HP STORAGEWORKS XP20000 User's Manual
Contents
1. 58 Performing Volume Security Operations Editing Security Groups This section explains the following operations which allow you to edit your security groups Unregistering a host group from a security group see Unregistering a Host Group on page 59 Unregistering an LDEV group from a security group see Unregistering an LDEV Group on page 59 Renaming a security group see Renaming Security Groups on page 60 Deleting a security group see Deleting Security Groups on page 61 Unregistering a Host Group To unregister a host group from a security group take the following steps To unregister a host group from a security group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Locate and double click a security group The tree view displays the host group in the specified security group 4 Right click the host group and the select Delete from the pop up menu A message appears and asks if you want to unregister the specified host group 5 Click Yes to close the message A CAUTION Here the changes in the window have not been applied to the storage system 6 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the changes to the storage system 7 Click Yes The changes are applied to the storage system Unregistering an LDEV Group To unregister an LDEV group from a security2. The Add Change Security Group Dialog Box The Add Change Security Group dialog box Figure 8 appears when you right click a security group or the Security Group entry in the tree view of the Volume Security window Figure 4 and then select Add Change from the pop up menu This dialog box enables you to 20 create a security group and classify the security group as an access group or a pool group sees Creating a Security Group for Use As an Access Group on page 52 and Creating a Security Group for Use As a Pool Group on page 55 prevent data in volumes from being overwritten by copy operations see Protecting Volumes from Copy Operations on page 57 disable security settings see Disabling Volume Security on page 58 rename security groups see Renaming Security Groups on page 60 delete security groups see Deleting Security Groups on page 61 Using the Volume Security GUI Ij aaachange security Group LDKC 00 Security Group Security Group Status T VOUR VOL GRPOO Disable Access Enable GRPOT Disabie Access Enable Enter Security Group GRPor Security Group Status T VOUR VOL C No Change C No Change No Change C Enable Access Enable Disable C Pool Disable Change OK Cancel Figure 8 The Add Change Security Group Dialog Box ltem Description LDKC Indicates the selected LDKC number Descriptive information about the security groups in the
3. 3 56 Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Right click a security group A pop up menu appears Select Specify and then Security Group from the pop up menu The Specify Security Group dialog box Figure 14 appears Performing Volume Security Operations 5 Use the Select Security Group drop down list to select a security group in which you want to register an LDEV group 6 Use the LDEV Group drop down list to select an LDEV group that you want to register in the security group and then click OK 7 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 8 Click Yes The settings are applied to the storage system A CAUTION If the Error Detail dialog box section The Error Detail Dialog Box on page 41 appears see the Caution in section Port Level Security Implementation on page 10 and then remove errors Protecting Volumes from Copy Operations The following procedure makes volumes in a security group unusable as secondary volumes that is copy destination volumes for copy operations so you will be able to protect data the volumes from being overwritten by copy operations To make volumes in a security group unusable as secondary volumes 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC n
4. and the LDEV group see Registering a Host Group and an LDEV Group in a Security Group on page 53 To register hosts in a host group I 2 3 48 Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Right click a host group A pop up menu appears Select Specify and then Host from the pop up menu The Add Change Host dialog box Figure 11 appears and displays a list of hosts Select and then right click one or more hosts that you want to register If a host is indicated by the icon B or BF the host is already registered in the specified host group For details on the meaning of icons see The Add Change Host Dialog Box on page 27 If ports are registered in the displayed host group you can register only the hosts that do not belong to any other host group You cannot register hosts that belong to any other host group Performing Volume Security Operations If no ports are registered in the displayed host group you can register the following hosts e hosts that do not belong to any host group hosts belonging to host groups in which no ports are registered However you cannot register hosts belonging to host groups in which ports are registered 6 Select Registration and then Register Host in Host Group from the pop up menu The specified hosts are displayed by blue and also indicated by the 5 icon or the MF icon 7 Click OK in the Add Change Host
5. select Enable or Disable Select Enable if you want make volumes in the security group usable as secondary volumes that is copy destination volumes for copy operations Select Disable if you want make volumes in the security group unusable as secondary volumes that is copy destination volumes for copy operations 9 Click Add Information about the new security group is added to the Security Group List table and is displayed in blue 10 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 11 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 12 Click Yes The settings are applied to the storage system 52 Performing Volume Security Operations Registering a Host Group and an LDEV Group in a Security Group Now that you have classified your security group as an access group your next and the last task is to register your host group and LDEV group into the security group When you finish registration the volumes in the LDEV group are secured and can only be accessed by hosts in the host group Other hosts cannot access the volumes To register a host group and an LDEV group into a security group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click a security group A pop up menu appears 4
6. In Figure 3 a pool group is created Volumes in this pool group that is Idev7 Idev8 and Idev9 are inaccessible from all the hosts Storage system Access group lt gt Security group access group or pool group ZD Host group or LDEV group gt This arrow indicates which host can access which volume Figure 3 Security Example 3 Protecting Volumes from Erroneous Copy Operations When storage system copy software TrueCopy for Mainframe Universal Replicator for Mainframe Shadowlmage for Mainframe and HP StorageWorks XP for FlashCopy Mirroring Software or XP for FlashCopy Mirroring V2 Software is used to perform copy operations data will be overwritten onto the secondary volumes that is the copy destination volumes If a volume containing important data is specified as a secondary volume that is the copy destination volume by mistake storage system copy software operations can overwrite important data on the volume and you could suffer loss of important data Volume Security enables you to avoid such loss of data If a volume contains data that should not be overwritten you can prevent the volume from being used as a secondary volume that is the copy destination volume Secondary volumes that is copy destination volumes are often referred to as remote volumes or R VOLs in the Hitachi TrueCopy for Mainframe User s Guide Also secondary volumes are referred to as target volumes or T VOLs in the
7. LDKC e Security indicates whether the security settings in the security group are Enabled or Disabled CAUTION It is possible that security settings are disabled even if Enabled is displayed If the Status is Access and the security group contains neither a host nor an LDEV group security settings in the security group are disabled unconditionally e Group Status indicates whether the security group is an Access or a Pool group If Access appears the security group is an access group volumes in the group can be accessed only by hosts registered in the same group If Pool appears the security group is a pool group Securit volumes in the group cannot be accessed by any hosts Group List e T VOL R VOL indicates whether volumes in the security group can be used as secondary volumes i e copy destination volume Enable indicates the volumes can be used as second ary volumes Disable indicates the volumes cannot be used as secondary volumes NOTE Secondary volumes that is copy destination volumes are often referred to as remote volumes or R VOLs in the Hitachi TrueCopy for Mainframe User s Guide Also secondary volumes are referred to as target volumes or T VOLs in the Hitachi Shadowlmage for Mainframe User s Guide XP24000 XP20000 Volume Security User s Guide 21 ltem Description Enter Secur ity Group When creating a new security group you enter the name of the security group in this Enter Securi
8. Specify and then Port from the pop up menu The Select Port dialog box Figure 13 appears and displays a list of ports 5 From the Port list in the Unregistered port box select one or more ports via which hosts in the host group should access volumes Next click the Regist button The specified ports are displayed in blue in the Port list in the Registered port box To select all the ports in the Port list in the Unregistered port box click the Select All button XP24000 XP20000 Volume Security User s Guide 49 If hosts registered in the host group are also registered in another host group you cannot register ports in the Port list in the Registered port box and thus you cannot implement port level security Click OK in the Select Port dialog box The Select Port dialog box closes and you are returned to the Volume Security window A CAUTION Here the settings in the window have not been applied to the storage system Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system Click Yes The settings are applied to the storage system Creating an LDEV Group To specify volumes that should be secured you must create an LDEV group and then register the volumes in the LDEV group The following procedure explains how to create an LDEV group For details on how to register volumes in an LDEV group see Registering Volumes in an LDEV Group on pa
9. User s Guide 75 P pool group port level security overview 10 R R VOL 12 related documentation 7 1 S secondary volume 12 Security disabling 58 policy 7 security enabling the specified hosts to access volumes 47 example 10 11 12 prohibiting all hosts from accessing LDEVs 33 protecting volumes from copy operations 57 security group classifying as a pool group 55 classifying as an access group 52 creating 52 55 maximum possible number 14 registering a host group in 53 registering an LDEV group in 53 56 Select LDEV dialog box 29 Select Port dialog box 31 Specify Security Group dialog box 32 storage capacity values conventions 7 storage systems supported models 7 Subscriber s Choice HP 72 T T VOL 12 technical support 72 HP 71 V volume emulation types 13 Volume Security group maximum possible number 7 Volume Security window 16 volumes maximum possible number 14 76 W websites HP 72 HP Subscriber s Choice for Business 72 product manuals 7 1 windows Volume Security window 16
10. Volume Security User s Guide 31 ltem Description Applies settings in the Select Port dialog box to the Volume Security window and then closes the Select Port dialog box CAUTION OK Clicking OK applies the settings to the Volume Security window but does not apply the settings to the storage system To apply the security settings to the subsystem you must continue to click Apply in the Volume Security window until they appear in the dialog box Cancel Discards settings in the Select Port dialog box and then closes the dialog box The Specity Security Group Dialog Box The Specify Security Group dialog box Figure 14 appears when you right click an LDKC or a security group in the tree view of the Volume Security window Figure 4 select Specify and then Security Group from the pop up menu This dialog box enables you to register a host group and an LDEV group in a security group see Registering a Host Group and an LDEV Group in a Security Group on page 53 i Specify Security Group LDKC 00 Select Security Group GRPOO ioscan A LDEV Group lk Dvo0 bt E Cancel Figure 14 The Specify Security Group Dialog Box ltem Description LDKC Indicates the number of the selected LDKC Select Security Group Specifies the security group in which you want to register a host group and an LDEV group Host Group Specifies a host group that you want to re
11. are connected Note however that Volume Security Port Option enables you to prohibit hosts from accessing volumes via specified ports For example if a host named host1 is connected to two ports port and port2 you can permit the host to access volumes via port and prohibit the host from accessing volumes via port2 Port Level Security Implementation To implement such portlevel security first you must determine ports via which hosts can access volumes and then you must register the ports in host groups For example if you register host and port in the same host group named hg1 and then register hg1 in an access group host1 can access volume via port but cannot access volumes via port2 In Figure 2 the following security settings are applied e The hosts host host2 and host3 can access the volumes Idev1 and Idev2 via port1 port2 and port3 However the hosts cannot access the volumes via other ports The host host4 can access the volume Idev4 via port4 However the host cannot access the volume via other ports 10 About Volume Security Operations Host Storage system Access group lt gt Idev1 Security group access group or pool Group Host group lt gt LDEV group This arrow indicates which host can access which volume Figure 2 Security Example 2 If no ports are registered in a host group hosts in the host group can access volumes via ports to which the hosts are connecte
12. group take the following steps To unregister the LDEV group from a security group 1 2 3 Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Locate and double click a security group The tree view displays the LDEV group in the specified security group Right click the LDEV group and the select Delete from the pop up menu A message appears and asks if you want to unregister the specified LDEV group Click Yes to close the message XP24000 XP20000 Volume Security User s Guide 59 A CAUTION Here the changes in the window have not been applied to the storage system 6 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the changes to the storage system 7 Click Yes The changes are applied to the storage system Renaming Security Groups To rename a security group take the following steps To rename a security group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click Security Group or a security group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change Security Group dialog box Figure 8 appears 5 Ensure that the desired security group is selected in the Security Group List table 6 In the Enter Security Group box enter the new name for the security group EY NOTE Security group name
