- Community Home
- >
- Storage
- >
- Entry Storage Systems
- >
- Disk Enclosures
- >
- Re: Isolate a lun to one machine
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 06:58 AM
тАО03-25-2009 06:58 AM
1 Va7110 with luns 0 - 5
6 HPUX servers
Lun 0 all servers see it
Lun 1&2 server H see (mirror of vg00 & vg01)
Lun 3 server TW sees it
Lun 4 server H sees it.
Lun 5 I am trying to isolate to server TH
Except for Lun 0 and 5 (just created and configured in secure manager in the VA to go to TH). Problem is that all servers can see it when you do an ioscan -fnCdisk.
It has been suggested that I do port isolation on the switches somehow to say Lun 5 is ONLY viewable by server TH and none others.
Do I need to user any of the arm commands also? It has only been 5 years since we last touched this and all memory is long gone.
Thanks in advance.
Chuck
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 07:10 AM
тАО03-25-2009 07:10 AM
Re: Isolate a lun to one machine
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 07:13 AM
тАО03-25-2009 07:13 AM
Re: Isolate a lun to one machine
Read the current contents of the security table into file secure.txt on host with
alias green. The password is the default value, AUTORAID.
armsecure -r -f secure.txt -p AUTORAID green
Write the security table stored in file secure.txt to array alias green. The
password is s33k3r. Clear the exisitng table before writing the new one, and
re-enable Secure Manager.
armsecure ├в w -c ├в f secure.txt -p s33k3r green
armsecure ├в e -p s33k3r green
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 07:15 AM
тАО03-25-2009 07:15 AM
Re: Isolate a lun to one machine
Write the security table stored in file secure.txt to array alias green. The
password is s33k3r. Clear the exisitng table before writing the new one, and
re-enable Secure Manager.
armsecure -w -c -f secure.txt -p s33k3r green
armsecure -e -p s33k3r green
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 08:34 AM
тАО03-25-2009 08:34 AM
Re: Isolate a lun to one machine
The commands you suggest appear that your are going to unload the access table, wipe it out and then load it back. What kind of change can that cause?
from the command:
armsecure -r -f /tmp/stuff -p passw0rd va7110
I get
# more /tmp/stuff
DEFAULT 0 WC
NODEWWN 50060b0000236bc7 1 W
NODEWWN 50060b0000236bc7 2 W
NODEWWN 50060b0000236bc7 4 W
NODEWWN 50060b0000236c6b 3 W
NODEWWN 50060b000023b999 1 W
NODEWWN 50060b000023b999 2 W
NODEWWN 50060b000023b999 4 W
NODEWWN 50060b000023b9a5 5 W
NODEWWN 50060b000023b9e5 5 W
NODEWWN 50060b0000242599 3 W
DEFAULT 1 0
DEFAULT 2 0
DEFAULT 3 0
DEFAULT 4 0
DEFAULT 5 W
which pretty well matches what is in the attatched screen shot from the VA itself.
Item 5 to each of the two san swithches is how I have it. That part I feel I have right.
How do I set things up after that so that ONLY server TH can see the lun?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 08:46 AM
тАО03-25-2009 08:46 AM
SolutionCan you see what is wrong?
DEFAULT 1 0
DEFAULT 2 0
DEFAULT 3 0
DEFAULT 4 0
DEFAULT 5 W
The default for LUN 5 is write access for all servers:
...Permissions
0 - No access. Denies all access to the LUN. By default each LUN (except
LUN 0) is assigned this permission when it is created. LUN 0 is assigned ├в CW├в
permission. If a host is denied access to a LUN, the host operating system will
not ├в see├в the LUN. This value is represented as ├в None├в in the GUI Secure
Manager table.
On versions of firmware prior to HP14, the default LUN table entries grant Write
access to all hosts.
W - Write access. Grants a host full access to all data on the LUN. With write
permission, a host can write data to the LUN, and read all data on the LUN. A table
entry granting a host write permission to a LUN overrides the No Access security
imposed by default on all other hosts.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 09:17 AM
тАО03-25-2009 09:17 AM
Re: Isolate a lun to one machine
disk 20 1/0/2/0/0.2.0.0.0.0.5 sdisk NO_HW DEVICE HP A6189B
From server M I have the following:
disk 26 0/2/0/0.1.0.0.0.0.5 sdisk NO_HW DEVICE HP A6189B
/dev/dsk/c6t0d5 /dev/rdsk/c6t0d5
Again I am trying to get only one server to see this Lun.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 09:34 AM
тАО03-25-2009 09:34 AM
Re: Isolate a lun to one machine
NO_HW indicates the server cannot access it any longer. This will disappear after a reboot (or use rmsf).
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2009 04:31 AM
тАО03-26-2009 04:31 AM
Re: Isolate a lun to one machine
Chuck