HPE Community
HPE EVA Storage
1827414 Members
5000 Online
109965 Solutions
New Discussion

OV SAM and Secure Fabric OS

 
Esteban Essed
Occasional Contributor

‎07-27-2004 10:07 PM

‎07-27-2004 10:07 PM

OV SAM and Secure Fabric OS

Hello,

Can anyone say if the use of Secure Fabric OS has any influence on the in-band discovery of OV SAM?

Some of our servers can only be discovered using in-band discovery (no lan connection possible because of security reasons), but the SAN is restricted as much as possible using Secure Fabric OS on the HP/Brocade switches.

Kind Regards,
Esteban Essed.
0 Kudos
Reply
6 REPLIES 6
Andy McCreath
Frequent Advisor

‎07-28-2004 02:07 AM

‎07-28-2004 02:07 AM

Re: OV SAM and Secure Fabric OS

Shouldn't do, the SAM works at a WWN level which is reported through the fabric, unless your intention is to refuse WWN display on all the fabric ports things should continue to work nicely.
www.kimberly-clark.com
0 Kudos
Reply
Esteban Essed
Occasional Contributor

‎07-28-2004 06:05 PM

‎07-28-2004 06:05 PM

Re: OV SAM and Secure Fabric OS

Thanks for your reply.

> unless your intention is to refuse WWN display on all the fabric ports

What do you mean exactly by this sentence? We do use DCC policies to assign one WWN to a switch port (to prevent WWN spoofing from a compromised host).

Is it like when the OV SAM-server is connected to the fabric and has at least one LUN assigned it can discover the whole fabric?


Esteban.
0 Kudos
Reply
Fernando Bandeira
Frequent Advisor

‎07-28-2004 08:04 PM

‎07-28-2004 08:04 PM

Re: OV SAM and Secure Fabric OS

Hi Esteban

OVSAM is only able to communicate with hosts via the IP network. It is actually quite critical that this works, because once the host has a host agent installed, the OVSAM Management server will contact these hosts (via IP) on a regular basis, and then perform an inband discovery of the devices it sees at an HBA level. This means that, in your case, you will not properly resolve (or map) the devices that dont support SNMP (like the EVA, HSG, etc) because the management server needs the hosts to communicate with them.

Th reason why you still pick up these devices and hosts (but in an unknown state) in OVSAM, is because the switches are managed out-of-band, and he is able to erad the name server table, and therefore know that hosts and devices are connected, but not be able to talk to them in order to resolve them more accurately.

It is therefore critical for the functioning of OVSAM that your network allow communication between the hosts and the management server.

Hope this helps.

Regards
Fernando
0 Kudos
Reply
Esteban Essed
Occasional Contributor

‎07-28-2004 08:39 PM

‎07-28-2004 08:39 PM

Re: OV SAM and Secure Fabric OS

Hi Fernando,

Thanks for clearing this out. When reading that the Host Agent software enables in-band communication I thought IP was no longer necessary.

My problem is that we have a high security area with hosts to and from which normal ip-traffic is not allowed. They are however on the same fabric as one of the OV SAM-servers outside this area will be. I thought in-band discovery would find them.....

Do you see any possibility? Can I manually add the hosts (the only devices in this area are hosts) to OV SAM and communicate in-band? Or is it impossible for me to manage anything on the other side of the firewall?

Esteban.
0 Kudos
Reply
Derek_31
Valued Contributor

‎07-31-2004 08:24 AM

‎07-31-2004 08:24 AM

Re: OV SAM and Secure Fabric OS

Have you looked into running IPFC? You can run IP over fibre channel. The new Emulex STORport drivers from HP now appear to support IPFC, at least it says so in the name server, unlike the SCSIport drivers. I know Brocade switches support IP over FC.
0 Kudos
Reply
Esteban Essed
Occasional Contributor

‎08-02-2004 08:47 PM

‎08-02-2004 08:47 PM

Re: OV SAM and Secure Fabric OS

Thanks for your suggestion, but because of security issues I'm not allowed to use IP over the fibre.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.