13. information on host operations see the MVS documentation Calling HP Technical Support If you need to call HP technical support make sure to provide as much information about the problem as possible including e The circumstances surrounding the error or failure e The content of any error message s displayed on the host system s XP24000 XP20000 Volume Security User s Guide 69 e The content of any error message s displayed on the Remote Web Console computer The Storage Navigator configuration information use the FD Dump Tool e The service information messages SIMs including reference codes and severity levels displayed by the Remote Web Console computer e The Volume Security or other error code s displayed on the Remote Web Console computer e The exact content of any error messages displayed on the host system s e The service information messages R SIMs including reference codes and severity levels displayed by Remote Web Console and or logged on the host For worldwide technical support information see the HP support website htto www hp com support 70 Troubleshooting 6 Support and Other Resources Related Documentation e HP StorageWorks XP24000 XP20000 Disk Array Owner s Guide e Hitachi Shadowlmage for Mainframe User s Guide e Hitachi TrueCopy for Mainframe User s Guide You can find these documents on the HP Manuals website http www hp com support manuals In the Storage sec
14. must follow the procedure in section Deleting Hosts from Host Groups on page 62 to remove the host from the incorrect host group You can modify information about hosts indicated by F in the Add Change Host dialog box Figure 11 To modify information first select the desired host in the table and then use text boxes and or drop down list to change information Next click Change and then OK Finally click Apply in the Volume Security window Figure 4 To delete a host indicated by from the Add Change Host dialog box Figure 11 you must first select and right click the host select Delete from the pop up menu and then select OK Finally click Apply in the Volume Security window Figure 4 Deleting Hosts from Host Groups To delete hosts from a host group take the following steps To delete hosts from a host group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 62 Performing Volume Security Operations 3 Right click a host group A pop up menu appears 4 Select Specify and then Host from the pop up menu The Add Change Host dialog box Figure 11 appears and displays a list of hosts The icons 5 and MF indicate hosts registered in the specified host group Select and then right click one or more hosts indicated by By or Pi that you want to delete Select Registration and then Unregister Host from Host Group from the pop up menu The specified ho
15. volume Enable indicates the volumes can be used as secondary volumes Disable indicates the volumes cannot be used as secondary volumes Closes the dialog box The Error Detail Dialog Box When you attempt to apply security in the Volume Security window an error might occur if hosts are performing I O operations for details see the Caution in Port Level Security Implementation on page 10 The Error Detail dialog box Figure 22 enables you to find hosts that are performing I O operations For instructions on how to remove errors see Troubleshooting Volume Security on page 69 XP24000 XP20000 Volume Security User s Guide 41 Bf Error detail One or more hosts are performing I O operations on the LDEV s or port security settings are changed Vary the LDEVs offline from the hosts or check the port security settings of Volume Port Security One or more hosts are connected to the LDEVs LDKC 00 oi z LDEV Emulation o0 3390 9 a a 3390 9 02 3390 9 03 3390 9 i 04 3390 9 05 3390 9 06 3390 9 i Figure 22 The Error Detail Dialog Box Description Lists the number of the host available on the selected LDKC which are performing O operations Indicates the number of the selected LDKC Specifies a Command Unit image and forces the display of any volumes on which the host is performing I O operations and which belong to the specif
16. 03390 002 12345678901234 0001 IBM Figure 18 The Host Group to Port Dialog Box Description Indicates the number of the selected LDKC Provides information about a host group where the number groups from left to right indicate First The Type Model the type and model number of a host or a channel extender Second The Node ID of a host or a channel extender Third The Logical Partition Number of the host Fourth The vendor of the host Vendors include FJT Fujitsu IBM HTC Hitachi and CNT Ex If CNT Ex appears the table row indicates the type model number and node ID of a channel extender Host Group Port table Lists ports that are available and registered OK Closes the dialog box The LDEV to Security Group Dialog Box The LDEV to Security Group dialog box Figure 19 appears when you do either of the following in the Volume Security window Figure 4 e when you right click a volume from the lower right table and then select LDEV to Security Group from the pop up menu e when you right click an item in the tree view and then select List gt LDEV to Security Group from the pop up menu The List gt LDEV to Security Group pop up command does not display if you double click a security group and then right click a host group or LDEV group from immediately below the security group This dialog box enables you to specify a volume and then displays security groups in which
17. CL3 A CL5 C m CL5 A CL7 C CL7 A CLT E CL1 B CL3 E CL3 B CL5 E CLE B CL7 E CLI B CLA CLIC sga CLEA CLE A a CI A A Lx Select All Select All OK Cancel Figure 13 The Select Port Dialog Box ltem Description LDKC Indicates the number of the selected LDKC Host Group Specifies a host group in which ports will be registered Registered Port table Shows the registered ports in the host group e LDEV displays the LDEV numbers NOTE When the dialog box opens for the first time the Port list does not display ports This means that hosts in the host group can access volumes via every port displayed in the Port list in the Unregistered port box Select All selects all ports in the Port list Unregistered Port table Lists ports that not registered The Port list lists ports that are not registered in the host group When the dialog box is displayed for the first time the Port list shows all ports on the disk subsystem Select All selects all ports in the Port list Regist Registers ports in the host group If you select ports in the Unregistered port table and then click this button the selected ports are moved to the Port list under Registered port Not Regist Deletes registered ports from the host group If you select a port in the Registered port table and then click this button the selected port s are moved to Unregistered port table XP24000 XP20000
18. EV Groups on page 67 Deleting Volumes from LDEV Groups To delete volumes from an LDEV group take the following steps To delete volumes from an LDEV group 1 2 3 Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Right click an LDEV group A pop up menu appears Select Specify and then LDEV from the pop up menu The Select LDEV dialog box Figure 12 appears Use the CU drop down list to specify a CU image XP24000 XP20000 Volume Security User s Guide 65 The two boxes below the drop down list displays volumes in the specified CU image e The Registered in LDEV group box displays volumes registered in the LDEV group e The Not registered in LDEV group box displays volumes that are not registered in the LDEV group 6 In the Registered in LDEV group box select volumes that you want to delete Then click the Not regist button The selected volumes move to the Not registered in LDEV group box 7 To delete volumes in other CU images return to step 5 8 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 10 Click Yes The settings are applied to the storage system Renaming LDEV Groups To rename an LDEV group take the following steps To rename an LDEV
19. For details on how to disable security see Disabling Volume Security on page 58 e If you are using HP StorageWorks XP for Compatible Parallel Access Volumes Software If you apply security to a Parallel Access Volumes base volume the security settings will also apply to the corresponding alias volume e Removing secured volumes lf you apply security to a volume you will be unable to remove the volume To remove the volume you must disable security on the volume For details on how to disable security see Disabling Volume Security on page 58 e Removing PCBs with secured ports If port level security is applied to your storage system you cannot remove the PCBs printed circuit boards that include secured ports To remove PCBs that include secured ports you must use Volume Security Port Option to disable security on the ports For details on how to disable security see Deleting Ports from Host Groups on page 63 Supported Volume Emulation Types Volume emulation types that is device emulation types Volume Security supports the following volume emulation types e 3380 3 3380 3A 3380 3B 3380 3C e 3390 3 3390 3A 3390 3B 3390 3C 3390 3R XP24000 XP20000 Volume Security User s Guide 13 e 3390 9 3390 9A 3390 9B 3390 9C e 3390 L 3390 LA 3390 LB 3390 LC e 3390 M 3390 MA 3390 MB 3390 MC e PCB types Volume Security supports the following PCB types ESCON or ACONARC e FICON or FIBARC Maximum Possible N
20. Group in a Security Group on page 56 Creating an LDEV Group To specify volumes that should be secured you must create an LDEV group and then register the volumes in the LDEV group XP24000 XP20000 Volume Security User s Guide 53 The following procedure explains how to create an LDEV group For details on how to register volumes in an LDEV group see Registering Volumes in an LDEV Group on page 54 A CAUTION When creating an LDEV group you are strongly recommended to click the Apply button in the Volume Security window as described in the last step of the following procedure If you forget to click Apply you might lose the LDEV group when you encounter an error registering the LDEV group see Registering an LDEV Group in a Security Group on page 56 To create an LDEV group 1 2 3 Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Right click LDEV Group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change LDEV Group dialog box Figure 10 appears 5 In the Enter LDEV Group box enter the name of the LDEV group that you want to create and then click the Add button EY NOTE LDEV group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in host group names Nad 72 lt gt 6 Confirm tha
21. HP StorageWorks XP24000 XP20000 Volume Security User s Guide Abstract This document describes and provides instructions for configuring and performing Volume Security operations on the HP storage system Part number 15214 96074 Sixth edition June 2009 Legal and notice information Copyright 2008 2009 Hewlett Packard Development Company L P Confidential computer software Valid license from HP required for possession use or copying Consistent with FAR 12 211 and 12 212 Commercial Computer Software Computer Software Documentation and Technical Data for Commercial Items are licensed to the U S Government under vendor s standard commercial license The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Export Requirements You may not export or re export this document or any copy or adaptation in violation of export laws or regulations Without limiting the foregoing this document may not be exported re exported transferred or downloaded to or within or to a national resident of countries under U S economic embargo including Cuba Iran North Korea Sudan and Syria This list is subject to cha
22. Hitachi Shadowlmage for Mainframe User s Guide Warnings Regarding Volume Security Do not apply security to volumes on which any job is running If you apply security to such a volume the job will possibly end abnormally 12 About Volume Security Operations When applying security make sure that your security settings are correct If incorrect security settings are made the system will be difficult or impossible to control If the CPU of a mainframe host is upgraded after you apply security settings you must execute the system command D M CPU at the mainframe host to obtain the latest information about the host Next you must use the latest information to update host information in the Add Change Host dialog box for details see The Add Change Host Dialog Box on page 27 If you do not update host information the system will be impossible to control If you are using storage system copy software TrueCopy for Mainframe Universal Replicator for Mainframe Shadowlmage for Mainframe and XP for FlashCopy Mirroring or XP for FlashCopy Mirroring V2 When you use Volume Security to make security settings you must register the primary volume and the secondary volume that is the copy source volume and the copy destination volume in the same LDEV group For details on how to register volumes in LDEV groups see Registering Volumes in an LDEV Group on page 51 or Registering Volumes in an LDEV Group on page 54 If yo
23. OTE Security group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in security group names ip lt gt 6 In the Security box select Enable 7 In the Group Status box select Pool 8 In the T VOL R VOL box select Enable or Disable Select Enable if you want make volumes in the security group usable as secondary volumes that is copy destination volumes for copy operations Select Disable if you want make volumes in the security group unusable as secondary volumes that is copy destination volumes for copy operations 9 Click Add Information about the new security group is added to the Security Group List table and is displayed in blue 10 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 11 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 12 Click Yes The settings are applied to the storage system Registering an LDEV Group in a Security Group Now that you have classified your security group as a pool group your next and the last task is to register your LDEV group into the security group When you finish registration the volumes in the LDEV group are secured and inaccessible from any hosts To register an LDEV group into a security group 1 2
24. Security Group Dialog Box ccisscssesasnsarsncanietannevansnnomeaendsarentoasindeatonscvidesonentnonbeonsies 37 The LDEV te lest Dialog Box tic sincsaciesicisssksloah te wid avoided anita a a e a 38 The LDEV Group to Security Group Dialog Box sii scoorardssncaxtesanprnondinncdiensaeesantondacenatennatinanxtnaseanben 40 The Error Detail Dialog Box sississscisisescteseinoireataispainsonteseavinenn naui A hale E A A a A AR N 41 4 Performing Volume Security Operations cccccccccccceceecesssssteeeeeeeeeees 43 launching Volume Security inns 2 asec reaoansieseeantuaemaimdnoyacsnantiancedsaians ildpiotnininstsoa kuna nentne alata ienontaobenaeedns 43 Viewing Sec rity S tingS seieovisoniaseii Ses ines A A weet soos E E E ERAEN E A EE 43 Locating Volumes in a Specified Security Group c ccccesscceesseeeeeseeecesneeeeeeseeceeseeeseeeeesaeees 44 Locating Security Groups that Contain a Specified Host cccccceceeseeeeeeeeceeeseeeeceeeeenteeeeeaaes 44 Locating Volumes in a Security Group that Contains a Specified Host sccceeseeeereeeeteeeeereeees 44 XP24000 XP20000 Volume Security User s Guide 3 Locating Ports through Which Hosts Can Access Volumes ccccescreeeseteeeeeneeseeneeeeenateeeeneees 45 Locating Security Groups that Contain a Specified Volume ccccseeeeeeeeeeeeeeeeesseeeenteeeenaes 45 Locating Hosts in a Security Group that Contains a Specified Volume ccccceeseeeereeeeteee
25. Select Specify and then Security Group from the pop up menu The Specify Security Group dialog box Figure 14 appears 5 Use the Select Security Group drop down list to select the security group in which you want to register a host group and an LDEV group 6 Use the Host Group drop down list to select the host group that you want to register in the security group 7 Use the LDEV Group drop down list to select the LDEV group that you want to register in the se curity group and then click OK 8 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 9 Click Yes The settings are applied to the storage system A CAUTION If the Error Detail dialog box section The Error Detail Dialog Box on page 41 appears see the Caution in Port Level Security Implementation on page 10 and then remove errors Prohibiting Host Access Volume Security enables you to prohibit all the hosts from accessing the specified volumes To do this take the following major steps Creating an LDEV group see Creating an LDEV Group on page 53 Registering volumes in the LDEV group see Registering Volumes in an LDEV Group on page 54 Creating a security group and classifying the security group as a pool group see Creating a Security Group for Use As a Pool Group on page 55 Registering the LDEV group in the security group Registering an LDEV
