Manual de instrucciones de HP (Hewlett-Packard) STORAGEWORKS XP24000

Resumen del contenido incluido en la página 1

HP StorageWorks
XP24000/XP20000 Volume Security User's
Guide
Abstract
This document describes and provides instructions for configuring and performing Volume Security operations
on the HP storage system.
Part number: T5214-96074
Sixth edition: June 2009

Resumen del contenido incluido en la página 2

Legal and notice information © Copyright 2008-2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties

Resumen del contenido incluido en la página 3

Contents 1 Overview of Volume Security ............................................................... 7 Overview ................................................................................................................................... 7 Terminology ............................................................................................................................... 7 2 About Volume Security Operations ....................................................... 9 Overview of Volum

Resumen del contenido incluido en la página 4

Locating Ports through Which Hosts Can Access Volumes ........................................................ 45 Locating Security Groups that Contain a Specified Volume ....................................................... 45 Locating Hosts in a Security Group that Contains a Specified Volume ........................................ 46 Locating Security Groups that Contain a Specified Host Group ................................................. 46 Locating Security Groups that Contain a Spec

Resumen del contenido incluido en la página 5

Figures 1 Security Example 1 ................................................................................................. 10 2 Security Example 2 ................................................................................................. 11 3 Security Example 3 ................................................................................................. 12 4 The Volume Security Window ................................................................................... 16 5 Security

Resumen del contenido incluido en la página 6

Tables 1 Acronyms and Abbreviations .................................................................................... 73 6

Resumen del contenido incluido en la página 7

1 Overview of Volume Security Unless otherwise specified, the term storage system in this guide refers to the following disk arrays: • HP StorageWorks XP24000 Disk Array • HP StorageWorks XP20000 Disk Array • HP StorageWorks XP12000 Disk Array • HP StorageWorks XP10000 Disk Array The GUI illustrations in this guide were created using a Windows computer with the Internet Explorer browser. Actual windows may differ depending on the operating system and browser used. GUI contents also vary with lic

Resumen del contenido incluido en la página 8

referred to as S-VOLs, or source volumes. Secondary volumes are often referred to as T-VOLs, or target volumes. 8 Overview of Volume Security

Resumen del contenido incluido en la página 9

2 About Volume Security Operations Overview of Volume Security Functions The Volume Security feature protects data in your storage system from I/O operations performed at mainframe hosts. Volume Security enables you to apply security to volumes so that the specified mainframe hosts will be unable to read from and write to the specified volumes. Volume Security also enables you to prevent data on volumes from being overwritten by erroneous copy operations. Volume Security can be used in conjuncti

Resumen del contenido incluido en la página 10

• The volume ldev4 is accessible only from host4 because ldev4 and host4 are registered in the same access group. • The volume ldev5 does not belong to any access groups. For this reason, hosts in access groups cannot access ldev5. ldev5 is only accessible from host5 and host6, which are not registered in access groups. Figure 1 Security Example 1 Port-Level Security Usually, hosts are connected to two or more ports via cables and have access to volumes via these ports. In the security example i

Resumen del contenido incluido en la página 11

Figure 2 Security Example 2 If no ports are registered in a host group, hosts in the host group can access volumes via ports to which the hosts are connected. This manual uses the term port-level security, which is a security policy for enabling hosts to access volumes only via ports registered in host groups and thus prohibiting hosts to access the volumes via other ports. CAUTION: Before you apply security, you should confirm what hosts are performing I/O operations on volumes in access groups

Resumen del contenido incluido en la página 12

volumes (vol_A and vol_B) in a pool group, all the mainframe hosts connected to your storage system will be unable to access vol_A and vol_B. To register volumes in a pool group, you must create an LDEV group, register the volumes in the LDEV group, and then register the LDEV group in the desired pool group. Any pool group can only contain one LDEV group. In Figure 3, a pool group is created. Volumes in this pool group (that is, ldev7, ldev8, and ldev9) are inaccessible from all the hosts: Figur

Resumen del contenido incluido en la página 13

When applying security, make sure that your security settings are correct. If incorrect security settings are made, the system will be difficult or impossible to control. If the CPU of a mainframe host is upgraded after you apply security settings, you must execute the system command D M=CPU at the mainframe host to obtain the latest information about the host. Next, you must use the latest information to update host information in the Add/Change Host dialog box (for details, see “The Add/Change

Resumen del contenido incluido en la página 14

• 3390-9, 3390-9A, 3390-9B, 3390-9C • 3390-L, 3390-LA, 3390-LB, 3390-LC • 3390-M, 3390-MA, 3390-MB, 3390-MC • PCB types: Volume Security supports the following PCB types: • ESCON or ACONARC • FICON or FIBARC Maximum Possible Number of Groups Volume Security enables you to create up to 128 security groups per storage system, and up to 64 security groups per LDKC. Security groups are classified into access groups and pool groups: • One access group can contain only one host group and one LDEV grou

Resumen del contenido incluido en la página 15

3 Using the Volume Security GUI This chapter explains Volume Security window and dialog boxes. The Volume Security Window The Volume Security window (Figure 4) appears when you start Volume Security. This window is the starting point for all the Volume Security operations. To start the Volume Security software: 1. Log on to the disk array to open the Remote Web Console main window. For details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide. 2. Click Go, Mainframe Connec

Resumen del contenido incluido en la página 16

Figure 4 The Volume Security Window Item Description Displays the security, host, and LDEV groups assigned to each LDKC defined on the Security Group tree storage system. For details see “Security Group Tree ” on page 16. Displays the type, model, SEQNUMBER, Logical Partition (LPAR) and vendor of each Hosts table host. For details, see “Hosts Table” on page 18. Allows you to select the desired command unit(s) available in each group. When you CU list select a CU image, the table below shows a li

Resumen del contenido incluido en la página 17

• Double-click Security Group and a list of security groups appears. Then select a host group or LDEV group in that security group. • Double-click Host Group and a list of host groups appears. Then select a specific host group. • Double-click LDEV Group. The tree view shows the host group and/or LDEV group registered in the security group. Figure 5 Security Group Tree Icon Description Indicates an access group whose volumes can be used as secondary volumes (i.e., copy destination volumes) for co

Resumen del contenido incluido en la página 18

Icon Description Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group is classified as an access group. Also, volumes in this security group can be used as secondary volumes (i.e., copy destination volumes) for copy operations. Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group will be classified as an access group. Also

Resumen del contenido incluido en la página 19

Figure 6 Hosts Table Column Description No. A sequential number associated with a host (or channel extender). Type/Model Type and model number of a host (or a channel extender). SEQNUMBER Node ID of a host (or a channel extender). LPAR The logical partition number of a host. The host vendor. Vendors include FJT (Fujitsu), IBM, HTC (Hitachi), and CNT(Ex). Vendor If CNT(Ex) appears, the table row indicates the type, model number, and node ID of a channel extender. If you make any change to a host,

Resumen del contenido incluido en la página 20

Figure 7 LDEV table Column Description The volume ID (in hexadecimal from 00 to FF) NOTE: LDEV A volume ID ending in # (for example, 00#) indicates , the volume is an external volume. The emulation type of the volume Emulation The volume status: • An asterisk (*) denotes a secondary volume (copy destination) for USP V/VM Attribute copy software. • A plus symbol (+) denotes that one or more LU paths are assigned to the volume. The Add/Change Security Group Dialog Box The Add/Change Security Group