Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4
Figures
1 Security example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 12
2 Security example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 13
3 Security example 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 14
4 SANtinel window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 16
5 Add/Change Host Group window. . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 19
6 Add/Change Host window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 20
7 Select Port window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 21
8 Add/Change LDEV Group window . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 22
9 Select LDEV window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 23
10 Add/Change Security Group window . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 24
11 Specify Security Group window. . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 25
12 Add/Change Security Group window . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 26
13 Specify Security Group window. . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 27
14 Add/Change Security Group window . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 27
15 Add/Change Security Group window . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 28
16 Add/Change Security Group window . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 30
17 Add/Change Host window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 31
18 Add/Change Host window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 32
19 Select Port window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 33
20 Add/Change Host Group window. . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 33
21 Select LDEV window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 34
22 Add/Change LDEV Group window . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 35
23 Security Group to LDEV window . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 36
24 Host to Security Group window . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 37
25 Host Group to Port window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 38
26 Host to LDEV window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 39
27 LDEV to Security Group window . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 40
28 LDEV to Host window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 40
29 Host Group to Security Group window . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 41
30 LDEV Group to Security Group window . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 42
31 Error Detail window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. .. . .. .. . .. . ...... 42
Tables
1 Recommended and minimum firmware versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
2 Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
3 Security group icons for SANtinel operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4 Add/Change Host window icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Intended audience
This guide is intended for customers and HP-authorized service providers with knowledge of the following:
• Disk array hardware and software
• Data processing and RAID storage subsystems and their basic functions
NOTE: The functions described in this manual may be limited, depending on your assigned level of user
access. Some users will have read-only access while others will have limited or full array access. For
additional information on users and user groups, please see the HP StorageWorks XP Remote Web
Console user guide.
Prerequisites
Prerequisites for using this product include:
• Installation of the HP StorageWorks disk array(s)
• Installation of the license key for this product
Firmware versions
The recommended firmware versions shown in Table 1 provide the optimal level of support for the features
provided with this product. Older firmware versions can be used; however, product features enabled with
newer firmware will not appear.
Related documentation
In addition to this guide, please refer to other documents for this product:
• HP StorageWorks XP Remote Web Console user guide for XP12000/XP10000
• HP StorageWorks XP Remote Web Console user guide for XP1024/XP128
• Hitachi TrueCopy for z/OS user guide
• Hitachi ShadowImage for z/OS user guide
You can find these documents at http://www.hp.com/support/rwc/manuals
Convention Element
Blue text: Table 1 Cross-reference links and e-mail addresses
CAUTION: Indicates that failure to follow directions could result in damage to equipment or data.
HP technical support
Telephone numbers for worldwide technical support are listed on the HP support web site:
http://www.hp.com/support/.
Collect the following information before calling:
• Technical support registration number (if applicable)
• Product serial numbers
• Product model names and numbers
• Applicable error messages
• Operating system type and revision level
• Detailed, specific questions
For continuous quality improvement, calls may be recorded or monitored.
Subscription service
HP strongly recommends that customers register online using the Subscriber’s choice web site at
http://www.hp.com/go/e-updates.
8
Subscribing to this service provides you with e-mail updates on the latest product enhancements, newest
driver versions, and firmware documentation updates as well as instant access to numerous other product
resources.
After subscribing, locate your products by selecting Business support and then Storage under Product
Category.
NOTE: Logical volumes are sometimes referred to as logical devices or LDEVs. Also, this guide sometimes
uses the term LDEV security to refer to the security policy that you can apply to logical volumes.
NOTE: Secondary volumes are often referred to as remote volumes or R-VOLs in Hitachi TrueCopy for
z/OS user guide. Also, secondary volumes are referred to as target volumes or T-VOLs in Hitachi
ShadowImage for z/OS user guide.
SANtinel Window
The SANtinel window is the starting point for all the SANtinel operations.
Security Group tree
The Security Group tree is located on the left side of the window and displays a view a list of security
groups, host groups, and LDEV groups. The tree contains the following folders:
• Security Group: Contains all of the security groups. Double-clicking a security group displays the host
group and/or LDEV group registered in the security group.
The security group icons show the security settings applied to the logical volumes.
Table 3 Security group icons for SANtinel operations
Icon Status
Logical volumes in this access group can be used as secondary volumes for remote copy operations.
Logical volumes in this access group cannot be used as secondary volumes for remote copy
operations.
Logical volumes in this pool group can be used as secondary volumes for remote copy operations.
Logical volumes in this pool group cannot be used as secondary volumes for remote copy operations.
Icon Status
The security settings in this security group are currently disabled.
If you enable the security settings, this security group will be classified as an access group. Also,
logical volumes in this security group will be unavailable for use as secondary volumes for remote copy
operations.
Icon Status
The host is registered in the current host group and is attached to the disk array by a cable.
The host is registered in the current host group and is not attached to the disk array.
The host is registered in another host group (though the host can be registered in the current host
group) and is attached to the disk array by a cable.