26. The Volume Security Window ltem Description Displays the security host and LDEV groups assigned to each LDKC defined on the Secunty Groop tres storage system For details see Security Group Tree on page 16 Displays the type model SEQNUMBER Logical Partition LPAR and vendor of each Hosts table host For details see Hosts Table on page 18 Allows you to select the desired command unit s available in each group When you tls select a CU image the table below shows a list of volumes in the selected CU image LDEVs table Shows the LDEV emulation and attribute information assigned to each logical device on the storage system For details see LDEVs Table on page 19 Applies the requested XRC setting changes to the storage system Any change made to a volume appears in blue italics until you click Apply Apply Discards the requested changes without applying them to the storage system A confirm ation message appears to allow you to cancel the requested operation s Click OK on the confirmation message to cancel the requested operation s or click Cancel to keep but not start the requested operation s Cancel Security Group Tree Figure 5 shows the Security Group tree where you can select the LDKC logical disk controller and then choose a security group host group or LDEV group residing on that LDKC When you double click LDKC 00 or LDKC 01 you can display a list of secur
27. UTION Here the change in the window has not been applied to the storage system 6 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the change to the storage system 7 Click Yes The change is applied to the storage system Editing Host Groups This section explains the following operations which allow you to edit your host groups Registering hosts that have not been attached to the storage system into a host group see Registering Hosts to be Attached to the Storage System on page 61 Deleting hosts from a host group see Deleting Hosts from Host Groups on page 62 Deleting ports from a host group see Deleting Ports from Host Groups on page 63 Renaming a host group see Renaming Host Groups on page 64 Deleting a host group see Deleting Host Groups on page 65 Registering Hosts to be Attached to the Storage System If your organization is planning to attach new mainframe hosts to the storage system you will possibly need to revise security settings on volumes For example if you do not want to allow the new hosts to access some volumes you might need to register the new hosts in the host group in an existing access group Volume Security enables you to register new hosts in host groups before the new hosts are attached via cables to the storage system To register a mainframe host to be attached into a host group 1 Execute the following sy
28. XP20000 Volume Security User s Guide 63 A CAUTION Here the settings in the window have not been applied to the storage system 7 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 8 Click Yes The settings are applied to the storage system Renaming Host Groups To rename a host group take the following steps To rename a host group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click Host Group or a host group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change Host Group dialog box Figure 9 appears 5 Ensure that the desired host group is selected in the Host Group List table 6 In the Enter Host Group box enter the new name for the host group EY NOTE Host group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in security group names Ned Se PS gt 7 Click Change The change is reflected in the dialog box 8 Click OK A CAUTION Here the change in the window has not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the change to the storage system 10 Click Yes The change is applied
29. aracters can be used e Characters are case sensitive The following characters cannot be used o lt gt e The first character and the last character must not be a space Add Enter the name of a new LDEV group and click Add Then the new LDEV group is added to the LDEV Groups List table Change When settings of the selected LDEV groups are changed click Change to make the changes appear in the LDEV Groups List table 26 Using the Volume Security GUI Item Description This button applies settings in the Add Change LDEV Group dialog box to the Volume Security window and then closes the Add Change LDEV Group dialog box CAUTION ii The OK button applies the settings to the Volume Security window but does not apply the settings to the storage system To apply the settings to the subsystem you must continue to click Apply in the Volume Security window Cancel Discards settings in the Add Change LDEV Group dialog box and closes the dialog box The Add Change Host Dialog Box The Add Change Host dialog box Figure 11 appears when you right click a host group in the tree view of the Volume Security window Figure 4 and select Specify and then Host from the pop up menu This dialog box enables you to register hosts attached to the storage system in host groups see Registering Hosts in a Host Group on page 48 register hosts unattached to the storage system in host groups see Regist
30. at Contain a Specified Host Group To specify a host group and then find security groups in which the specified host group is registered follow the procedure below 1 In the tree view of the Volume Security window Figure 4 right click an item except for a host group or LDEV group that appears immediately below a security group 2 From the pop up menu select List gt Host Group to Security Group The Host Group to Security Group dialog box appears Figure 17 3 From the Host Group drop down list select the desired host Group The table lists the security groups that you want 46 Performing Volume Security Operations Locating Security Groups that Contain a Specified LDEV Group To specify an LDEV group and then find security groups in which the specified LDEV group is registered follow the procedure below 1 In the tree view of the Volume Security window Figure 4 right click an item except for a host group or LDEV group that appears immediately below a security group From the pop up menu select List gt LDEV Group to Security Group The LDEV Group to Security Group dialog box appears Figure 21 From the LDEV Group drop down list select the desired LDEV Group The table lists the security groups that you want Limiting Host Access Take the following steps if you want to enable some hosts to access certain volumes so that the other hosts cannot access the volumes Creating a host group see Creating a Host Gro
31. ble Access Enable Figure 17 The Host Group to Security Group Dialog Box Item Description LDKC Indicates the number of the selected LDKC Host Group Specifies a host group Lists information about the security groups in which the specified host group is registered e Security Group indicates the name of a security group e Security indicates whether the security settings in the security group are enabled or disabled Group Status indicates whether the security group is an access group or a pool group T VOL R VOL indicates whether volumes in the security group can be used as sec ondary volumes i e copy destination volume Enable indicates the volumes can be used as secondary volumes Disable indicates the volumes cannot be used as secondary volumes Security Group table Closes the dialog box The Host Group to Port Dialog Box To use the Host Group to Port dialog box you must ensure that Volume Security Port Option is already installed The Host Group to Port dialog box Figure 18 appears when you right click an item in the tree view of the Volume Security window Figure 4 and then select List gt Host Group to Port from the pop up menu The Host Group to Port dialog box enables you to find ports via which hosts can access volumes see Locating Ports through Which Hosts Can Access Volumes on page 45 36 Using the Volume Security GUI Bf Host Group to Port LDKC 00 su g 0
32. ccount If you use a user account that does not have the write permission you will be able to view security settings but will neither be able to make security settings nor apply security settings Click Go Mainframe Connection and then Volume Security on the menu bar of the Remote Web Console main window The Volume Security window appears see Figure 4 To set security using Volume Security you must make sure that Remote Web Console is in Modify mode For detailed information on how to do this see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide Viewing Security Settings This section describes how to view security settings Locating Volumes in a Specified Security Group see Locating Volumes in a Specified Security Group on page 44 Locating Security Groups that Contain a Specified Host see Locating Security Groups that Contain a Specified Host on page 44 Locating Volumes in a Security Group that Contains a Specified Host see Locating Volumes in a Security Group that Contains a Specified Host on page 44 XP24000 XP20000 Volume Security User s Guide 43 e Locating Ports through Which Hosts Can Access Volumes see Locating Ports through Which Hosts Can Access Volumes on page 45 e Locating Security Groups that Contain a Specified Volume see Locating Security Groups that Contain a Specified Volume on page 45 e Locating Hosts in a Security Group that Contains a Specified Vo
33. channel extender e Third The Logical Partition Number of the host Fourth The vendor of the host Vendors include FJT Fujitsu IBM HTC Hitachi and CNT Ex If CNT Ex appears the table row indicates the type model number and node ID of a channel extender Specifies a CU image number Lists host groups in which the specified CU is registered e LDEV indicates the name of an LDEV A volume ID ending in for example 00 indic ates the volume is an external volume LDEV table e Emulation indicates the emulation types of volumes Closes the dialog box Host Group to Security Group Dialog Box The Host Group to Security Group Figure 17 appears when you right click an item in the tree view of the Volume Security window Figure 4 and then select List gt Host Group to Security Group from the pop up menu The List gt Host Group to Security Group pop up command does not display if you double click a security group and then right click a host group or LDEV group from immediately below the security group This dialog box enables you to specify a host group and then displays security groups in which the specified host group is registered see Locating Security Groups that Contain a Specified Host Group on page 46 XP24000 XP20000 Volume Security User s Guide 35 ii Host Group to Security Group LDKC 00 Host Group HSTOO M Security Group Security Group Status T VOUR OL GRPOO Disa
34. d This manual uses the term port level security which is a security policy for enabling hosts to access volumes only via ports registered in host groups and thus prohibiting hosts to access the volumes via other ports A CAUTION Before you apply security you should confirm what hosts are performing O operations on volumes in access groups If any hosts perform I O operations on volumes in access groups that the hosts do not belong to you will need to stop the I O operations before you apply security For example if you attempt to apply security settings illustrated in Figure 2 an error occurs and the attempt fails if host4 and host5 are performing I O operations on dev To apply the security settings you will need to ensure that host4 and host are not performing I O operations on Idev Prohibiting All Hosts from Accessing Volumes To prevent all the mainframe hosts from accessing volumes you must register the volumes in a pool group Note that you do not need to register hosts in pool groups For example if you register two XP24000 XP20000 Volume Security User s Guide 11 volumes vol_A and vol_B in a pool group all the mainframe hosts connected to your storage system will be unable to access vol_A and vol_B To register volumes in a pool group you must create an LDEV group register the volumes in the LDEV group and then register the LDEV group in the desired pool group Any pool group can only contain one LDEV group
35. dialog box A CAUTION Here the settings in the window have not been applied to the storage system 8 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 9 Click Yes The settings are applied to the storage system Registering Ports in a Host Group After registering hosts in a host group you can register ports in the host group to implement port level security To register ports in a host group you must ensure that Volume Security Port Option is already installed If you do not want to implement port level security you do not need to register ports in host groups If no ports are registered in a host group hosts in the host group can access volumes via every port to which the hosts are connected A CAUTION When you register ports in a host group it is strongly recommended that you click the Apply button in the Volume Security window at the end of the operation see the end of the following procedure If you do not click Apply registration of ports could be cancelled when an error occurs registering a host group and an LDEV group see Registering a Host Group and an LDEV Group in a Security Group on page 53 To register ports in a host group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click a host group A pop up menu appears 4 Select
36. e ID ending in for example 00 indicates the volume is an external volume XP24000 XP20000 Volume Security User s Guide 39 ltem Description Host table Lists hosts in the security group in which the specified volume is registered e No A sequential number associated with a host NOTE Each table row usually shows information about a host However if a host is attached to the disk subsystem via a channel extender the table row shows information about the channel extender Type Model indicates the type and the model number of a host or a channel extender The Type appears on the left of the slash The Model number appears on the right of the slash Before the Type Model an icon indicates the registration status of the host in these ways SEQNUMBER indicates the node ID of a host or a channel extender LPAR indicates the logical partition number of a host Logical partitions are virtual systems created as a result of sectioning a computer s memory into separate units Vendor indicates the vendor of a host Vendors include FJT Fujitsu IBM HTC Hitachi and CNT Ex If CNT Ex appears the Type Model column indicates the type and the model number of a channel extender and the SEQNUMBER column indicates the node ID of the channel extender OK Closes the dialog box The LDEV Group to Security Group Dialog Box The LDEV Group to Security Group dialog box Figure 21 appears when you rig
37. ed in the current host group and is not attached to the storage system The host is registered in another host group though aft the host can be registered in the current host group i The host is attached to the storage system via a cable i The host is registered in another host group though 4 the host can be registered in the current host group i The host is not attached to the storage system The host is not registered in any host group The host No icon js attached to the storage system via a cable SEQNUMBER indicates the node ID of a host or a channel extender LPAR indicates the logical partition number of a host Logical partitions are virtual systems created as a result of sectioning a computer s memory into separate units Vendor indicates the vendor of a host This column can display FJT Fujitsu IBM and HTC HP This column can also display CNT Ex if CNT Ex is displayed the Type Model column indicates the type and the model number of a channel extender and the SEQNUMBER column indicates the node ID of the channel extender Add Change Hosts table Host group information Type Mode indicates the type and the model number of a host or a channel extender SEQNUMBER indicates the node ID of a host or a channel extender LPAR indicates the logical partition number of a host Vendor indicates the vendor of a host Vendors include FJT Fujitsu IBM HTC Hitachi and CNT Ex for channel extend
