07-xp12000 lun management
TRANSCRIPT
© 2004 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
XP120000 LUN Configuration andSecurity Manager
HP Restricted
Module 7
Sept 2004 HP Restricted 2
Objectives
• Describe host groups and their benefits
• Use the CV GUI and CLI to configure host groups and perform LUN operations, such as adding, changing, and deleting LUNs
• Use the CV GUI and CLI to create command devices and make changes to port parameters
• Describe the benefits provided by the Configuration File Loader
• Describe LUN Security XP Extension operations
Sept 2004 HP Restricted 3
LUN management overview
LUN management enables you to configure• LUNs
• LU paths
• LUN Security
• Command devices for use by RAID Manager
• Fibre Channel ports
Sept 2004 HP Restricted 4
LUN Mapping?
“LUN Mapping” should really be called “Volume Mapping”, since that’s what is being accomplished.
LUN Mapping is the process of mapping a Volume to a CHIP (Client Host Interface Processor) port for the purpose of allowing an external host to use the volumes for storage.
Sept 2004 HP Restricted 5
Mapping a Volume to a Port
An XP Volume (CU:LDEV) is visible to a server as a logical storage device (a LUN or Disk), only after being mapped to an array port that is connected to the server.
Alternate Paths:
• A Volume mapped to more than one array port is said to have an alternate path.
• A Volume with multiple paths to a server, will appear to a server as multiple and separate storage devices.
• Two devices on a server with the same XP Array Volume (CU:LDEV) number are really alternate paths to the same Volume.
Sept 2004 HP Restricted 6
LUN security overview
• LUN Security is integrated with LUN Management
• A default host group is associated to each port
• To assign LUNs to a port, a host group must exist
• Each host group can have a different host mode assigned to it
• Permitted host WWNs are added through the host group
Sept 2004 HP Restricted 7
LUN management and host groups
Port CL1-B
Disk subsystem
Host group HP-UX 01
Host group HP-UX 02
CU:LDEV
02:01
02:02
CU:LDEV
00:20
Port CL1-A
LUN0
00:21 LUN1
Host group HP-UX 01
(HP)
LUN0
LUN1
Host group HP-UX 02
Host group HP-UX 03
Host group Solaris 04
CU:LDEV
01:05
01:06
LUN0
LUN1
Host group AIX 03
Host group Solaris 04
CU:LDEV
00:22
00:23
LUN0
LUN1
02:06 LUN21
01:23 LUN32
00:24 LUN43
04:27 LUN51
02:06 LUN21
03:06 LUN32
03:07 LUN43
03:08 LUN51
Sept 2004 HP Restricted 8
XP512/48 and XP12000 Comparison
LUN0
LUN1
LUN2
LUN3……..
LDEV
LDEV
LDEV
LDEV……..
LUN0
LUN1
LUN2
LUN3……..
LDEV
LDEV
LDEV
LDEV……..
WWNGrp 0
WWNGrp 1
WWNGrp X ……………….
Port
XP12000 – 1024 LUNs/Port
Server A
HP-UX
Server B
Solaris
Server XNT
LUN#0 availablefor each Host Group
PortHP-UX
…….. ……..
XP512/48 – 256 LUNs/Port
LUN0 LDEV
LUN2 LDEV
LUN1 LDEV
LUN3 LDEV
LUN7 LDEV
LUN255 LDEV
…….. ……..
Server A
Server B
Server X
Host Mode set for each port
Host Mode set foreach Host Group
Sept 2004 HP Restricted 9
Comparison – HOST Port Logical
XP12000 XP1024 XP128 XP512 XP48 XP256
LUNs/port 1024 512 512 256 256 120
LUNs/Host Group 1024 256 256 -- -- --
LUNs/DKC 262144 32768 24576 8192 6144 1920 (F)
Host Groups/Port 255 128 128 -- -- --
Host Groups/DKC 65280 8192 6144 -- -- --
WWN/port 1024 256 256 128 128 32
WWN/Host Group 1024 256 256 -- -- --
Sept 2004 HP Restricted 10
LUN management• up to 1024 LUNs/host group & max. 1024 LUNs/port• up to 256 LUNs/NAS port• up to 255 host groups/port; 1024 WWN/ports & 1024 WWN/host
group• max. 57,344 host groups/subsystem• max. 262144 LUNs/DKC• 64 CUs, 16384 LDEVs (2nd release, 8192LDEV 1st rel.)• some system modes can be set per host group • (CAUTION DO NOT USE!)
