HP XP24000, XP20000 User Manual

HP StorageWorks

XP24000/XP20000 Volume Security User's Guide

Abstract

This document describes and provides instructions for configuring and performing Volume Security operations on the HP storage system.

Part number: T5214-96074 Sixth edition: June 2009

Legal and notice information

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Acknowledgments

Export Requirements

You may not export or re-export this document or any copy or adaptation in violation of export laws or regulations.

Without limiting the foregoing, this document may not be exported, re-exported, transferred or downloaded to or within (or to a national resident of) countries under U.S. economic embargo, including Cuba, Iran, North Korea, Sudan, and Syria. This list is subject to change.

This document may not be exported, re-exported, transferred, or downloaded to persons or entities listed on the U.S. Department of Commerce Denied Persons List, Entity List of proliferation concern or on any U.S. Treasury Department Designated Nationals exclusion list, or to parties directly or indirectly involved in the development or production of nuclear, chemical, biological weapons, or in missile technology programs as specified in the U.S. Export Administration Regulations (15 CFR 744).

Revision History

DescriptionDateEdition

This edition applies to microcode version 60-01-31-00/00 or later.June 2007First

This edition applies to microcode version 60-01-68-00/00 or later.September 2007Second

This edition applies to microcode version 60-02-25-00/00 or later.January 2008Third

This edition applies to microcode version 60-02-48-00/00 or later.March 2008Fourth

This edition applies to microcode version 60-04-04-00/00 or later.December 2008Fifth

This edition applies to microcode version 60-05-00-00/00 or later.June 2009Sixth

Contents

1 Overview of Volume Security ............................................................... 7

Overview ................................................................................................................................... 7

Terminology ............................................................................................................................... 7

2 About Volume Security Operations ....................................................... 9

Overview of Volume Security Functions .......................................................................................... 9

Protecting Volumes from I/O Operations at Mainframe Hosts ........................................................... 9

Enabling Only the Specified Hosts to Access Volumes ............................................................... 9

Port-Level Security ............................................................................................................... 10

Port-Level Security Implementation ......................................................................................... 10

Prohibiting All Hosts from Accessing Volumes ......................................................................... 11

Protecting Volumes from Erroneous Copy Operations .............................................................. 12

Warnings Regarding Volume Security .......................................................................................... 12

Supported Volume Emulation Types ............................................................................................. 13

Maximum Possible Number of Groups ......................................................................................... 14

Maximum Possible Number of Hosts and Volumes ........................................................................ 14

3 Using the Volume Security GUI .......................................................... 15

The Volume Security Window ..................................................................................................... 15

Security Group Tree ................................................................................................................. 16

Hosts Table .............................................................................................................................. 18

LDEVs Table ............................................................................................................................ 19

The Add/Change Security Group Dialog Box ............................................................................... 20

The Add/Change Host Group Dialog Box ................................................................................... 23

The Add/Change LDEV Group Dialog Box .................................................................................. 25

The Add/Change Host Dialog Box ............................................................................................. 27

The Select LDEV Dialog Box ....................................................................................................... 29

The Select Port Dialog Box ......................................................................................................... 30

The Specify Security Group Dialog Box ....................................................................................... 32

The Host to Security Group Dialog Box ........................................................................................ 33

The Host to LDEV Dialog Box ...................................................................................................... 34

Host Group to Security Group Dialog Box .................................................................................... 35

The Host Group to Port Dialog Box .............................................................................................. 36

The LDEV to Security Group Dialog Box ....................................................................................... 37

The LDEV to Host Dialog Box ...................................................................................................... 38

The LDEV Group to Security Group Dialog Box ............................................................................. 40

The Error Detail Dialog Box ........................................................................................................ 41

4 Performing Volume Security Operations ............................................... 43

Launching Volume Security ......................................................................................................... 43

Viewing Security Settings ........................................................................................................... 43

Locating Volumes in a Specified Security Group ..................................................................... 44

Locating Security Groups that Contain a Specified Host ........................................................... 44

Locating Volumes in a Security Group that Contains a Specified Host ........................................ 44

XP24000/XP20000 Volume Security User's Guide 3

Locating Ports through Which Hosts Can Access Volumes ........................................................ 45