38. eitersionineiseiitide deci iesbatinadnionesiecanodeuiens 38 20 The LDEV to Host Dialog Box 5 cinZetscaasncaceskansacersseunssemienta bear anpaxanaasenqumeriaiaeaieaint 39 21 The LDEV Group to Security Group Dialog Box c ccccesseeeeeseeeeeneeeeeeeeeeecseeeeessaeeees 41 22 The Error Detail Dialog Box cdiscaeiwiteseanintndianennaameaanahats nudes tenn 42 XP24000 XP20000 Volume Security User s Guide 5 Tables 1 Acronyms and Abbreviations 1 Overview of Volume Security Unless otherwise specified the term storage system in this guide refers to the following disk arrays e HP StorageWorks XP24000 Disk Array e HP StorageWorks XP20000 Disk Array e HP StorageWorks XP12000 Disk Array e HP StorageWorks XP10000 Disk Array The GUI illustrations in this guide were created using a Windows computer with the Internet Explorer browser Actual windows may differ depending on the operating system and browser used GUI contents also vary with licensed program products storage system models and firmware versions Overview Volume Security protects data in your HP storage system from I O operations performed at mainframe hosts Security can be applied to logical volumes so that specified mainframe hosts are unable to read from and write to the specified logical volumes Volume Security also enables you to prevent data on logical volumes from being accidentally overwritten by erroneous local or remote copy operations Volume Security can be u
39. enandanondawncdguaaiin iaisdeeanslcaeandocescanans 9 Protecting Volumes from I O Operations at Mainframe Hosts ccsseceeeeseeeeeseeeeeseeeeenseeeeesteeeeesaes 9 Enabling Only the Specified Hosts to Access Volumes ccsssccceeeeeceeeesceeeeseeeeeeeeeetseeeenseeees 9 Port level SECU tx cahi vinnciciessicntnelynisoe ass vse n a AA is ira aan AE desea baer 10 Port Level Security Implementation ccccecccccesececeseeeecseeeeenceeeesaeeeeeeaeecseeeecseeeessneeeeseaeees 10 Prohibiting All Hosts from Accessing Volumes cccssccesseseeeeeseeeeeneeeeeeseeeeeseeeeenseeeeneaaeesenaes 11 Protecting Volumes from Erroneous Copy Operations cccsesceeeeeeeeeeeseeeeeseeeeenseeeenseeeenaees 12 Warnings Regarding Volume Security ca vssntevenndacantnrissaimdice scanevsiwniiinndtanvatanndonielucdocawianiialsmndun tes 12 Supported Volume Emulation Types lt cca lt cewsingassndsosancsndedansetoasndavesecareadexontextoumsendodeatesdninceuiarndceres 13 Maximum Possible Number of Groups lt ssioncscssnnnveisinzeaneedhnbitonndeatsnanepecnnens oniibiekaveiuavedaibleaslabeinn 14 Maximum Possible Number of Hosts and Volumes cs sceeeseesereceneeeseeeeeeeeeeaeeeeseestseeeureesitesenreees 14 3 Using the Volume Security GU curaire renn 15 The Volume Security Window waits wcnselscindiertwiedsnd odie vaaatesnliincostutsint talus uineadionnianntalueibdeaeleneGhabislnds 15 Security Group leei coceseccansaasseadaecedsaveasswaceane
40. ep 5 8 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 XP24000 XP20000 Volume Security User s Guide 51 A message appears and asks if you want to apply the settings to the storage system 10 Click Yes The settings are applied to the storage system Creating a Security Group for Use As an Access Group To make security settings you must create security groups Security groups can be classified as access groups or pool groups You must classify a security group as an access group if you want to allow volumes to be accessed only by specified hosts To create a security group and classify the group as an access group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click Security Group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change Security Group dialog box Figure 8 appears 5 In the Enter Security Group box enter the name of the security group that you want to create EY NOTE Security group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in security group names Ag PT gt 6 In the Security box select Enable N In the Group Status box select Access 8 In the T VOL R VOL box
41. er 28 Using the Volume Security GUI Item Description Applies settings in the Add Change Host dialog box to the Volume Security window and then closes the dialog box CAUTION OK Clicking OK applies the settings to the Volume Security window but does not apply the settings to the storage system To apply the security settings to the storage system you must continue to click Apply in the Volume Security window until they appear in the dialog box Cancel Discards settings in the Add Change Host dialog box and closes the dialog box The Select LDEV Dialog Box The Select LDEV dialog box Figure 12 appears when you right click an LDEV group in the tree view of the Volume Security window Figure 4 select Specify and then LDEV from the pop up menu This dialog box enables you to e register volumes LDEVs in an LDEV group see Registering Volumes in an LDEV Group on page 51 or Registering Volumes in an LDEV Group on page 54 e delete volumes from an LDEV group see Deleting Volumes from LDEV Groups on page 65 Bj select LoEV LDKC 00 LDEV Group LDVOO o f Registered in LDEV Group Not registered in LDEV Group LDEV Emulation LDEV Emulation oo 3390 9 i z og 3390 9 a 01 3390 9 __ Regist oA 3390 9 02 3390 9 SS 0B 3390 9 Fee 03 3390 9 oc 3390 9 04 3390 9 l OD 3390 9 05 3390 9 OE 3390 9 06 3390 9 OF 3390 9 07 3390 9 Not re
42. ering Hosts to be Attached to the Storage System on page 61 delete hosts from host groups see Deleting Hosts from Host Groups on page 62 Bf adaichange Host LDKC 00 Host Group HSTOO M No Type Model SEQNUMBER LPAR Vendor 1 EF 903390 001 12345678901234 0001 IBM 2 0023390 002 12345678901234 0001 IBM Add Change Hosts Type Model 003390 i 1001 Add SEQNUMBER 12345678901234 Change LPAR 0001 Vendor IBM Figure 11 The Add Change Host Dialog Box ltem Description LDKC Indicates number of the selected LDKC XP24000 XP20000 Volume Security User s Guide 27 ltem Description Host Group List Specify the name of the host group in which hosts will be registered Host table Host information e No A sequential number associated with a host NOTE Each table row usually shows information about a host However if a host is attached to the storage system via a channel extender the table row shows information about the channel extender Type Model indicates the type and the model number of a host or a channel extender The type appears on the left of the slash The model number appears on the right of the slash The following explains the meaning of icons in this column 5 The host is registered in the current host group which is displayed above the table and is attached to the storage system via a cable The host is register
43. etescdadidensdisesatentaterdetavaarsannmnanisds teuantinnusteasaeccnavannnaeisut 16 5 Sec nty Group NEE reren nra ee eE E E S 17 ST tests Table meen aa cio E cates ak nd an oh ee OM a 19 7 DEV Wie ic peaivatinbdaedissstc eb api e E a a a 20 8 The Add Change Security Group Dialog Box ccccesceessseeeseseeeeeeeeeenseeeseseeennaaes 21 9 The Add Change Host Group Dialog Box ccssccceeesceseenceeeeeteeeseeeeeseseeeenaeeeenaes 24 10 The Add Change LDEV Group Dialog Box s c0iecinsiviaeitininandiaciaratiiasmraamaiaterncanns 26 11 The Add Change Host Dialog Box aia vacencusnsnnsiensnteetacwoviotentetopasdvsidvncenstecdibieiacbeiedns 27 12 The Select LDEV Dialog Box ixciesdriasnesacwwetecriiasventiaravesreaicivepinagnteavacmeouaeieniiue 29 13 The Select Port Dialog Box sccsscsesesssncarercetoncesnsaaworanture nesarenaindmetaautahsetemmsannncenetatsnerte 31 14 The Specify Security Group Dialog Box i iccsisscideasraceasdnseadenseeina ices doniaeatounienrceevenars 32 15 The Host to Security Group Dialog Box wi cidcissscansncsieaconreiansdecnsnawrsasandansdiaurccanbierncaaiibes 33 16 The Host to LDEV Dialog Box iicaiza vitwiasecvansesavevtareniedebayastatedpndennatteendin undersea niieieis 35 17 The Host Group to Security Group Dialog Box ssssccsssceraxnnesdiowndsaadanniaedaelsonsinandocedovrandedse 36 18 The Host Group to Port Dialog Box ois canteniauononeneie yn atanioaeuemarn 37 19 The LDEV to Security Group Dialog Bene sssssrscuicnecaiwu
44. etreees 46 Locating Security Groups that Contain a Specified Host Group ccccceceeeeceeeseeeeeseeeenseeeeeaes 46 Locating Security Groups that Contain a Specified LDEV Group cccceseceeeseeeeeseeeenteeeeeaes 47 limiting Host ACCESS ecne a donceanvardnneneenecsaneis baedebaecaepade adden E e S 47 Creating d Host Group s esac ccakchenisecvantevaraecadeasastacatssaeeeschedtcnsedaedtdetennteevatinydivstadedaedeTesbsaeeededs 47 Registering Hosts in a Host Group cseeeseeeeeeeeeeceeeccceececeecceceececeeeeeeaaeeeaaaaaaeeeieeeeeeeeeeeeees 48 Registering Ports in a Host Group s sssseeeseeessseesssssssssssssstrsstrrerreetteeetttttttttssssssssstesseereerere 49 Creating an LDEV Group sg esies es eecseescbeves a E E E E E AEE ag TE 50 Registering Volumes in an LDEV Group cccininciestsnnvessavansaysrasnavasierasseascotiasawentoniedinavannedsdanaiate 51 Creating a Security Group for Use As an Access Group s ccceeessceeeesseeeesseeeeseeeeneseeeenseeeees 52 Registering a Host Group and an LDEV Group in a Security Group ccccccececeeeseeeeeseeeenteeeeeeaes 53 Prohibiting Host Access nersrceosimrensdoi sty a ed E S E en i 53 Creating an LDEV Group ic si ctiesciesvecsgecccgccgenansttacshiarerdansedacevtadacdbecaadesiensdecderhedtaneetacenderes 53 Registering Volumes in an LDEV Group 42icursncap punaivoniidted annaraeoansapiamiaianaueienie renee 54 Creating a Security Group for Use As a Pool Group cccccccesecee
45. g box The LDEV to Host Dialog Box The LDEV to Host dialog box Figure 20 appears when you do either of the following in the Volume Security window Figure 4 e when you right click a volume from the lower right table and then select LDEV to Host from the pop up menu 38 Using the Volume Security GUI when you right click an item in the tree view and then select List gt LDEV to Host from the pop up menu The List gt LDEV to Host pop up command does not display if you double click a security group and then right click a host group or LDEV group from immediately below the security group This dialog box enables you to specify a volume and then displays hosts in the security group in which the specified volume is registered see Locating Hosts in a Security Group that Contains a Specitied Volume on page 46 Bf Loev to Host gt no TypefModel SEQNUMBER LPAR Vendor mi 003390 002 12345678901 234 0001 IBM 2 003390 001 12345678901234 o001 IBM 3390 9 3390 9 3390 9 3390 9 3390 9 3390 9 3390 9 3390 9 220N A hdj Figure 20 The LDEV to Host Dialog Box ltem Description LDKC Indicates the number of the selected LDKC CU Specifies a CU image number Describes the available LDEVs e LDEV indicates a number assigned to the LDEV e Emulation indicates the emulation types of the volume LDEV table EY NOTE A volum
46. ge 44 BJ Host to Security Group LDKC 00 003390 002 12345678901234 0001 IBM Security Group Security Group Status T VOUR VOL GRPOO Disable Access Enable Figure 15 The Host to Security Group Dialog Box ltem Description LDKC Indicates the number of the selected LDKC XP24000 XP20000 Volume Security User s Guide 33 ltem Description Provides information about a host where the number groups from left to right indicate First The Type Model the type and model number of a host or a channel extender Second The Node ID of a host or a channel extender Host e Third The Logical Partition Number of the host e Fourth The vendor of the host Vendors include FJT Fujitsu IBM HTC Hitachi and CNT Ex If CNT Ex appears the table row indicates the type model number and node ID of a channel extender Host Group Specifies a host group that you want to register in the security group Lists security groups in which the specified host is registered e Security Group indicates the name of a security group e Security indicates whether the security settings in the security group are enabled or Security Group disabled table e Group Status indicates whether the security group is an access group or a pool group e T VOL R VOL indicates whether volumes in the security group can be used as secondary volumes i e copy destination volume Enable indicates the volumes can be used as secondary
47. ge 51 A CAUTION When creating an LDEV group you are strongly recommended to click the Apply button in the Volume Security window as described in the last step of the following procedure If you forget to click Apply you might lose the LDEV group when you encounter an error registering the host group and the LDEV group see Registering a Host Group and an LDEV Group in a Security Group on page 53 To create an LDEV group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click LDEV Group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change LDEV Group dialog box Figure 10 appears 5 In the Enter LDEV Group box enter the name of the LDEV group that you want to create and then click the Add button EY NOTE LDEV group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in host group names ip lt gt 6 Confirm that the new LDEV group is displayed by blue in LDEV Group List and then click OK 50 Performing Volume Security Operations A CAUTION Here the settings in the window have not been applied to the storage system Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system Click Yes The sett
48. ge 65 XP24000 XP20000 Volume Security User s Guide 23 LDKC 00 AddiChange Host Group Add Change LDEV Group If aaachange Host Group Host Group List HsTo0 HST01 Enter Host Group HST02 Figure 9 The Add Change Host Group Dialog Box w p A LDKC Indicates the selected LDKC number Host Group List A list of host groups in the LDKC When creating a new host group you enter the name of the host group in this Enter Host Group text box When renaming an existing host group you select the host group in the Host Group List table and then enter a new name The following conventions apply to host group names to eight charact be used Estar Hes Group Up to eight characters can e use Characters are case sensitive The following characters cannot be used Jip 2 lt gt The first character and the last character must not be a space Enter the name of a new host group click Add and the new security group is added to the Host Group List table When settings of the selected host groups are changed click Change to make the changes Change appear in the Host Group List table 24 Using the Volume Security GUI Item Description This button applies settings in the Add Change Host Group dialog box to the Volume Security window and then closes the Add Change Host Group dialog box CAUTION ii The OK button applies the settings to the Volume Security window but does not apply the setting
49. gist 10 3390 9 a8 3390 9 11 3390 9 a 12 3390 g I Select All j Select All Cancel Figure 12 The Select LDEV Dialog Box ltem Description LDKC Indicates the number of the selected LDKC LDEV Group Specifies the name of the LDEV in which the volumes are registered cu Selects the number of the logical CU image The two tables below this list provide in formation about the volumes in the selected CU image XP24000 XP20000 Volume Security User s Guide 29 ltem Description Registered in LDEV Group table Lists volumes registered in the LDEV group One table row indicates one volume e The LDEV column indicates LDEV numbers NOTE If a volume ID is displayed with a pound sign for example OO the volume is an external volume The Emulation column indicates emulation types of volumes If an asterisk appears in the cell on the right the volume is a secondary volume that is copy destination volume for copy operations or an Shadowlmage for Mainframe reserved volume If a plus symbol appears in the cell on the right one or more LU paths are assigned to the volume Not Registered in Lists volumes that not registered in the LDEV groups One table row indicates one volume e LDEV displays the LDEV numbers LDEV Group table e The Emulation column indicates emulation types of volumes Select All selects all volumes in the table Regist Registers
