07-xp12000 lun management

© 2004 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice

XP120000 LUN Configuration andSecurity Manager

HP Restricted

Module 7

Sept 2004 HP Restricted 2

Objectives

• Describe host groups and their benefits

• Use the CV GUI and CLI to configure host groups and perform LUN operations, such as adding, changing, and deleting LUNs

• Use the CV GUI and CLI to create command devices and make changes to port parameters

• Describe the benefits provided by the Configuration File Loader

• Describe LUN Security XP Extension operations


LUN management overview

LUN management enables you to configure• LUNs

• LU paths

• LUN Security

• Command devices for use by RAID Manager

• Fibre Channel ports


LUN Mapping?

“LUN Mapping” should really be called “Volume Mapping”, since that’s what is being accomplished.

LUN Mapping is the process of mapping a Volume to a CHIP (Client Host Interface Processor) port for the purpose of allowing an external host to use the volumes for storage.


Mapping a Volume to a Port

An XP Volume (CU:LDEV) is visible to a server as a logical storage device (a LUN or Disk), only after being mapped to an array port that is connected to the server.

Alternate Paths:

• A Volume mapped to more than one array port is said to have an alternate path.

• A Volume with multiple paths to a server, will appear to a server as multiple and separate storage devices.

• Two devices on a server with the same XP Array Volume (CU:LDEV) number are really alternate paths to the same Volume.


LUN security overview

• LUN Security is integrated with LUN Management

• A default host group is associated to each port

• To assign LUNs to a port, a host group must exist

• Each host group can have a different host mode assigned to it

• Permitted host WWNs are added through the host group


LUN management and host groups

Port CL1-B

Disk subsystem

Host group HP-UX 01

Host group HP-UX 02

CU:LDEV

02:01

02:02

CU:LDEV

00:20

Port CL1-A

LUN0

00:21 LUN1

Host group HP-UX 01

(HP)

LUN0

LUN1

Host group HP-UX 02

Host group HP-UX 03

Host group Solaris 04

CU:LDEV

01:05

01:06

LUN0

LUN1

Host group AIX 03

Host group Solaris 04

CU:LDEV

00:22

00:23

LUN0

LUN1

02:06 LUN21

01:23 LUN32

00:24 LUN43

04:27 LUN51

02:06 LUN21

03:06 LUN32

03:07 LUN43

03:08 LUN51


XP512/48 and XP12000 Comparison

LUN0

LUN1

LUN2

LUN3……..

LDEV

LDEV

LDEV

LDEV……..

LUN0

LUN1

LUN2

LUN3……..

LDEV

LDEV

LDEV

LDEV……..

WWNGrp 0

WWNGrp 1

WWNGrp X ……………….

Port

XP12000 – 1024 LUNs/Port

Server A

HP-UX

Server B

Solaris

Server XNT

LUN#0 availablefor each Host Group

PortHP-UX

…….. ……..

XP512/48 – 256 LUNs/Port

LUN0 LDEV

LUN2 LDEV

LUN1 LDEV

LUN3 LDEV

LUN7 LDEV

LUN255 LDEV

…….. ……..

Server A

Server B

Server X

Host Mode set for each port

Host Mode set foreach Host Group


Comparison – HOST Port Logical

XP12000 XP1024 XP128 XP512 XP48 XP256

LUNs/port 1024 512 512 256 256 120

LUNs/Host Group 1024 256 256 -- -- --

LUNs/DKC 262144 32768 24576 8192 6144 1920 (F)

Host Groups/Port 255 128 128 -- -- --

Host Groups/DKC 65280 8192 6144 -- -- --

WWN/port 1024 256 256 128 128 32

WWN/Host Group 1024 256 256 -- -- --


LUN management• up to 1024 LUNs/host group & max. 1024 LUNs/port• up to 256 LUNs/NAS port• up to 255 host groups/port; 1024 WWN/ports & 1024 WWN/host

group• max. 57,344 host groups/subsystem• max. 262144 LUNs/DKC• 64 CUs, 16384 LDEVs (2nd release, 8192LDEV 1st rel.)• some system modes can be set per host group • (CAUTION DO NOT USE!)


