Secure Manager write table options - Append or Clear?

H Hodges
Occasional Contributor

My first time posting here so I hope to be doing this right!
I have a VA7100 with 2 N4000's attached via fibre channel through a brocade switch. I have LUN's defined for each server and I'm using Secure Manager to 'secure' the LUN's. Each server sees only its own LUN's.
My question is, when I create new LUN's and add table entries in Secure Manager to assign these LUN's to a respective server, when I do the write table, do I select APPEND or CLEAR? I "think" I select APPEND, but the description in the documentation for the two options is a bit hazy.
Eugeny Brychkov
Honored Contributor

Environment: VA with security applied, some hosts with access permissions set to allow them to access certain LUNs.
Example 1: you create some more permanent LUNs. Want to give access to some hosts in the SAN. Then you enter these LUNs with HBA WWNs and permission levels into secure manager, and click 'append'. This way hosts will get access to LUNs in order to added security entries;
Example 2. You want to add some security entries AND want to remove some. Then you download current security table into the file or secure manager GUI, edit it adding some entries and deleting some, and then click 'clear'. This way complete table in secure manager GUI will replace current VA security table. Note: do not do it on the fly. If you'll make mistake and host will lose access to LUN due to new security table rights then all pending I/Os may be lost
H Hodges
Occasional Contributor

Thanks for the quick response Eugeny.

Your example 1 fits my situation - all I've done is create 3 additional LUN's (no changes to anything), then used Secure Manager GUI to add table entries, selected the host, it's two WWN, the new LUN's, set the permissions I want and clicked OK. Now, I want to be sure when I select 'append' on the 'write table' window, that it won't impact the LUN's already defined for either host. In other words, if I select append, it'll update the table with the 3 LUN's I added and my hosts won't lose access to any of their previously defined LUN's.
scott fuhrman_2
Occasional Advisor

Just to clarify, this is from the CommandView SDM GUI Help:

APPEND: The append mode will append the currently displayed table to the table on the device. Duplicates will be handled by the device.

CLEAR: The clear mode will clear the table on the device before writing the currently displayed table.

So basically the append mode is usually a bit safer, and should be used if you are just adding more entries to the table. The clear mode would be used in a situation where maybe you have moved the array to a new host and need a completely new security configuration, or want to start over with how you are securing the VA.

Hopefully that makes it a bit more clear.