50. gister in the security group LDEV Group Specifies an LDEV group that you want to register in the security group Applies settings in the Specify Security Group dialog box to the Volume Security window and closes the dialog box CAUTION OK Clicking OK applies the settings to the Volume Security window but does not apply the settings to the storage system To apply the security settings to the subsystem you must continue to click Apply in the Volume Security window until they appear in the dialog box 32 Using the Volume Security GUI ltem Description Cancel Discards settings in the Specify Security Group dialog box and closes the dialog box The Host to Security Group Dialog Box The Host to Security Group dialog box Figure 15 appears when you do either of the following in the Volume Security window Figure 4 e when you right click a host from the upper right table and then select Host to Security Group from the pop up menu e when you right click an item in the tree view and then select List gt Host to Security Group from the pop up menu The List gt Host to Security Group pop up command does not display if you double click a security group and then right click a host group or LDEV group from immediately below the security group This dialog box enables you to specify a host and then displays security groups in which the host is registered see Locating Security Groups that Contain a Specified Host on pa
51. gister the hosts in the host group and then register the host group in the desired access group To register volumes in an access group you must create an LDEV group register the volumes in the LDEV group and then register the LDEV group in the desired access group Any access group can only contain one host group and one LDEV group In Figure 1 six mainframe hosts are attached to a storage system and two access groups are created Here the following security settings are applied e The volumes Idev1 and Idev2 are accessible only from host1 host2 and host3 because the two volumes and the three hosts are registered in the same access group XP24000 XP20000 Volume Security User s Guide 9 The volume Idev4 is accessible only from host4 because Idev4 and host4 are registered in the same access group The volume Idev5 does not belong to any access groups For this reason hosts in access groups cannot access Idev5 Idev5 is only accessible from host5 and host6 which are not registered in access groups Storage system Access group i oe group access group or pool group CD Host group or LDEV group This arrow indicates which host can access which volume Figure 1 Security Example 1 Port Level Security Usually hosts are connected to two or more ports via cables and have access to volumes via these ports In the security example in Figure 1 hosts in access groups can access volumes via every port to which the hosts
52. group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click LDEV Group or an LDEV group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change LDEV Group dialog box Figure 10 appears 5 Ensure that the desired LDEV group is selected in the LDEV Group List table 6 In the Enter LDEV Group box enter the new name for the LDEV group EY NOTE LDEV group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in security group names ip lt gt 7 Click Change The change is reflected in the dialog box 8 Click OK 66 Performing Volume Security Operations A CAUTION Here the change in the window has not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the change to the storage system 10 Click Yes The change is applied to the storage system Deleting LDEV Groups To delete an LDEV group take the following steps To delete an LDEV group 1 2 3 Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Do either of the following e Right click an LDEV group in the tree view e Right click LDEV Group in the tree view and then select Add C
53. hange from the pop up menu Next in the Add Change LDEV Group dialog box Figure 10 select one or more LDEV groups in the LDEV Group List table and right click the selection Select Delete from the pop up menu A message appears and asks if you want to delete the specified LDEV group s Click Yes to close the message If the Add Change LDEV Group dialog box Figure 10 still re mains displayed click OK to close the dialog box A CAUTION Here the change in the window has not been applied to the storage system Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the change to the storage system Click Yes The change is applied to the storage system XP24000 XP20000 Volume Security User s Guide 67 68 Performing Volume Security Operations 5 Troubleshooting Troubleshooting Volume Security The Error Detail dialog box Figure 22 may appear when you attempt to apply security settings The probable causes of the error are Some hosts in one security group are accessing volumes in another security group Some hosts do not belong to any security group but the hosts are accessing volumes in a security group To remove this error you must find the hosts and the volumes that cause the error To find them take the following steps 1 In the Error Detail dialog box click the arrow button at the right end of the Host drop down list e If the drop down list displays only
54. ht click an item in the tree view of the Volume Security window Figure 4 and then select List gt LDEV Group to Security Group from the pop up menu EY NOTE However the List gt LDEV Group to Security Group pop up command does not display if you double click a security group and then right click a host group or LDEV group from immediately below the security group This dialog box enables you to specify an LDEV group and then displays security groups in which the specified LDEV group is registered see Locating Security Groups that Contain a Specified LDEV Group on page 47 40 Using the Volume Security GUI ii LDEY Group to Security Group LDKC 00 LDE Group LDYOO M Security Group Security Group Status T VOUR VOL GRPOO Disable Access Enable Figure 21 The LDEV Group to Security Group Dialog Box ltem Description LDKC Indicates the number of the selected LDKC LDEV Group Specifies an LDEV group Security Group table Lists information about the security groups in which the specitied LDEV group is re gistered Security Group indicates the name of a security group e Security indicates whether the security settings in the security group are enabled or disabled Group Status indicates whether the security group is an Access or a Pool group T VOL R VOL indicates whether volumes in the security group can be used as sec ondary volumes i e copy destination
55. ied CU image Provides information about the selected CU LDEV table e LDEV The available LDEV numbers Emulation The emulation types of volumes Closes the dialog box 42 Using the Volume Security GUI 4 Performing Volume Security Operations This chapter explains the following Volume Security operations Launching Volume Security see Launching Volume Security page 43 Viewing Security Settings see Viewing Security Settings page 43 Enabling only the specified hosts to access certain volumes so that the other hosts cannot access the volumes see Limiting Host Access page 47 Preventing all the hosts to access volumes see Prohibiting Host Access page 53 Preventing data in volumes from being overwritten by copy operations see Protecting Volumes from Copy Operations page 57 Disabling security see Disabling Volume Security page 58listedref Launching Volume Security This section describes how to start the Volume Security software If Volume Security Port Option is installed the functions of the Volume Security Port Option program will become usable when you start Volume Security To start the Volume Security software iF Log on to the Remote Web Console main window For details see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide To make security settings and apply the settings you must use a user account that has the write permission For example the Administrator a
56. ings are applied to the storage system Registering Volumes in an LDEV Group Now that you have created an LDEV group then you need to register volumes in the LDEV group A CAUTION When registering volumes in an LDEV group you are strongly recommended to click the Apply button in the Volume Security window as described in the last step of the following procedure If you forget to click Apply the volumes might be unregistered when you encounter an error registering the host group and the LDEV group see Registering a Host Group and an LDEV Group in a Security Group on page 53 To register volumes in an LDEV group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click an LDEV group A pop up menu appears 4 Select Specify and then LDEV from the pop up menu The Select LDEV dialog box Figure 12 appears 5 Use the CU drop down list to specify a CU image The two boxes below the drop down list displays volumes in the specified CU image e The Registered in LDEV group box displays volumes registered in the LDEV group e The Not registered in LDEV group box displays volumes that are not registered in the LDEV group 6 In the Not registered in LDEV group box select volumes that you want to register Then click the Regist button The selected volumes move to the Registered in LDEV group box 7 To register volumes in other CU images return to st
57. ions Disable makes volumes in the selected security groups unusable as secondary volumes copy destinations Add Enter the name of a new security group and click Add Then the new security group is added to the Security Group List table 22 Using the Volume Security GUI ltem Description Change When settings of the selected security groups are changed click Change to make the changes appear in the Security Group List table OK Applies settings in the Add Change Security Group dialog box to the Volume Security window and then closes the dialog box CAUTION Clicking OK applies the settings to the Volume Security window but does not apply the settings to the storage system To apply the security settings to the subsystem you must continue to click Apply in the Volume Security window until they appear in the dialog box Cancel Discards settings in the Add Change Security Group dialog box and closes the dialog box The Add Change Host Group Dialog Box The Add Change Host Group dialog box Figure 9 appears when you right click a host group or the Host Group entry in the tree view of the Volume Security window Figure 4 and then select Add Change from the pop up menu This dialog box enables you to e create host groups see Creating a Host Group on page 47 e rename host groups see Renaming Host Groups on page 64 e delete host groups see Deleting Host Groups on pa
58. ity groups host groups and LDEV groups in that LDKC Once you have selected the LDCK you can choose from these options 16 Using the Volume Security GUI e Double click Security Group and a list of security groups appears Then select a host group or LDEV group in that security group Double click Host Group and a list of host groups appears Then select a specific host group e Double click LDEV Group The tree view shows the host group and or LDEV group registered in the security group Security Group Of seco1 Host Group FH HGOO LDEY Group LGoo LDKC 01 Figure 5 Security Group Tree Description Indicates an access group whose volumes can be used as secondary volumes i e copy destination volumes for copy operations Indicates an access group whose volumes cannot be used as secondary volumes i e copy destination volumes for copy operations Indicates a pool group whose volumes can be used as secondary volumes i e copy des tination volumes for copy operations Indicates a pool group whose volumes cannot be used as secondary volumes i e copy destination volumes for copy operations p m P E Ss XP24000 XP20000 Volume Security User s Guide 17 Icon Description Indicates that the security settings in this security group are currently disabled If you enable the security settings this security group is classified as an access group Also volu
59. list and then select an LDEV number from the lower left table The table on the right lists the security groups that you want Locating Hosts in a Security Group that Contains a Specified Volume If a security group is classified as an access group the security group contains both host and volumes The procedures below enable you to specify a volume and to find hosts in the security group in which the specified volume is registered Follow the first procedure if the desired volume is displayed in the lower right table of the Volume Security window Figure 4 Follow the second procedure if the desired volume is not displayed in the lower right table If the desired volume is displayed in the lower right table 1 Right click the volume in the table 2 From the pop up menu select List gt LDEV to Host The LDEV to Host dialog box appears Figure 20 The table on the right displays a list of hosts If the desired volume is not displayed in the lower right table 1 In the tree view of the Volume Security window Figure 4 right click an item except for a host group or LDEV group that appears immediately below a security group 2 From the pop up menu select List gt LDEV to Host The LDEV to Host dialog box appears Figure 20 3 Select a CU image number from the CU drop down list and then select an LDEV number from the lower left table The table on the right lists the security groups that you want Locating Security Groups th
60. lume see Locating Hosts in a Security Group that Contains a Specified Volume on page 46 e Locating Security Groups that Contain a Specified Host Group see Locating Security Groups that Contain a Specified Host Group on page 46 e Locating Security Groups that Contain a Specified LDEV Group see Locating Security Groups that Contain a Specified LDEV Group on page 47 Locating Volumes in a Specified Security Group To search a security group for volumes select the security group in the tree view of the Volume Security window Figure 4 and then see the list of volumes in the lower right table Locating Security Groups that Contain a Specitied Host To specify a host and find the security groups in which the host is registered you can follow either of the two procedures below Follow the first procedure if the desired host is displayed in the upper right table of the Volume Security window Figure 4 Follow the second procedure if the desired host is not displayed in the upper right table If the desired host is displayed in the upper right table 1 Right click the host in the table 2 From the pop up menu select List gt Host to Security Group The Host to Security Group dialog box appears Figure 15 The dialog box displays the security groups that you want If the desired host is not displayed in the upper right table 1 In the tree view of the Volume Security window Figure 15 right click an item except f
61. m LDEV security to refer to security policy that volume security enables you to apply to logical volumes e In the Hitachi TrueCopy for Mainframe User s Guide primary volumes are often referred to as M VOLs or main volumes Also secondary volumes are offen referred to as R VOLs or remote volumes In the Hitachi Shadowlmage for Mainframe User s Guide primary volumes are often XP24000 XP20000 Volume Security User s Guide 7 referred to as S VOLs or source volumes Secondary volumes are often referred to as T VOLs or target volumes Overview of Volume Security 2 About Volume Security Operations Overview of Volume Security Functions The Volume Security feature protects data in your storage system from I O operations performed at mainframe hosts Volume Security enables you to apply security to volumes so that the specified mainframe hosts will be unable to read from and write to the specified volumes Volume Security also enables you to prevent data on volumes from being overwritten by erroneous copy operations Volume Security can be used in conjunction with an optional program Volume Security Port Option This optional program can be used to specify storage system ports via which hosts can access volumes In the storage system documentation volumes are sometimes referred to as logical devices or LDEVs Also the storage system documentation sometimes uses the term LDEV security to refer to security policy that Volume Securi
