and command device settings on the logical volume • If the Reserved column displays RAID Manager, Command View users cannot change LU path or command device settings on the logical volume: only RAID Manager can be used HP Restricted
Learning check HP Restricted
Lab activity HP Restricted