Sept 2004 HP Restricted 11
XP12000/XP12000 host connectivity• LUN definition needs host group with LUN Security enabled• Up to 1024 WWNs per host group
Cannot assign the sameWWN to different hostgroups on same port
Host A HP
WWN0
Host B HP
WWN1
Host C Sun
WWN2
Host D Sun
WWN3
Port : CL1-A (EF) Port : CL1-B (E8)
Host Grp0
WWN0 WWN1
Host Grp1
WWN2 WWN3
LUN 0 (0:00)LUN 1 (0:01) LUN 2 (0:02)
LUN 0 (0:20)LUN 1 (0:24)LUN 2 (2:36)
Host Grp0
WWN0
LUN 0 (0:00)LUN 1 (0:01)LUN 2 (2:36)
Host
XP1024/128
No limitation for LUNto volume assignments
LUN to volume assignmentis independent across ports
Sept 2004 HP Restricted 12
LUN security
CU:LDEV
01:05
02:01
Host groupHP-UX G01
(HP)
Host groupWindows G02
CU:LDEV
02:00
02:02
Host groupHP-UX G01
Host groupWindows G02
LUN0
LUN1
LUN0
LUN1
PortCL1-A
Sept 2004 HP Restricted 13
Configuring LUN security disabled
When LUN Security is disabled, hosts can only gain access to LUNs associated with host group XX-G00
CU:LDEV
00:01
01:04
Port CL1-A
LUN0
LUN1
Host group 0
(HP)
Host group HP-UX G01
Host group Windows G02
Host group 011A - G00
Host group HP-UX G01
Host group Windows G02
Sept 2004 HP Restricted 14
Configuring LUN security enabled
When LUN security is enabled, hosts can only gain access to LUNs associated with their host group
CU:LDEV
01:05
02:01
PortCL1 - A
LU N 0
LUN 1
Host groupHP-UX G01
(HP)
Host groupWindows G02
CU:LDEV
02:00
02:02
LU N 0
LUN 1
Host group HP-UX G01
Host group Windows G02
Sept 2004 HP Restricted 15
Host groups
Basic capability with
• LUN Security disabled• only host group XX-G00 visible• up to 512 LUNs with a single host mode• all hosts have access to all LUNs
• LUN Security enabled• only LUNs in non-default host group are visible to hosts• up to 255 host groups per port with host modes• up to 1024 LUNs per host group• up to 1024 LUNs per port• 1024 WWNs per host group• 65k host groups per array
Sept 2004 HP Restricted 16
Starting LUN Management GUI
Click LUN Management
Select Modify mode
Port pane shows configured CHIP ports
LDEV pane shows configured LDEVs
LUN Management pane
WWN pane
Sept 2004 HP Restricted 17
Setting the security switch
3. Click Apply to set configuration changes
1. Choose LUN Security:OFFONto enable port security
2. Click YES to enable port security
Sept 2004 HP Restricted 18
Defining LU paths overview
Four major steps
• Finding WWNs of open-system hosts
• Creating host groups
• Registering hosts (WWNs) in host groups
• Associating host groups with logical volumes
Sept 2004 HP Restricted 19
Creating (adding) a host group
1. Right-click theport and selectAdd New Host Group
2. Enter the HostGroup Nameand select theHost Mode.Click OK when done
3. Click Apply to set configuration changes
Sept 2004 HP Restricted 20
Modifying a host group
1. Right-click thehost group and select Change Host Group
2. Input changes to the Host Group Name and Host Mode.Click OK when done
3. Click Apply to set changes
Sept 2004 HP Restricted 21
Deleting a host group
1. Right-click the host group and select Delete Host Group
2. Click YES to confirm host group deletion
3. Click Apply to set changes
Sept 2004 HP Restricted 22
Adding a WWN
1. Right-click the host group and select Add New WWN
2. Enter the WWNand Nickname.Click OK when done
3. Click Apply toset changes
Sept 2004 HP Restricted 23
Modifying a WWN
1. Right-click the WWN and select Change WWN & Nickname
2. Edit the WWN and/or Nickname. Click OK when finished
3. Click Apply to set configuration changes
Sept 2004 HP Restricted 24
Deleting a WWN
1. Right-click the WWN and select Delete WWN
2. Click YES to delete the WWN
3. Click Apply to set configuration changes
Sept 2004 HP Restricted 25
Defining LU paths — associating host groups with logical volumes
Select a host group. Click an LDEV to assign to a LUN #, drag and drop the LDEV onto the LUN # assignment
2. Click OK to confirm LUN path creation
3. Click Apply to set configuration changes
Sept 2004 HP Restricted 26
Deleting an LU path
1. Right-click a LUN and select Release LU path
2. Click OK to confirm LUN path deletion
3. Click Apply to set configuration changes
Sept 2004 HP Restricted 27
Creating a command device
1. Right-click a LUN and choose Command Device:OFFON
2. Click YES to confirm Command Device creation
3. Click Apply to set configuration changes
Sept 2004 HP Restricted 28
Configuring Fibre Channel ports
Sept 2004 HP Restricted 29
Changing a port parameter
1. Select a CHIP port to configure
2. Select the new parameters to apply to the CHIP port
Current CHIP port parameters
3. Click Set toapply changes
4. Click Apply to set configuration changes
Sept 2004 HP Restricted 30
Configuration File Loader
Sept 2004 HP Restricted 31
Configuration File Loader overview
• Sets disk array configurations by applying a saved configuration definition file– Saves time and reduces errors when applying the same