62. mes in R Of this security group can be used as secondary volumes i e copy destination volumes for copy operations Indicates that the security settings in this security group are currently disabled If you enable ON the security settings this security group will be classified as an access group Also volumes in this security group are unavailable for use as secondary volumes i e copy destination volumes for copy operations Indicates that the security settings in this security group are currently disabled If you enable ae the security settings this security group will be classitied as a pool group Also volumes in this security group will be available for use as secondary volumes i e copy destination volumes for copy operations Indicates that the security settings in this security group are currently disabled If you enable the security settings this security group will be classitied as a pool group Also volumes in this security group will be unavailable for use as secondary volumes i e copy destination volumes for copy operations To make changes to a group right click a group or the group entry in the tree then select Add Change from the pop up menu Changes you make in the resulting dialog box appear in blue italics until you click Apply or Cancel E NOTE If you make Volume Security settings on one LDKC and then move on to another LDKC click Apply or Cancel before moving o
63. n blue italics When you click Apply or Cancel the host is restored to its original typeface and color The Reports Display dialog boxes in Remote Web Console also show information about hosts For details see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide LDEVs Table Figure 7 provides information about volumes The information available depends on the selection in the Security Group tree e If you select Subsystem Security Group Host Group or LDEV Group the table provides information about all the volumes that are accessible from the mainframe hosts e If you select a security group the table provides information about all the volumes that belong to the selected security group e If you select an LDEV group the table provides information about all the volumes that belong to the selected LDEV group e If you select a host group the table displays nothing XP24000 XP20000 Volume Security User s Guide 19 Attribute Figure 7 LDEV table Column Description The volume ID in hexadecimal from OO to FF NOTE A volume ID ending in for example 00 indicates the volume is an external volume Emulation The emulation type of the volume Attribute The volume status e An asterisk denotes a secondary volume copy destination for USP V VM copy software e A plus symbol denotes that one or more LU paths are assigned to the volume
64. n to the LDKC Hosts Table This table provides information about hosts The table contents depend on the selection in the Security Group tree as explained below 18 If you select Subsystem LDKC 00 LDKC 01 Security Group Host Group or LDEV Group the table shows information about all the hosts If you select a security group the table shows information about all the hosts that belong to the selected security group If you select a host group the table shows information about all the hosts that belong to the selected host group If you select an LDEV group the table displays nothing Using the Volume Security GUI Type Model 002094518 SEQNUMBER Vendor 020000000254BA 002094 518 020000000254BA 002094 518 020000000254BA 002094 518 020000000254BA 002094 518 020000000254BA 002094 518 020000000254BA Figure 6 Hosts Table Column Description No A sequential number associated with a host or channel extender Type Model Type and model number of a host or a channel extender SEQNUMBER Node ID of a host or a channel extender LPAR The logical partition number of a host Vendor If you make any change to The host vendor Vendors include FJT Fujitsu IBM HTC Hitachi and CNT Ex If CNT Ex appears the table row indicates the type model number and node ID of a channel extender a host the host appears i
65. nal information see the following HP websites http www hp com e http www hp com go storage e htto www hp com support manuals htto www hp com storage spock Documentation Feedback HP welcomes your feedback To make comments and suggestions about product documentation send a message to storagedocsFeedback hp com All submissions become the property of HP 72 Support and Other Resources A Acronyms and Abbreviations Table 1 Acronyms and Abbreviations LDEV LDKC MOL MVS PC PCB R SIM R VOL SI SIM Siz SVP TC TCz TCzA T VOL logical device logical disk controller main volume Multiple Virtual Storage IBM personal computer printed circuit board remote service information message remote volume HP StorageWorks XP Business Copy Software service information message Shadowlmage for Mainframe service processor HP StorageWorks XP Continuous Access Software TrueCopy for Mainframe TrueCopy Asynchronous for Mainframe target volume XP24000 XP20000 Volume Security User s Guide 73 74 Acronyms and Abbreviations Index A access group 9 Add Change Host dialog box 27 Add Change Host Group dialog box 24 Add Change LDEV Group dialog box 26 Add Change Security Group dialog box 21 C conventions storage capacity values 7 1 D device emulation types 13 dialog boxes Add Change Host dialog box 27 Add Change Host Group dialog box 24 Add Cha
66. nection and then select Volume Security on the menu bar of the Remote Web Console main window To make security settings and apply the settings you must use a user account that has the write permission For example the Administrator account If you use a user account that does not have the write permission you will be able to view security settings but will neither be able to make security settings nor apply security settings e To set security using Volume Security you must make sure that Remote Web Console is in Modify mode For detailed information on how to do this see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide Figure 4 shows the Volume Security window when a Security Group belonging to an LDKC is selected XP24000 XP20000 Volume Security User s Guide 15 Compatible Pay Volume Security Volume Retention Manager Bf volume security No Type Model SEQNUMBER LPAR Vendor 002094 918 020000000254BA 0002 IBM Subsystem 002094 S18 020000000254BA 001D IBM 002094 518 020000000254BA 0003 IBM Security Group 002094 818 020000000254BA 00E BM HA secoo 002094 818 020000000254BA 0004 Bm amp HHGOO 002094518 02000000025464 0001 IBM LG00 HOG SECO Host Group amp HHGOO EHLDEV Group H LG00 LDKC 01 Emulation Attribute 3390 3 3390 3 3390 3 3390 3 3390 3 3390 3 3390 3 3390 3 3390 3 Apply Cancel Figure 4
67. netoeaccaapencacuas seme a a T O 16 Hosts TG SL ssn dn oobi ok bai nde woo aie aise a Maas 18 EEE Soll serene a aietoh tne ae ion a eR PERI DTR on tena Naan ORTON 19 The Add Change Security Group Dialog Box x aviesenccarsatansawnissenied annonce aide iesieceucln ucinwianntns 20 The Add Change Hast Group Dialog Box vac cacscaccinsacuanesndcosndionaninzontacisoanesndanacdetooumeeninnbalosnrann 23 The Add Change UDEV Group Dialog Box iu scs2ssiesacaenobernandencteluleisanmcnniiaaw caw soanpiious eiumelonsehaueds 25 The Add Change Host Dialog Box s c sccse2svemestancadancennatenteda nesmadevenmesaonexas plead Sail eegbenmareeermaresnnans 27 The Select UDEV Dialog Box js cusiwscerpasicosins coiwentain vse i oat EA E ta stable Nin Daca E AA ER 29 The Select Port Dialog Box i onensssvcersmaneccecnronsenane eee weehedtasadietgdiwansbareavamaneatuneeaatacaaaaneaeadinains 30 The Specify Security Group Dialog Box sic sic sscatiewesasteaduneiauieacindanndnanensmoeansobeaibeaniannubiconbbawetnabias 32 The Host to Security Group Dialog Box ccccccesscccesseeeeeceeceeaceeseeaeeeeceeeeseeeeeeeseeeessaeeeeneaeeeneaaaes 33 The Host to LDEV Dialog BB hie akc inisesin t dp hin Re nlc AE N E E A 34 Host Group to Security Group Dialog Box si c c caesaccsaanactectonrcanionndiessiroxqeinteriecantdiacmescernbiguardiuans 35 The Host Group to Port Dialog Box 6 cinss acnisesaueeanibieuiecineieosn nadia tawaehaodielisaaivesnbseeniuelenandonoesbonbbaillins 36 The LDEV to
68. nge This document may not be exported re exported transferred or downloaded to persons or entities listed on the U S Department of Commerce Denied Persons List Entity List of proliferation concern or on any U S Treasury Department Designated Nationals exclusion list or to parties directly or indirectly involved in the development or production of nuclear chemical biological weapons or in missile technology programs as specified in the U S Export Administration Regulations 15 CFR 744 Revision History Edition Date Description First June 2007 This edition applies to microcode version 60 01 31 00 00 or later Second September 2007 This edition applies to microcode version 60 01 68 00 00 or later Third January 2008 This edition applies to microcode version 60 02 25 00 00 or later Fourth March 2008 This edition applies to microcode version 60 02 48 00 00 or later Fifth December 2008 This edition applies to microcode version 60 04 04 00 00 or later Sixth June 2009 This edition applies to microcode version 60 05 00 00 00 or later Contents 1 Overview of Volume Security cccccccccccccececeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 7 COVELVIEW E E E EE Vommstoaanelano utes 7 T rminology s aanne E r a rR T ea aad aes E 7 2 About Volume Security Operations sesccorccscccerscssetesacsicancoenccesesesseassesasaect 7 Overview of Volume Security Functions cai lt nnvascascwneisdardalnenntaddesut
69. nge LDEV Group dialog box 26 Add Change Security Group dialog box 21 Error Detail dialog box 42 Host Group to Port dialog box 37 Host Group to Security Group dialog box 36 Host to LDEV dialog box 35 Host to Security Group dialog box 33 LDEV Group to Security Group dialog box 4 LDEV to Host dialog box 39 LDEV to Security Group dialog box 38 Select LDEV dialog box 29 Select Port dialog box 31 Specify Security Group dialog box 32 document related documentation 71 documentation HP website 7 1 providing feedback 72 E emulation types volume device 13 Error Detail dialog box 42 G Groups max qty host and vol 7 GUI 15 H help obtaining 7 1 Host group maximum possible number 7 host group creating 9 11 47 maximum possible number 14 registering hosts in 48 registering in security group 53 Host Group to Port dialog box 37 Host Group to Security Group dialog box 36 Host to LDEV dialog box 35 Host to Security Group dialog box 33 hosts maximum possible number 14 HP technical support 71 icons in the Add Change Host dialog box 28 L Launching Volume Security 43 LDEV 9 LDEV group creating 50 53 maximum possible number 14 registering in security group 53 56 registering volumes in 51 54 LDEV Group to Security Group dialog box 41 LDEV security 9 LDEV to Host dialog box 39 LDEV to Security Group dialog box 38 logical device 9 XP24000 XP20000 Volume Security
70. odify mode In the Volume Security window Figure 4 double click an LDKC number Right click Host Group A pop up menu appears Select Add Change from the pop up menu XP24000 XP20000 Volume Security User s Guide 47 The Add Change Host Group dialog box Figure 9 appears 5 In the Enter Host Group box enter the name of the host group that you want to create and then click the Add button EY NOTE Host group names can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in host group names Val fet lt 6 Confirm that the new host group is displayed by blue in Host Group List and then click OK A CAUTION Here the settings in the window have not been applied to the storage system 7 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 8 Click Yes The settings are applied to the storage system Registering Hosts in a Host Group Now that you have created a host group then you need to register hosts in the host group A CAUTION When registering hosts a host group you are strongly recommended to click the Apply button in the Volume Security window as described in the last step of the following procedure If you forget to click Apply the hosts might be unregistered when you encounter an error registering the host group
71. one entry only one host is causing the error e If the drop down list displays two or more entries two or more hosts are causing the error 2 Select a host from the Host drop down list 3 Right click the arrow button at the right end of the CU drop down list and then check how many CU images are displayed in the drop down list e If the drop down list displays only one entry the table displays all the volumes that are causing the error e If the drop down list displays two or more entries some of the error causing volumes are dis played in the table To view other error causing volumes use the CU drop down list to specify another CU image 4 If two or more hosts are causing the error repeat steps 2 to 3 If error causing hosts and volumes are detected do either of the following to remove the error Vary the error causing volume offline from the error causing host For detailed information about varying the volume offline see the documentation for host commands e Find the security group that contains the error causing hosts and the error causing volumes Next disable the security settings of the security group see Disabling Volume Security on page 58 For troubleshooting information on the storage system see the HP StorageWorks XP24000 XP20000 Disk Array Owner s Guide For a complete list of Remote Web Console Error Codes see the HP StorageWorks XP24000 XP20000 Remote Web Console Error Codes For troubleshooting
72. or a host group or LDEV group that appears immediately below a security group 2 From the pop up menu select List gt Host to Security Group The Host to Security Group dialog box appears The Host to Security Group Dialog Box on page 33 3 From the Host drop down list select the desired host The table lists the security groups that you want Locating Volumes in a Security Group that Contains a Specified Host If a security group is classified as an access group the security group contains both host and volumes The procedures below enable you to specify a host and to find volumes in the security group in which the specified host is registered Follow the first procedure if the desired host is displayed in the upper right table of the Volume Security window Figure 4 Follow the second procedure if the desired host is not displayed in the upper right table If the desired host is displayed in the upper right table 1 Right click the host in the table 2 From the pop up menu select List gt Host to LDEV 44 Performing Volume Security Operations The Host to LDEV dialog box appears Figure 16 The dialog box displays a list of volumes Right click an arrow at the right end of the CU drop down list and then see how many CU image numbers appear e If only one CU image number appears the table in the dialog box displays all the volumes that you want e If two or more CU image numbers appear the table in the dialog bo