Locating Security Groups that Contain a Specified Volume ....................................................... 45

Locating Hosts in a Security Group that Contains a Specified Volume ........................................ 46

Locating Security Groups that Contain a Specified Host Group ................................................. 46

Locating Security Groups that Contain a Specified LDEV Group ................................................ 47

Limiting Host Access .................................................................................................................. 47

Creating a Host Group ....................................................................................................... 47

Registering Hosts in a Host Group ........................................................................................ 48

Registering Ports in a Host Group ......................................................................................... 49

Creating an LDEV Group ..................................................................................................... 50

Registering Volumes in an LDEV Group ................................................................................. 51

Creating a Security Group for Use As an Access Group .......................................................... 52

Registering a Host Group and an LDEV Group in a Security Group ........................................... 53

Prohibiting Host Access ............................................................................................................. 53

Creating an LDEV Group ..................................................................................................... 53

Registering Volumes in an LDEV Group ................................................................................. 54

Creating a Security Group for Use As a Pool Group ............................................................... 55

Registering an LDEV Group in a Security Group ..................................................................... 56

Protecting Volumes from Copy Operations .................................................................................... 57

Disabling Volume Security .......................................................................................................... 58

Editing Security Groups ............................................................................................................. 59

Unregistering a Host Group ................................................................................................. 59

Unregistering an LDEV Group .............................................................................................. 59

Renaming Security Groups .................................................................................................. 60

Deleting Security Groups ..................................................................................................... 61

Editing Host Groups .................................................................................................................. 61

Registering Hosts to be Attached to the Storage System ........................................................... 61

Deleting Hosts from Host Groups .......................................................................................... 62

Deleting Ports from Host Groups ........................................................................................... 63

Renaming Host Groups ....................................................................................................... 64

Deleting Host Groups ......................................................................................................... 65

Editing LDEV Groups ................................................................................................................. 65

Deleting Volumes from LDEV Groups ..................................................................................... 65

Renaming LDEV Groups ...................................................................................................... 66

Deleting LDEV Groups ........................................................................................................ 67

5 Troubleshooting ............................................................................... 69

Troubleshooting Volume Security ................................................................................................. 69

Calling HP Technical Support ..................................................................................................... 69

6 Support and Other Resources ............................................................ 71

Related Documentation .............................................................................................................. 71

Conventions for Storage Capacity Values ..................................................................................... 71

HP Technical Support ................................................................................................................ 71

Subscription Service .................................................................................................................. 72

HP Websites ............................................................................................................................ 72

Documentation Feedback ........................................................................................................... 72

A Acronyms and Abbreviations ............................................................. 73

Index ................................................................................................. 75

Figures

Security Example 1 ................................................................................................. 101

Security Example 2 ................................................................................................. 112

Security Example 3 ................................................................................................. 123

The Volume Security Window ................................................................................... 164

Security Group Tree ............................................................................................... 175

Hosts Table ............................................................................................................ 196

LDEV table ............................................................................................................. 207

The Add/Change Security Group Dialog Box ............................................................. 218

The Add/Change Host Group Dialog Box .................................................................. 249

The Add/Change LDEV Group Dialog Box ................................................................. 2610

The Add/Change Host Dialog Box ............................................................................ 2711

The Select LDEV Dialog Box ..................................................................................... 2912

The Select Port Dialog Box ....................................................................................... 3113

The Specify Security Group Dialog Box ...................................................................... 3214

The Host to Security Group Dialog Box ...................................................................... 3315

The Host to LDEV Dialog Box .................................................................................... 3516

The Host Group to Security Group Dialog Box ............................................................ 3617

The Host Group to Port Dialog Box ............................................................................ 3718

The LDEV to Security Group Dialog Box ..................................................................... 3819

The LDEV to Host Dialog Box .................................................................................... 3920

The LDEV Group to Security Group Dialog Box ........................................................... 4121

The Error Detail Dialog Box ...................................................................................... 4222

XP24000/XP20000 Volume Security User's Guide 5

Tables

Acronyms and Abbreviations .................................................................................... 731

1 Overview of Volume Security

Unless otherwise specified, the term storage system in this guide refers to the following disk arrays:

• HP StorageWorks XP24000 Disk Array

• HP StorageWorks XP20000 Disk Array

• HP StorageWorks XP12000 Disk Array

• HP StorageWorks XP10000 Disk Array

The GUI illustrations in this guide were created using a Windows computer with the Internet Explorer browser. Actual windows may differ depending on the operating system and browser used. GUI contents also vary with licensed program products, storage system models, and firmware versions.