configuration to multiple arrays or making large-scale changes
• Two main components– Configuration File Loader screen is used to
• Export a spreadsheet file that includes the current configuration information
• Import a file, which can be defined offline, that contains the new configuration
– Spreadsheet file of current configuration information
Sept 2004 HP Restricted 32
Requirements and main tasks
Requirements• Configuration File Loader comes preloaded from factory
• In addition to the Command View requirements, also install– Spreadsheet software or text editor
– LUN Configuration and Security Manager XP
Main tasks• Accessing Configuration File Loader
• Exporting the current settings spreadsheet
• Editing the spreadsheet
• Importing the edited spreadsheet
• Checking for errors
Sept 2004 HP Restricted 33
LUN Security Extension overview
• Provides data protection to an XP disk array from I/O operations performed on open systems hosts
• Allows an access attribute to be assigned to each logical volume
• With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost, and stolen
• LUN Security Extension also offers the capability to freeze data activity within the environment. This ensures that logical volumes whose retention period expires will not return to Read/Write mode. This feature is called Expiration Lock (also called Audit Lock)
Sept 2004 HP Restricted 34
LUN Security Extension overview
• OpenLDEV Guard (Hitachi name)
• Provides data protection to an XP disk array from I/O operations performed on open systems hosts.
• Allows an access attribute to be assigned to each logical volume.
• With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost and stolen.
• Configuration through CV/XP or RaidManager
• Retention time needs to be specified for each LDEV
• Requires:
– LUN Security Extension license key – license based on raw capacity
– XP 1024 FW version 21.07.04 or later (21.08.05 strongly recommended)
Sept 2004 HP Restricted 35
Access attributes
• To restrict read and write operations on logical volumes, an access attribute must be assigned to each logical volume.
• Three access attributes are available
– Read/Write—Allows open systems hosts to perform both read and write operations on the logical volume
– Read Only—Allows open systems hosts to perform read, but not write operations on the logical volume
– Protect—Open systems hosts cannot access the logical volume or perform any read or write operations on it
• Access attributes cannot be assigned to mainframe volumes or logical volumes that are not mapped to physical devices
• Examples of access attributes
Sept 2004 HP Restricted 36
Retention term
• If you change the access attribute of a logical volume to Read Only or Protect, you will be prohibited from changing the access attribute to Read/Write for a selected period of time.
• The LUN Security Extension pane displays the words Retention Term to define the period of time when attempts to change access attribute to Read/Write are prohibited.
• You are prompted to specify a retention term when you change the access attribute of a logical volume to Read Only or to Protect.
• After you specify the retention term, you can extend the term but cannot shorten it.
Sept 2004 HP Restricted 37
LUN Security Extension operation
Sept 2004 HP Restricted 38
Changing access attributes of logical volumes
1. 2.
1. Select the access attribute.
2. Set the Retention Term
3. Click Apply
3.
Sept 2004 HP Restricted 39
Prohibiting changes to read/write volumes even after the retention term ends
When expiration lock is ON, access attributes of logical volumes cannot be changed to Read/Write even after the retention term ends.
When expiration lock is OFF, access attributes of logical volumes can be changed to Read/Write even after the retention term ends.
Sept 2004 HP Restricted 40
Protecting Logical Volumes against CA and BC operations
• Assigning the Read Only or Protect attribute is one way to prevent data in a volume from being overwritten by Continuous Access (CA) and Business Copy (BC) copy operations.
• Volumes with the Read Only or Protect attribute are protected against these copy operations, but are also protected against any other form of write operations.
• Lun Security Extension allows to prohibit a logical volume from being specified as a secondary volume (a copy destination volume) for CA or BC operations.
Sept 2004 HP Restricted 41
Preventing Command View users from configuring LU paths and command devices
• If the Reserved column displays a hyphen (-), Command View users can change LU path settings and command device settings on the logical volume
• If the Reserved column displays RAID Manager, Command View users cannot change LU path or command device settings on the logical volume: only RAID Manager can be used
Sept 2004 HP Restricted 42
Learningcheck
Sept 2004 HP Restricted 43
Labactivity
Sept 2004 HP Restricted 44