73. re 18 Select a host group from the Host Group drop down list Select a host from the Host drop down list The Port list displays ports via which the specified host can access volumes Click OK to close the Host Group to Port dialog box You are returned to the Volume Security window Locating Security Groups that Contain a Specified Volume To specify a volume and find the security groups in which the volume is registered you can follow either of the two procedures below Follow the first procedure if the desired volume is displayed in the lowerright table of the Volume Security window Figure 4 Follow the second procedure if the desired volume is not displayed in the lower right table If the desired volume is displayed in the lower right table 1 Right click the volume in the table XP24000 XP20000 Volume Security User s Guide 45 2 From the pop up menu select List gt LDEV to Security Group The LDEV to Security Group dialog box appears Figure 19 The table on the right displays the security groups that you want If the desired volume is not displayed in the lower right table 1 In the tree view of the Volume Security window Figure 4 right click an item except for a host group or LDEV group that appears immediately below a security group 2 From the pop up menu select List gt LDEV to Security Group The LDEV to Security Group dialog box appears Figure 19 3 Select a CU image number from the CU drop down
74. roup e The Not registered in LDEV group box displays volumes that are not registered in the LDEV group 6 In the Not registered in LDEV group box select volumes that you want to register Then click the Regist button The selected volumes move to the Registered in LDEV group box 7 To register volumes in other CU images return to step 5 8 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 10 Click Yes The settings are applied to the storage system Creating a Security Group for Use As a Pool Group To make security settings you must create security groups Security groups can be classified as access groups or pool groups You must classify a security group as a pool group if you want to prohibit all the hosts from accessing volumes To create a security group and classify the group as a pool group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click Security Group A pop up menu appears XP24000 XP20000 Volume Security User s Guide 55 4 Select Add Change from the pop up menu The Add Change Security Group dialog box Figure 8 appears 5 In the Enter Security Group box enter the name of the security group that you want to create EY N
75. roup Status Sets a selected security group as access groups or pool groups The default is Access e No Change does not change the group status of the security groups selected in the Security Group List table For example if you select one access group and one pool group Access changes the two groups into access groups but No Change does not change the two groups The former remains an access group and the latter remains a pool group e Access specifies the selected security groups as access groups Volumes in an access group can only be accessed by hosts registered in the same access group but cannot be accessed by other hosts e Pool specifies the selected security groups as pool groups Volumes in a pool group cannot be accessed by any hosts T VOL R VOL Specifies whether volumes in the security group can be used a secondary volumes i e copy destination volumes The default is Enable e No Change does not change the secondary volume settings of the security groups selected in the Security Group List table For example if volumes in one of the selected security groups are usable as copy destinations but volumes in the other security group are unusable Enable makes volumes in both groups usable as destinations However No Change does not change volumes in both groups The former remains usable and the latter remains unusable e Enable makes volumes in the selected security groups usable as secondary volumes copy destinat
76. s can be up to eight characters and are case sensitive The first character and the last character must not be a space Also the following characters are unusable in security group names Ned Se PS gt 7 Click Change The change is reflected in the dialog box 8 Click OK A CAUTION Here the change in the window has not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 message appears and asks if you want to apply the change to the storage system 10 Click Yes The change is applied to the storage system 60 Performing Volume Security Operations Deleting Security Groups To delete a security group take the following steps To delete a security group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Do either of the following e Right click a security group in the tree view e Right click Security Group in the tree view and then select Add Change from the pop up menu Next in the Add Change Security Group dialog box Figure 8 select one or more security groups in the Security Group List table and right click the selection 4 Select Delete from the pop up menu A message appears and asks if you want to delete the specified security group s 5 Click Yes to close the message If the Add Change Security Group dialog box Figure 8 still remains displayed click OK to close the dialog box A CA
77. s to the storage system To apply the settings to the subsystem you must continue to click Apply in the Volume Security window Cancel Discards settings in the Add Change Host Group dialog box and closes the dialog box The Add Change LDEV Group Dialog Box The Add Change LDEV Group dialog box Figure 10 appears when you right click an LDEV group or the LDEV Group entry in the tree view of the Volume Security window Figure 4 and then select Add Change from the pop up menu This dialog box enables you to e create LDEV groups see Creating an LDEV Group on page 50 or Creating an LDEV Group on page 53 e rename LDEV groups see Renaming LDEV Groups on page 66 e delete LDEV groups see Deleting LDEV Groups on page 67 XP24000 XP20000 Volume Security User s Guide 25 LDKC 00 AddiChange Host Group Add Change LDEV Group If aaa change LDEV Group LDEV Group List LDVOO DVO0t Enter LDEV Group LDvo2 Figure 10 The Add Change LDEV Group Dialog Box ltem Description LDKC Indicates the number of the selected LDKC LDEV Group List A list of LDEV groups in the LDKC Enter LDEV Group When creating a new LDEV group you enter the name of the LDEV group in this Enter LDEV Group text box When renaming an existing LDEV group you select the LDEV group in the LDEV Group List table and then enter a new name The following conventions apply to LDEV group names e Up to eight ch
78. sed in conjunction with the Volume Security Port Option This optional program is used to specify storage system ports through which hosts can access logical volumes Using Volume Security you can manipulate up to 64 hosts and 65 280 logical volumes for one storage system Volume Security also enables you to create up to 64 security groups 64 host groups and 64 Volume Groups for one storage system Volume Security operations are performed using the licensed HP StorageWorks XP Remote Web Console software The Remote Web Console software communicates directly with the storage system via a local area network LAN Remote Web Console displays detailed Volume Security information and allows you to configure and perform Volume Security operations for the mainframe systems data stored on the storage system For further details see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide To apply portlevel security you must install the Volume Security Port Option Before installing this program ensure that Volume Security is already installed For details on the installation procedure see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide Terminology There are a few notes regarding terminology that users should be aware of when using this manual e In the storage system documentation logical volumes are sometimes referred to as logical devices or LDEVs Also the storage system documentation sometimes uses the ter
79. seeeeeeneeeeeeeeeceeaeeeeseeeeeeeteeees 55 Registering an LDEV Group in a Security Group eeeeeeeeeeceecccceceeeceeeeeeeeeeeaeeaaeeeaeeeneeeeeseeeeeess 56 Protecting Volumes from Copy Operations i ccc saissncsssconctdacsaaiecaveadsvatcenstacnaa vives sressseedariananaavestabencetas 57 Disabling Volume Ser Ohi oise einan Te e EE E IEEE E E E 58 Editing Sec nity Gro ps aersirriiaris iiidid guides a earar ne iai Naa EAE E e EE 59 Unregistering a Host Group a sc cicceelnanedentudennstons ura e a a a a i ea ea e Peekes 59 Unregist ering an LDEV Groupiin snnt s aia a UE e E EAS EEA ESSES SETAREA 59 Renaming Sec rity GIOUPS sssssseerions errei aea a E EE Er E E A a 60 Deleting Security Groups cvorrearvvaacceatearssdveandenitenentugeuaaerahennvianaimsiayr lant dlddeueaetend 6l Editing Host CNUs cs enna ais ae ketenes en eee A ee oe 61 Registering Hosts to be Attached to the Storage System ceseeceeeeeeeteeeeceeeeceeeeeeesteeeeesensees 61 Deleting Hosts from Host Groups sajxcsiesietvaranaed estan aad eandaos suecauion eta edad 62 Deleting Ports from Host Groups vsscssisscsssiarsesaventaspadeunss derinnasnxeveaginas tp lelenndeairsasealevnedarscenteiaess 63 Renaming Host Groups senescere kath ee envieesadbateianeabeeae a vecteandagua A a E 64 Deleting Host Groups ceixcrsavenaveanoncanraes wrenericeainesaysomnicivasonatanag nernasssmmeraranmannannatiats 65 Editing DEV Groups ises asorin a a Sone eNy re Merrett rent ret E ree N 65 Deleting Vol
80. stem command at the mainframe host XP24000 XP20000 Volume Security User s Guide 61 D M CPU This command displays the type the model number the node ID and the logical partition number of the host Write down the information on a paper so that you will not forget it For details on the system command see the documentation for system commands Ensure that you are in Modify mode In the Volume Security window Figure 4 double click an LDKC number Right click Host Group to display a list of host groups oe os Right click the host group in which you want to register the host Next select Specify and then Host from the pop up menu The Add Change Host dialog box Figure 11 appears 6 Use the text boxes and the drop down list to specify information about the host you want to register you have already obtained the information earlier in this procedure see step 1 7 Click Add The specified host is added to the table and is indicated by the icon i 8 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 10 Click Yes The settings are applied to the storage system X TIP e If you registered a host in an incorrect host group first you must follow the above procedure to register the host in the correct host group Then you
81. sts are displayed by blue Also icons disappear or change to Pors The icons and Mi indicate that the host is registered in another host group 7 Click OK in the Add Change Host dialog box A CAUTION Here the settings in the window have not been applied to the storage system 8 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 9 Click Yes The settings are applied to the storage system Deleting Ports from Host Groups To delete ports from host groups you must ensure that Volume Security Port Option is already installed To delete ports from a host group take the following steps To delete ports from a host group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click a host group A pop up menu appears 4 Select Specify and then Port from the pop up menu The Select Port dialog box Figure 13 appears 5 In the Port list in the Registered port box select one or more ports that you want to delete Next click the Unregist button The specified ports are displayed in blue in the Port list in the Unregistered port box EY NOTE To select all ports in the Port list in the Registered port box click the Select All button 6 Click OK in the Select Port dialog box The Select Port dialog box closes and you are returned to the Volume Security window XP24000
82. t the new LDEV group is displayed by blue in LDEV Group List and then click OK A CAUTION Here the settings in the window have not been applied to the storage system 7 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 8 Click Yes The settings are applied to the storage system Registering Volumes in an LDEV Group Now that you have created an LDEV group then you need to register volumes in the LDEV group 54 Performing Volume Security Operations A CAUTION When registering volumes in an LDEV group you are strongly recommended to click the Apply button in the Volume Security window as described in the last step of the following procedure If you forget to click Apply the volumes might be unregistered when you encounter an error registering the LDEV group see Registering an LDEV Group in a Security Group on page 56 To register volumes in an LDEV group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click an LDEV group A pop up menu appears 4 Select Specify and then LDEV from the pop up menu The Select LDEV dialog box Figure 12 appears 5 Use the CU drop down list to specify a CU image The two boxes below the drop down list displays volumes in the specified CU image e The Registered in LDEV group box displays volumes registered in the LDEV g
83. the volume is registered see Locating Security Groups that Contain a Specified Volume on page 45 XP24000 XP20000 Volume Security User s Guide 37 i LDEY to Security Group LDKC 00 01 M Security Group Security Group Status T VOUR VOL GRPOO Disable Access Enable 3390 9 01 3390 9 fi 02 3390 9 03 3390 9 04 3390 9 05 3390 9 06 i 3390 9 07 3390 9 08 3390 9 nn INN N iz Figure 19 The LDEV to Security Group Dialog Box Description Indicates the number of the selected LDKC Specifies a CU image number Describes the available LDEVs e LDEV indicates a number assigned to the LDEV e Emulation indicates the emulation types of the volume LDEV table EA NOTE A volume ID ending in for example 00 indicates the volume is an external volume Lists security groups in which the specified volume is registered Security Group indicates the name of a security group e Security indicates whether the security settings in the security group are enabled or disabled Security Group D i i table Group Status indicates whether the security group is an access group or a pool group T VOL R VOL indicates whether volumes in the security group can be used as second ary volumes i e copy destination volume Enable indicates the volumes can be used as secondary volumes Disable indicates the volumes cannot be used as secondary volumes Closes the dialo
84. tion click Storage Software and then select a product Conventions for Storage Capacity Values HP XP storage systems use the following values to calculate physical storage capacity values hard disk drives e 1 KB kilobyte 1 000 bytes 1 MB megabyte 1 000 bytes 1 GB gigabyte 1 000 bytes 1 TB terabyte 1 0004 bytes 1 PB petabyte 1 000 bytes HP XP storage systems use the following values to calculate logical storage capacity values logical devices e 1 KB kilobyte 1 024 bytes 1 MB megabyte 1 024 bytes 1 GB gigabyte 1 024 bytes 1 TB terabyte 1 024 bytes 1 PB petabyte 1 024 bytes e 1 block 512 bytes HP Technical Support For worldwide technical support information see the HP support website http www hp com support Before contacting HP collect the following information Product model names and numbers e Technical support registration number if applicable Product serial numbers XP24000 XP20000 Volume Security User s Guide 71 Error messages e Operating system type and revision level e Detailed questions Subscription Service HP recommends that you register your product at the Subscriber s Choice for Business website http www hp com go e updates After registering you will receive email notification of product enhancements new driver versions firmware updates and other product resources HP Websites For additio