Overview

Volume Security protects data in your HP storage system from I/O operations performed at mainframe hosts. Security can be applied to logical volumes so that specified mainframe hosts are unable to read from and write to the specified logical volumes. Volume Security also enables you to prevent data on logical volumes from being accidentally overwritten by erroneous local or remote copy operations.

Volume Security can be used in conjunction with the Volume Security Port Option. This optional program is used to specify storage system ports through which hosts can access logical volumes.

Using Volume Security you can manipulate up to 64 hosts and 65,280 logical volumes for one storage system. Volume Security also enables you to create up to 64 security groups, 64 host groups, and 64 Volume Groups for one storage system.

Volume Security operations are performed using the licensed HP StorageWorks XP Remote Web Console software. The Remote Web Console software communicates directly with the storage system via a local-area network (LAN). Remote Web Console displays detailed Volume Security information and allows you to configure and perform Volume Security operations for the mainframe systems data stored on the storage system. For further details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide.

To apply port-level security, you must install the Volume Security Port Option. Before installing this program, ensure that Volume Security is already installed. For details on the installation procedure, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide.

Terminology

There are a few notes regarding terminology that users should be aware of when using this manual:

• In the storage system documentation, logical volumes are sometimes referred to as logical devices

(or LDEVs). Also, the storage system documentation sometimes uses the term, LDEV security to refer to security policy that volume security enables you to apply to logical volumes.

• In the Hitachi TrueCopy™ for Mainframe User's Guide, primary volumes are often referred to as

M-VOLs, or main volumes. Also, secondary volumes are often referred to as R-VOLs or remote volumes. In the Hitachi ShadowImage™ for Mainframe User's Guide, primary volumes are often

XP24000/XP20000 Volume Security User's Guide 7

referred to as S-VOLs, or source volumes. Secondary volumes are often referred to as T-VOLs, or target volumes.

Overview of Volume Security8

2 About Volume Security Operations

Overview of Volume Security Functions

The Volume Security feature protects data in your storage system from I/O operations performed at mainframe hosts. Volume Security enables you to apply security to volumes so that the specified mainframe hosts will be unable to read from and write to the specified volumes. Volume Security also enables you to prevent data on volumes from being overwritten by erroneous copy operations.

Volume Security can be used in conjunction with an optional program Volume Security Port Option. This optional program can be used to specify storage system ports via which hosts can access volumes.

In the storage system documentation, volumes are sometimes referred to as logical devices (or LDEVs). Also, the storage system documentation sometimes uses the term LDEV security to refer to security policy that Volume Security enables you to apply to volumes.

Protecting Volumes from I/O Operations at Mainframe Hosts

Volume Security enables you to protect volumes from unauthorized accesses by mainframe hosts. To protect volumes from unauthorized accesses, you must create security groups and then register mainframe hosts and/or volumes in security groups. Security groups are classified into access groups or pool groups. To allow some (but not all) mainframe hosts to access volumes, you must classify the security group as an access group. To prohibit all mainframe hosts from access volumes, you must classify the security group as a pool group.

Enabling Only the Specified Hosts to Access Volumes

To allow only some mainframe hosts in your network to access volumes, you must register the mainframe hosts and the volumes in an access group. For example, if you register two hosts (host_A and host_B) and two volumes (vol_C and vol_D) in an access group, only the two hosts will be able to access vol_C and vol_D. No other hosts will able to access vol_C and vol_D.

If mainframe hosts are registered in an access group, the hosts will be able to access volumes in the same access group, but will be unable to access other volumes. For example, if you register two hosts (host_A and host_B) and two volumes (vol_C and vol_D) in an access group, the two hosts can access vol_C and vol_D and cannot access other volumes.

To register hosts in an access group, you must create a host group, register the hosts in the host group, and then register the host group in the desired access group. To register volumes in an access group, you must create an LDEV group, register the volumes in the LDEV group, and then register the LDEV group in the desired access group. Any access group can only contain one host group and one LDEV group.