XP12000/XP12000 host connectivity• LUN definition needs host group with LUN Security enabled• Up to 1024 WWNs per host group

Cannot assign the sameWWN to different hostgroups on same port

Host A HP

WWN0

Host B HP

WWN1

Host C Sun

WWN2

Host D Sun

WWN3

Port : CL1-A (EF) Port : CL1-B (E8)

Host Grp0

WWN0 WWN1

Host Grp1

WWN2 WWN3

LUN 0 (0:00)LUN 1 (0:01) LUN 2 (0:02)

LUN 0 (0:20)LUN 1 (0:24)LUN 2 (2:36)

Host Grp0

WWN0

LUN 0 (0:00)LUN 1 (0:01)LUN 2 (2:36)

Host

XP1024/128

No limitation for LUNto volume assignments

LUN to volume assignmentis independent across ports


LUN security

CU:LDEV

01:05

02:01

Host groupHP-UX G01

(HP)

Host groupWindows G02

CU:LDEV

02:00

02:02

Host groupHP-UX G01


LUN0

LUN1

LUN0

LUN1

PortCL1-A


Configuring LUN security disabled

When LUN Security is disabled, hosts can only gain access to LUNs associated with host group XX-G00

CU:LDEV

00:01

01:04

Port CL1-A

LUN0

LUN1

Host group 0

(HP)

Host group HP-UX G01

Host group Windows G02

Host group 011A - G00




Configuring LUN security enabled

When LUN security is enabled, hosts can only gain access to LUNs associated with their host group

CU:LDEV

01:05

02:01

PortCL1 - A

LU N 0

LUN 1

Host groupHP-UX G01

(HP)


CU:LDEV

02:00

02:02

LU N 0

LUN 1




Host groups

Basic capability with

• LUN Security disabled• only host group XX-G00 visible• up to 512 LUNs with a single host mode• all hosts have access to all LUNs

• LUN Security enabled• only LUNs in non-default host group are visible to hosts• up to 255 host groups per port with host modes• up to 1024 LUNs per host group• up to 1024 LUNs per port• 1024 WWNs per host group• 65k host groups per array


Starting LUN Management GUI

Click LUN Management

Select Modify mode

Port pane shows configured CHIP ports

LDEV pane shows configured LDEVs

LUN Management pane

WWN pane


Setting the security switch

3. Click Apply to set configuration changes

1. Choose LUN Security:OFFONto enable port security

2. Click YES to enable port security


Defining LU paths overview

Four major steps

• Finding WWNs of open-system hosts

• Creating host groups

• Registering hosts (WWNs) in host groups

• Associating host groups with logical volumes


Creating (adding) a host group

1. Right-click theport and selectAdd New Host Group

2. Enter the HostGroup Nameand select theHost Mode.Click OK when done



Modifying a host group

1. Right-click thehost group and select Change Host Group

2. Input changes to the Host Group Name and Host Mode.Click OK when done

3. Click Apply to set changes


Deleting a host group

1. Right-click the host group and select Delete Host Group

2. Click YES to confirm host group deletion

3. Click Apply to set changes


Adding a WWN

1. Right-click the host group and select Add New WWN

2. Enter the WWNand Nickname.Click OK when done

3. Click Apply toset changes


Modifying a WWN

1. Right-click the WWN and select Change WWN & Nickname

2. Edit the WWN and/or Nickname. Click OK when finished



Deleting a WWN

1. Right-click the WWN and select Delete WWN

2. Click YES to delete the WWN



Defining LU paths — associating host groups with logical volumes

Select a host group. Click an LDEV to assign to a LUN #, drag and drop the LDEV onto the LUN # assignment