85. to the storage system 64 Performing Volume Security Operations Deleting Host Groups To delete a host group take the following steps To delete a host group 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Do either of the following e Right click a host group in the tree view e Right click Host Group in the tree view and then select Add Change from the pop up menu Next in the Add Change Host Group dialog box Figure 9 select one or more host groups in the Host Group List table and right click the selection 4 Select Delete from the pop up menu A message appears and asks if you want to delete the specified host group s 5 Click Yes to close the message If the Add Change Host Group dialog box Figure 9 still remains displayed click OK to close the dialog box A CAUTION Here the change in the window has not been applied to the storage system 6 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the change to the storage system 7 Click Yes The change is applied to the storage system Editing LDEV Groups This section explains the following operations which allow you to edit your host groups Deleting volumes from an LDEV group see Deleting Volumes from LDEV Groups on page 65 Renaming an LDEV group see Renaming LDEV Groups on page 66 Deleting an LDEV group see Deleting LD
86. ty Group text box When renaming an existing security group you select the security group in the Security Group List table and then enter a new name The following conventions apply to security group names e Up to eight characters can be used e Characters are case sensitive The following characters cannot be used af z lt gt e The first character and the last character must not be a space Security Select to make no changes enable or disable security settings The default is Enable e No Change does not change the security status of the security groups selected in the Security Group List table For example if you select a security enabled group and a security disabled group in the table Disable disables security settings in both groups but No Change does not change the current security status for both groups The former remains security enabled and the latter remains security disabled e Enable enables the security settings that are made in the security groups selected in the Se curity Group List table CAUTION It is possible that security settings are disabled even if Enable is selected If Access is selected in the Group Status box see below and the security group contains neither a host group nor an LDEV group security settings in the security group are disabled unconditionally e Disable disables the security settings that are made in the security groups selected in the Se curity Group List table G
87. ty enables you to apply to volumes Protecting Volumes from I O Operations at Mainframe Hosts Volume Security enables you to protect volumes from unauthorized accesses by mainframe hosts To protect volumes from unauthorized accesses you must create security groups and then register mainframe hosts and or volumes in security groups Security groups are classified into access groups or pool groups To allow some but not all mainframe hosts to access volumes you must classify the security group as an access group To prohibit all mainframe hosts from access volumes you must classify the security group as a pool group Enabling Only the Specified Hosts to Access Volumes To allow only some mainframe hosts in your network to access volumes you must register the mainframe hosts and the volumes in an access group For example if you register two hosts host_A and host_B and two volumes vol_C and vol_D in an access group only the two hosts will be able to access vol_C and vol_D No other hosts will able to access vol_C and vol_D If mainframe hosts are registered in an access group the hosts will be able to access volumes in the same access group but will be unable to access other volumes For example if you register two hosts host_A and host_B and two volumes vol_C and vol_D in an access group the two hosts can access vol_C and vol_D and cannot access other volumes To register hosts in an access group you must create a host group re
88. u apply security to a primary volume that is copy source volume of a pair of storage system copy software some or all mainframe hosts might become unable to read from and write to the primary volume However the copy operation will be performed normally data will be copied from the primary volume to the secondary volume If you register a primary volume or secondary volume in a security group and then make a setting for preventing the volume from being used as a secondary volume this setting will take effect after the pair is split Mainframe hosts cannot access volumes in pool groups If a volume in a pool group is specified as a primary volume the pair creation command might fail In the Hitachi TrueCopy for Mainframe User s Guide primary volumes that is copy source volumes are often referred to as M VOLs or main volumes Also secondary volumes that is copy destination volumes are often referred to as R VOLs or remote volumes In the Hitachi Shadowlmage for Mainframe User s Guide primary volumes that is copy source volumes are often referred to as S VOLs or source volumes Also secondary volumes that is copy destination volumes are often referred to as T VOLs or target volumes e If you are using Virtual LVI LUN VLL volumes f you apply security to a VLL volume you will be unable to change the VLL settings on the volume To change the VLL settings you must use Volume Security to disable security on the VLL volume
89. umber 3 Right click Security Group or the desired security group A pop up menu appears 4 Select Add Change from the pop up menu The Add Change Security Group dialog box Figure 8 appears 5 Ensure that the desired security group is selected in the Security Group List table 6 Select Disable in the T VOL R VOL box 7 Click Change The change is reflected in the dialog box 8 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 10 Click Yes The settings are applied to the storage system XP24000 XP20000 Volume Security User s Guide 57 X TIP To make volumes in your security group usable as secondary volumes that is copy destination volumes for copy operations you must select the security group in the Add Change Security Group dialog box Figure 8 and then select Enable in the T VOL R VOL box Next click Change and then OK Finally click Apply in the Volume Security window Figure 4 Disabling Volume Security If you follow the procedure below to manipulate a security group you will be able to disable security on volumes in the security group If security is disabled volumes in the security group are accessible from all hosts and are usable as secondary volumes that is copy destination volumes for copy operations regardless of
90. umber of Groups Volume Security enables you to create up to 128 security groups per storage system and up to 64 security groups per LDKC Security groups are classified into access groups and pool groups e One access group can contain only one host group and one LDEV group One host group can contain up to 32 hosts One LDEV group can contain up to 65 280 volumes e One pool group can contain only one LDEV group One LDEV group can contain up to 65 280 volumes The maximum possible number of host groups is 128 per storage system and 64 per LDKC The maximum possible number of LDEV groups is 128 per storage system and 64 per LDKC Maximum Possible Number of Hosts and Volumes Volume Security allows you to manipulate up to 128 hosts for storage system and up to 64 hosts per LDKC Volume Security enables you to manipulate up to 130 560 volumes per storage system and up to 65 280 volumes per LDKC 14 About Volume Security Operations 3 Using the Volume Security GUI This chapter explains Volume Security window and dialog boxes The Volume Security Window The Volume Security window Figure 4 appears when you start Volume Security This window is the starting point for all the Volume Security operations To start the Volume Security software 1 Log on to the disk array to open the Remote Web Console main window For details see the HP StorageWorks XP24000 XP20000 Remote Web Console User s Guide 2 Click Go Mainframe Con
91. umes from LDEV Groups ccrasiicsosicnnsisessncvenqnnrussisaxsdenzonndesadatnecaoesistoraceranaesianeinrel 65 Renaming LDEV Groups s csch cise ecaceaess cogusetekens E E atts ate E E E satedennes 66 Deleting LDEV Groups girerer rarena i a E Ed EEES PEE ria pigiai i aa 67 5 Troubleshooting ssessrissrissrissrissrisrrisriviniscdireninsdivinisidininanissnc irrid ninni 69 Troubleshooting Volume Security sisiorssaenrnsinnninvdnnninsyins dusisnaewiesnannhadodanunaseronniuandunabierbeacisiewhananeancansnes 69 Calling HP Technical Suppor scx aasiea nes tata ci toca dacicua laine doatannb ai ato lasted daniels E E 69 Sipser ond iher Res O ute asi rtccnnrscanenrindeemmuatientanseaupindolatas 7 Related Documentation sainzcatnsnic an tanceceasaesmitacau tunnsuneduidonavlcnnenialbadinbaneneaeaneerensieuase wanted loataceinonk 71 Conventions for Storage Capacity Vales sais cassscossindesnd sannionivatninannibinaseneibbamnaniivncaiimiaaiionbiuubiaaeaines 71 HP Technical Support sosa aena e A E O E E A 71 Subscription SEVICE ysin eaoin eiii i E E EE E E E heeded 72 NAN EIE E EE E E E AE A E E ET 72 Doc mentation Feedback sininesriniiisenariraeniin ra a E E E E A E 72 A Acronyms and Abbreviations csc ixs2ncrtrcdeanernidiararaddraanieismenerinenacienines 73 Figures l Securty Example Tercera na a A E i E ET A G 10 2 Sec riy Example 2 neciiuisanienarenauiead onmeaa eee E NA 11 3 Security Example 3 aiiis ete a a al e e a E lente 12 4 The Volume Security Window c
92. up on page 47 Registering hosts in the host group see Registering Hosts in a Host Group on page 48 Registering ports in the host group see Registering Ports in a Host Group on page 49 Creating an LDEV group see Creating an LDEV Group on page 50 Registering volumes in the LDEV group see Registering Volumes in an LDEV Group on page 51 Creating a security group and classifying the security group as an access group see Creating a Security Group for Use As an Access Group on page 52 Registering the host group and the LDEV group in the security group see Registering a Host Group and an LDEV Group in a Security Group on page 53 Creating a Host Group To specify hosts that can access volumes you must create a host group and then register the hosts in the host group The following is the procedure for creating a host group For details on how to register hosts in a host group see Registering Hosts in a Host Group on page 48 A CAUTION When creating a host group you are strongly recommended to click the Apply button in the Volume Security window as described in the last step of the following procedure If you forget to click Apply you might lose the host group when you encounter an error registering the host group and the LDEV group see Registering a Host Group and an LDEV Group in a Security Group on page 53 To create a host group 1 2 3 Ensure that you are in M
93. volumes Disable indicates the volumes cannot be used as secondary volumes OK Closes the dialog box The Host to LDEV Dialog Box The Host to LDEV dialog box Figure 16 appears when you do either of the following in the Volume Security window Figure 4 e when you right click a host from the upper right table and then select Host to LDEV from the pop up menu when you right click an item in the tree view and then select List gt Host to LDEV from the pop up menu The List gt Host to LDEV pop up command does not display if you double click a security group and then right click a host group or LDEV group from immediately below the security group This dialog box enables you to specify a host and then displays volumes in the security group in which the host is registered see Locating Volumes in a Security Group that Contains a Specified Host on page 44 34 Using the Volume Security GUI Bf Host to Loev LDKC 00 003390 002 12345678901234 0001 IBM LDEV Emulation o0 3390 9 a a4 3390 9 02 3390 9 03 3390 9 04 3390 9 05 3390 9 06 3390 9 Figure 16 The Host to LDEV Dialog Box Description Indicates the number of the selected LDKC Provides information about a host where the number groups from left to right indicate e First The Type Model the type and model number of a host or a channel extender Second The Node ID of a host or a
94. volumes in the LDEV group Select volumes in Not Registered in LDEV group egis and then click this button to move the selected volumes to Registered in LDEV group Not Reaist Deletes volumes from the LDEV group Select volumes in Registered in LDEV group and ee then click this button to move the selected volumes to Not registered in LDEV group Applies settings in the Select LDEV dialog box to the Volume Security window and closes dialog box CAUTION OK Clicking OK applies the settings to the Volume Security window but does not apply the settings to the storage system To apply the security settings to the subsystem you must continue to click Apply in the Volume Security window until they appear in the dialog box Cancel Discards settings in the Select LDEV dialog box and closes the box The Select Port Dialog Box To use the Select Port dialog box you must ensure that Volume Security Port Option is already installed The Select Port dialog box Figure 13 appears when you right click a host group in the tree view of the Volume Security window Figure 4 and then select Specify gt Port from the pop up menu The Select Port dialog box enables you to register ports in the specified host group see Registering Ports in a Host Group on page 49 30 Using the Volume Security GUI Bi select Port LDKC 00 C Registered port Unregistered port Port Port CLI A CL3 C Ja
95. whether the security group is an access group or a pool group To restore security you can restore it in an easy and simple operation If you are sure that you will not need to restore security you can delete your security group to disable security For details on how to delete security groups see Deleting Security Groups on page 61 To disable security on volumes 1 Ensure that you are in Modify mode 2 In the Volume Security window Figure 4 double click an LDKC number 3 Right click the security group in which the desired volumes are registered A pop up menu appears 4 Select Add Change from the pop up menu The Add Change Security Group dialog box Figure 8 appears 5 Ensure that the desired security group is selected in the Security Group List table 6 Select Disable in the Security box 7 Click Change The change is reflected in the dialog box 8 Click OK A CAUTION Here the settings in the window have not been applied to the storage system 9 Click Apply in the Volume Security window Figure 4 A message appears and asks if you want to apply the settings to the storage system 10 Click Yes The settings are applied to the storage system X TIP To restore security you must select the security group in the Add Change Security Group dialog box Figure 8 and then select Enable in the Security box Next click Change and then OK Finally click Apply in the Volume Security window Figure 4
96. x currently displays some of the volumes that you want Select each CU image number to find volumes in the specified CU image If the desired host is not displayed in the upper right table 1 2 gt In the tree view of the Volume Security window Figure 4 right click an item except for a host group or LDEV group that appears immediately below a security group From the pop up menu select List gt Host to LDEV The Host to LDEV dialog box appears Figure 16 From the Host drop down list select the desired host Right click an arrow at the right end of the CU drop down list and then see how many CU image numbers appear If only one CU image number appears the table in the dialog box displays all the volumes that you want e If two or more CU image numbers appear the table in the dialog box currently displays some of the volumes that you want Select each CU image number to find volumes in the specified CU image Locating Ports through Which Hosts Can Access Volumes To find ports via which a host can access volumes you must ensure that Volume Security Port Option is already installed To find ports via which a host can access volumes follow the procedure below To find ports via which a host can access volumes 1 In the Volume Security window Figure 4 right click an item in the tree view and then select List gt Host Group to Port from the pop up menu The Host Group to Port dialog box appears Figu
Download Pdf Manuals
Related Search