The host is registered in another host group (though the host can be registered in the current host
group), but it is not attached to the disk array.
No icon The host is not registered in any host group, but it is attached to the disk array by a cable.
NOTE: If hosts registered in the host group are also registered in another host group, you cannot
register the ports in Registered port list, and thus you cannot implement port-level security.
4. Click OK.
5. From the SANtinel window, click Apply. A confirmation dialog box is displayed.
6. Click Yes. The settings are applied to the disk array.
Creating an LDEV Group
To specify logical volumes that should be secured, create an LDEV group and then register the logical
volumes in the LDEV group.
To create an LDEV group:
1. From the SANtinel window, right-click LDEV Group. A pop-up menu is displayed.
NOTE: If you want to make logical volumes in your security group usable as secondary volumes
for remote copy operations, click the security group in the Add/Change Security Group window
and then click Enable under T-VOL/R-VOL. Next, click Change and then OK. Finally, click Apply in
the SANtinel window.
Disabling Security
Complete the following procedure to disable security on logical volumes in the security group. If security is
disabled, logical volumes in the security group are accessible from all hosts and are usable as secondary
volumes for remote copy operations, regardless of whether the security group is an access or pool group.
If you are certain that you will not need to restore security, you can delete your security group to disable
security. For details on how to delete security groups, refer to ”Deleting Security Groups” on page 30.
To disable security on logical volumes:
1. From the SANtinel window, right-click the security group in which the logical volumes are registered. A
pop-up menu is displayed.
2. Click Add/Change from the pop-up menu. The Add/Change Security Group window is displayed.
NOTE: If you want to restore security, click the security group in the Add/Change Security Group
window and then click Enable under Security. Next, click Change and then OK. Finally, click Apply
in the SANtinel window.
TIP:
• If you registered a host in an incorrect host group, first follow the previous procedure to register
the host in the correct host group. Then, follow the procedure in ”Deleting Hosts from Host
Groups” on page 32 to remove the host from the incorrect host group.
Finding Logical Volumes in the Security Group that Contains a Specified Host
If a security group is classified as an access group, the security group contains both host and logical
volumes. The following procedures explain how to specify a host and to find logical volumes in the security
group in which the specified host is registered. Follow the first procedure if the host is displayed in the
Hosts table (the upper-right table on the SANtinel window). Follow the second procedure if the host is not
displayed in the Hosts table.
If the host is displayed in the Hosts table:
1. Right-click the host in the table.
Finding Hosts in the Security Group that Contains a Specified Logical Volume
If a security group is classified as an access group, the security group contains both host and logical
volumes. The following procedures explain how to specify a logical volume and to find hosts in the security
group in which the specified logical volume is registered. Follow the first procedure if the logical volume is
displayed in the LDEVs table (the lower-right table on the SANtinel window). Follow the second procedure
if the logical volume is not displayed in the LDEVs table.
If the logical volume is displayed in the LDEVs table:
1. Right-click the logical volume in the table.
2. From the pop-up menu, click List -> LDEV to Host. The LDEV to Host window is displayed. The table on
the right displays a list of hosts.
C H
classifying security groups 23, 25 help, obtaining 8, 9
conventions HP
document 8 storage web site 9
text symbols 8 Subscriber’s choice web site 8
creating technical support 8
host groups 18
LDEV groups 21 L
security groups for use as access groups 23 LDEV security 11
security groups for use as pool groups 25 LDEVs 11
customer support 8 logical devices 11
logical partitions 17
D LPARs 17
deleting
host groups 34 M
hosts from host groups 32 maximum number of groups 15
LDEV groups 35
logical volumes from LDEV groups 34 P
ports from host groups 32 PCB types 14
security groups 30 pool groups 13
disabling security 18, 28 port-level security 11, 12
document prerequisites 7
conventions 8 prohibiting hosts from accessing logical volumes 13, 25
prerequisites 7 protecting
related documentation 7 logical volumes from erroneous remote copy
operations 14
E logical volumes from I/O operations 11
editing logical volumes from remote copy operations 27
host groups 30
LDEV groups 34 R
security groups 29 registering
security settings 29 host and LDEV groups in security groups 24
emulation types 14 hosts in host groups 19
enabling hosts to be attached to disk arrays 31
hosts to access logical volumes 18 LDEV groups in security groups 26
specified hosts to access logical volumes 11 logical volumes in LDEV groups 22
ports in host groups 20
F related documentation 7
finding renaming
hosts in security groups containing specified logical host groups 33
volumes 40 LDEV groups 35
logical volumes in security groups 36 security groups 29
logical volumes in security groups containing restrictions 14
specified hosts 38
ports through which hosts can access logical volumes S
37 secondary volumes 14
security groups containing specified host groups 41 starting 16
security groups containing specified hosts 37 Subscriber’s choice, HP 8
T
technical support, HP 8
text symbols 8
troubleshooting 42
U
unregistering
host groups from security groups 29
LDEV groups from security groups 29
V
viewing security settings 36
W
web sites
HP documentation 7
HP storage 9
HP Subscriber’s choice 8
46