2. Click OK to confirm LUN path creation



Deleting an LU path

1. Right-click a LUN and select Release LU path

2. Click OK to confirm LUN path deletion



Creating a command device

1. Right-click a LUN and choose Command Device:OFFON

2. Click YES to confirm Command Device creation



Configuring Fibre Channel ports


Changing a port parameter

1. Select a CHIP port to configure

2. Select the new parameters to apply to the CHIP port

Current CHIP port parameters

3. Click Set toapply changes



Configuration File Loader


Configuration File Loader overview

• Sets disk array configurations by applying a saved configuration definition file– Saves time and reduces errors when applying the same

configuration to multiple arrays or making large-scale changes

• Two main components– Configuration File Loader screen is used to

• Export a spreadsheet file that includes the current configuration information

• Import a file, which can be defined offline, that contains the new configuration

– Spreadsheet file of current configuration information


Requirements and main tasks

Requirements• Configuration File Loader comes preloaded from factory

• In addition to the Command View requirements, also install– Spreadsheet software or text editor

– LUN Configuration and Security Manager XP

Main tasks• Accessing Configuration File Loader

• Exporting the current settings spreadsheet

• Editing the spreadsheet

• Importing the edited spreadsheet

• Checking for errors


LUN Security Extension overview

• Provides data protection to an XP disk array from I/O operations performed on open systems hosts

• Allows an access attribute to be assigned to each logical volume

• With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost, and stolen

• LUN Security Extension also offers the capability to freeze data activity within the environment. This ensures that logical volumes whose retention period expires will not return to Read/Write mode. This feature is called Expiration Lock (also called Audit Lock)


LUN Security Extension overview

• OpenLDEV Guard (Hitachi name)

• Provides data protection to an XP disk array from I/O operations performed on open systems hosts.

• Allows an access attribute to be assigned to each logical volume.

• With access attributes assigned, can restrict read and write operations on logical volumes and prevent data from being damaged, lost and stolen.

• Configuration through CV/XP or RaidManager

• Retention time needs to be specified for each LDEV

• Requires:

– LUN Security Extension license key – license based on raw capacity

– XP 1024 FW version 21.07.04 or later (21.08.05 strongly recommended)


Access attributes

• To restrict read and write operations on logical volumes, an access attribute must be assigned to each logical volume.

• Three access attributes are available

– Read/Write—Allows open systems hosts to perform both read and write operations on the logical volume

– Read Only—Allows open systems hosts to perform read, but not write operations on the logical volume

– Protect—Open systems hosts cannot access the logical volume or perform any read or write operations on it

• Access attributes cannot be assigned to mainframe volumes or logical volumes that are not mapped to physical devices

• Examples of access attributes


Retention term

• If you change the access attribute of a logical volume to Read Only or Protect, you will be prohibited from changing the access attribute to Read/Write for a selected period of time.

• The LUN Security Extension pane displays the words Retention Term to define the period of time when attempts to change access attribute to Read/Write are prohibited.

• You are prompted to specify a retention term when you change the access attribute of a logical volume to Read Only or to Protect.

• After you specify the retention term, you can extend the term but cannot shorten it.


LUN Security Extension operation


Changing access attributes of logical volumes

1. 2.

1. Select the access attribute.

2. Set the Retention Term

3. Click Apply

3.


Prohibiting changes to read/write volumes even after the retention term ends

When expiration lock is ON, access attributes of logical volumes cannot be changed to Read/Write even after the retention term ends.

When expiration lock is OFF, access attributes of logical volumes can be changed to Read/Write even after the retention term ends.


Protecting Logical Volumes against CA and BC operations

• Assigning the Read Only or Protect attribute is one way to prevent data in a volume from being overwritten by Continuous Access (CA) and Business Copy (BC) copy operations.

• Volumes with the Read Only or Protect attribute are protected against these copy operations, but are also protected against any other form of write operations.

• Lun Security Extension allows to prohibit a logical volume from being specified as a secondary volume (a copy destination volume) for CA or BC operations.


Preventing Command View users from configuring LU paths and command devices

• If the Reserved column displays a hyphen (-), Command View users can change LU path settings and command device settings on the logical volume

• If the Reserved column displays RAID Manager, Command View users cannot change LU path or command device settings on the logical volume: only RAID Manager can be used


Learningcheck


Labactivity

07-xp12000 lun management

Documents