Preparation for Scanning Brocade FC Switch
StorageGuard collects configuration data from Brocade FC switches by running read-only FOS commands over a secure SSH session.
The following table lists the requirements for scanning Brocade FC switches:
# | Description |
1 | Provide the network name or IP address of a Brocade SAN director. StorageGuard will automatically discover the names and IP addresses of the Brocade switches in the network through scanning this director. |
2 | Provide a user account (and password) for each Brocade SAN director and switch. |
3 | The user account should be assigned with an unlimited read-only role, capable of running all “show” and other read-only FOS commands. In a Virtual Fabric environment, chassis permission is also required. Examples of read-only FOS commands used:
|
4 | Verify that IP connectivity through SSH (default is port 22) is available between the StorageGuard server and each Brocade director and switch. |
Creating a User Account for Scanning Brocade FC Switch
The following suggested method can be used to create a user account with appropriate privileges:
roleconfig --add cntrole -class AdminDomains,ADSelect,AG,Audit,Authentication,Blade -perm O
roleconfig --change cntrole -class ChassisConfiguration,ChassisManagement,ConfigManagement -perm O
roleconfig --change cntrole -class DCE,Diagnostics,DMM,EncryptionConfiguration -perm O
roleconfig --change cntrole -class EncryptionManagement,EthernetConfig,Fabric -perm O
roleconfig --change cntrole -class FabricRouting,FCoE,FICON,FIPSCfg,SwitchConfiguration -perm O
roleconfig --change cntrole -class FirmwareKeyManagement,FirmwareManagement,FRUManagement,HA -perm O
roleconfig --change cntrole -class IPfilter,IPSec,ISCSI,License,LocalUserEnvironment,Logging -perm O
roleconfig --change cntrole -class LogSupportsave,ManagementAccessConfiguration,ManagementServer -perm O
roleconfig --change cntrole -class MAPS,NameServer,Nocheck,NxPortManagement,FabricDistribution -perm O
roleconfig --change cntrole -class PKI,PortMirror,RADIUS,Reboot,Restricted,RoleConfig -perm O
roleconfig --change cntrole -class RoutingAdvanced,RoutingBasic,Security,SessionManagement,SNMP -perm O
roleconfig --change cntrole -class Statistics,StatisticsDevice,StatisticsPort -perm O
roleconfig --change cntrole -class SwitchManagement,SwitchManagementIPConfiguration -perm O
roleconfig --change cntrole -class SwitchPortConfiguration,SwitchPortSecurityConfiguration -perm O
roleconfig --change cntrole -class SwitchPortManagement,Topology,USBManagement,UserManagement -perm O
roleconfig --change cntrole -class WWNCard,Zoning,LayerTwo,SRM,PhysicalComputerSystem -perm O
roleconfig --change cntrole -class Configure,Debug,Factory,FIPSBootprom -perm O
userconfig --add cntuser -r cntrole -c cntrole -p <password> -l <all LF Ids, example: 1-128>
Preparation for Scanning Brocade SANnav
StorageGuard collects configuration data from SANnav by running read-only API calls over a secure HTTPS session.
The following table lists the requirements for scanning SANnav:
# | Description |
1 | Provide each SANnav server name or IP address. |
2 | Provide a read-only user name and password for each SANnav server. |
3 | Make sure that IP connectivity through HTTPS (port 443) is available between the StorageGuard server and each SANnav server. |
Creating a User Account for Scanning Brocade SANnav
The following suggested method can be used to create a user account with appropriate privileges:
- Click SANnav in the navigation bar, and then select Security > SANnav User Management.
- Click Users, and then click the + button in the subnavigation bar.
- Enter the username and password.
- In the Roles section, select AllPrivileges_ReadOnly.
- In the AORs section, select All Fabrics.
- Click Save.
Comments
0 comments
Please sign in to leave a comment.