Disk Enclosures
1748216 Members
3423 Online
108759 Solutions
New Discussion юеВ

Re: VA7110 armsecure with/without secure manager

 
SOLVED
Go to solution
Thayanidhi
Honored Contributor

VA7110 armsecure with/without secure manager

Hi,
Can I use armsecure without having secure manager license?
When security is desabled all hp-ux systems trying to probe VA and gives error while running SAM. I don't want all the servers to probe the VA. The system whcih will manage the array has CV-SDM and it is running properly.
Any other alternate for this issue.
of course not using SAM looks to be better option!!

Thanks and Regards
TT
Attitude (not aptitude) determines altitude.
8 REPLIES 8
Torsten.
Acclaimed Contributor
Solution

Re: VA7110 armsecure with/without secure manager

The armsecure command is part of the secure manager. The array has a demo license installed by default up to 50GB. This means, you can secure up to 50GB of data without a license.

You can try to "secure" only LUN 0.

But if you want to "hide" the array completely from other servers, you should consider to use the zoning feature of your switches.

What is the error message?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Thayanidhi
Honored Contributor

Re: VA7110 armsecure with/without secure manager

Hi,

Thanks for your reply.
It's not an error. when I open "Disks and Filesystem" in SAM, it takes lot of time to say it cannot find array details.

OK. If I secure only LUN 0 will other servers stop searching for VA?

If I use the "demo" license, will it work for ever provided the LUN 0 is less than 50GB.

Regds
TT
Attitude (not aptitude) determines altitude.
Torsten.
Acclaimed Contributor

Re: VA7110 armsecure with/without secure manager

The LUN 0 should be only 10 ~ 20 MB in size and never used for data. This is the recommendation.

AFAIK, HP-UX won't found other LUNs if it cannot find LUN 0.

There is no "time to use" restriction for the demo license.

Anyway, consider to use zoning to "hide" the array from other servers.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Thayanidhi
Honored Contributor

Re: VA7110 armsecure with/without secure manager

Hi,
LUN 0 is only 10MB and not used for any data.
So, you mean If I mask LUN 0 for hosts, those hosts cannot see any LUNs in the Array?

Coming to Zoning. zoning can be done either at port level or at WWN level. In either case I want all the servers to see array because they have LUNs need to accessed from array. Individual LUNs, does they seperate WWNs?
My situation is I have 4 servers connected to VA through SAN switch. Only one installed with CV-SDM. How do I make all other servers work normally within SAM. I don't mind seeing the other LUNs used by other servers shown as Unused. As long as the Administrator Knows it's not really unused!

Regds
TT
Attitude (not aptitude) determines altitude.
Torsten.
Acclaimed Contributor

Re: VA7110 armsecure with/without secure manager

"So, you mean If I mask LUN 0 for hosts, those hosts cannot see any LUNs in the Array?" - Yes.

If all servers have LUNs on the array, you should use secure manager or you should be very, very careful.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Thayanidhi
Honored Contributor

Re: VA7110 armsecure with/without secure manager

Hi,
I am careful, I always read LVM headers before I do a pvcreate. Also every thing is documented. Is there any way to avoid SAM probing the VA?

Regards
TT
Attitude (not aptitude) determines altitude.
Torsten.
Acclaimed Contributor

Re: VA7110 armsecure with/without secure manager

I guess SAM is going to touch everything he can see. You can't prevent this. Your solution is named secure manager ;-)

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Gene Dinkey_1
Advisor

Re: VA7110 armsecure with/without secure manager

Thayanidhi,

If you need to mask VA LUN's the only way to do this at the LUN level is to use Secure Manager (armsecure). As was mentioned previously the VA comes with a 50GB "teaser" license. If you need to secure more than 50GB worth of LUN's you will need to purchase the license.

Since you have multiple servers in your environment it is strongly recomended that LUN security be in place, this prevents the possibility of another host accessing a LUN it shouldn't be.

There is no way to secure the VA on a LUN by LUN basis using fabric zoning. Fabric zoning can be used to restrict access to the array controllers but that is as far as it goes.

To fix the SAM problems you are having that is normally a patch issue. Check ITRC for the latest patches for your OS version, specifically the SAM and LVM patches.

Regards

Gene Dinkey