Full Name
N-port
network port
Port Function
Node port used to connect a node to a Fibre Channelswitch
or node port
F-port
fabric port
L-port
loop port
NL-port network +
loop port
FL-port
fabric + loop
port
E-port
extender port
G-port
general port
switch; on the switch side, it looks like a normal E_port -- but on the
router side, it is a EX_port
TE_por trunking E-
port
With Enginuity 5875 and SE 7.2.0, new array based licensing has been introduced. This means any host attached to the
array with SE installed will have unrestricted access to the array and can make configuration changes. This has necessiated
the implementation of Host based Symmetrix Access Control on the arrays. The purpose is to disable servers from making
config changes on the arrays, and restrict their access to a certain set of snaps/clones and corresponding source devices.
Oveall process involves readying the array for access control, and then configuring the accesses as per the requirements.
Initial configuration on the array will be carried out by EMC CE. Steps involve:
* Enable Symmetrix Access Control (symacl)
* Create administrator accgroup
* Add management hosts to the group to carry out ACL administration
* Add service processor to the group for EMC remote support
* Create symacl pin or password which will be required to carry out ACL administration. Environment variable
SYMCLI_ACCESS_PIN can be set so as to avoid prompt for PIN every time symacl command is run to change the
configuration.
Initial set up can be verified as below.
gmthostB
- Service Processor
Pool Name
Access Type
ALL_DEVS
ADMIN
AdminGrp
ALL_DEVS
ALL
UnknwGrp
ALL_DEVS
BASE
UnknwGrp
!INPOOLS
ALL
MgmtHostA #
Now that the initial set up is complete, lets proceed to the configurations on arrays for servers accessing its storage. Steps
listed below illustates the commands to run when you have a hostname, snap or clone devices, and their corresponding
source devices (could be replicated or non-replicated).
MgmtServ#
* Preview/Prepare/Commit ACL changes
Pool Name
Access Type
ALL_DEVS
ADMIN
AdminGrp
ALL_DEVS
ALL
UnknwGrp
ALL_DEVS
BASE
UnknwGrp
!INPOOLS
ALL
servA_grp
servA_pool
BCV
servA_grp
ALL_DEVS
BASE
Devices
ACLs
16
Group Name
Number of
Number of
Access IDs
ACLs
UnknwGrp
servA_pool
Pool Name
Access Type
--------------------------------
-------------------------------- -----------
servA_grp
servA_pool
BCV
servA_grp
ALL_DEVS
BASE
: 000294901274
: 16
Type
-------------------------------------servA_grp
BCV
}
Member Devices (16):
{
Device Name
Device
---------------------------- -------------------------------------Cap
Sym
Physical
Config
Attribute
Sts
(MB)
TDEV
N/Grp'd
RW
23200
.....
.....
.....
}
MgmtServ#
# Add both the hosts to access group using their unique id (beware of 8 char limitation on
host name)
add host accid 2F5800AD-55448DCE-9D3D758B name servR1 to accgroup servR1_R2_grp;
add host accid 2F5800AD-55448DCE-AE4E869C name servR2 to accgroup servR1_R2_grp;
# Add both the hosts to access group using their unique id (beware of 8 char limitation on
host name)
add host accid 2F5800AD-55448DCE-9D3D758B name servR1 to accgroup servR1_R2_grp;
add host accid 2F5800AD-55448DCE-AE4E869C name servR2 to accgroup servR1_R2_grp;
add host accid <acl id> name <host_identifier> to accgroup <groupname>; # to add the host to
accgroup
remove accid name <host_identifier> from accgroup <groupname>; # to remove a host from accgroup
move accid name <host_identifier> to accgroup <new_groupname>; # to move a host from existing to new
accgroup
delete accgroup <groupname> [remove_aces=true]; # to delete an accgroup
* accpool related commands in configuration file
create
remove dev <firstdev:lastdev> from accpool <poolname>; # to remove devices from the accpool
delete accpool <poolname> [remove_aces=true]; # to delete an accpool
* commands in configuration file related to granting the permission
grant access=<accesstype> to accgroup <groupname> for accpool <poolname> | <all|non-pooled
devs>;
remove access=<accesstype> from accgroup <groupname> for accpool <poolname> | <all|nonpooled devs>;
HP
Continuous Access XP
Compaq
DRM
HDS
Truecopy
EMC
SRDF
IBM
PPRC