In Figure 1, six mainframe hosts are attached to a storage system and two access groups are created. Here, the following security settings are applied:

• The volumes ldev1 and ldev2 are accessible only from host1, host2, and host3 because the two

volumes and the three hosts are registered in the same access group.

XP24000/XP20000 Volume Security User's Guide 9

• The volume ldev4 is accessible only from host4 because ldev4 and host4 are registered in the

same access group.

• The volume ldev5 does not belong to any access groups. For this reason, hosts in access groups

cannot access ldev5. ldev5 is only accessible from host5 and host6, which are not registered in access groups.

Figure 1 Security Example 1

Port-Level Security

Usually, hosts are connected to two or more ports via cables and have access to volumes via these ports. In the security example in Figure 1, hosts in access groups can access volumes via every port to which the hosts are connected.

Note, however, that Volume Security Port Option enables you to prohibit hosts from accessing volumes via specified ports. For example, if a host named host1 is connected to two ports port1 and port2, you can permit the host to access volumes via port1 and prohibit the host from accessing volumes via port2.

Port-Level Security Implementation

To implement such port-level security, first you must determine ports via which hosts can access volumes, and then you must register the ports in host groups. For example, if you register host1 and port1 in the same host group named hg1 and then register hg1 in an access group, host1 can access volume via port1 but cannot access volumes via port2.

In Figure 2, the following security settings are applied:

• The hosts host1, host2, and host3 can access the volumes ldev1 and ldev2 via port1, port2, and

port3. However, the hosts cannot access the volumes via other ports.

• The host host4 can access the volume ldev4 via port4. However, the host cannot access the volume

via other ports.

About Volume Security Operations10

Figure 2 Security Example 2

If no ports are registered in a host group, hosts in the host group can access volumes via ports to which the hosts are connected.

This manual uses the term port-level security, which is a security policy for enabling hosts to access volumes only via ports registered in host groups and thus prohibiting hosts to access the volumes via other ports.

CAUTION:

Before you apply security, you should confirm what hosts are performing I/O operations on volumes in access groups. If any hosts perform I/O operations on volumes in access groups that the hosts do not belong to, you will need to stop the I/O operations before you apply security. For example, if you attempt to apply security settings illustrated in Figure 2, an error occurs and the attempt fails if

host4

and

host5

to ensure that

are performing I/O operations on

host4

and

host5

are not performing I/O operations on

ldev1

Prohibiting All Hosts from Accessing Volumes

To prevent all the mainframe hosts from accessing volumes, you must register the volumes in a pool group (Note that you do not need to register hosts in pool groups). For example, if you register two

. To apply the security settings, you will need

ldev1

XP24000/XP20000 Volume Security User's Guide 11

volumes (vol_A and vol_B) in a pool group, all the mainframe hosts connected to your storage system will be unable to access vol_A and vol_B. To register volumes in a pool group, you must create an LDEV group, register the volumes in the LDEV group, and then register the LDEV group in the desired pool group. Any pool group can only contain one LDEV group.

In Figure 3, a pool group is created. Volumes in this pool group (that is, ldev7, ldev8, and ldev9) are inaccessible from all the hosts:

Figure 3 Security Example 3

Protecting Volumes from Erroneous Copy Operations

When storage system copy software (TrueCopy for Mainframe, Universal Replicator for Mainframe, ShadowImage for Mainframe, and HP StorageWorks XP for FlashCopy Mirroring Software or XP for FlashCopy Mirroring V2 Software) is used to perform copy operations, data will be overwritten onto the secondary volumes (that is, the copy destination volumes). If a volume containing important data is specified as a secondary volume (that is, the copy destination volume) by mistake, storage system copy software operations can overwrite important data on the volume and you could suffer loss of important data.

Volume Security enables you to avoid such loss of data. If a volume contains data that should not be overwritten, you can prevent the volume from being used as a secondary volume (that is, the copy destination volume).

Secondary volumes (that is, copy destination volumes) are often referred to as remote volumes or R-VOLs in the Hitachi TrueCopy™ for Mainframe User's Guide. Also, secondary volumes are referred to as target volumes or T-VOLs in the Hitachi ShadowImage™ for Mainframe User's Guide.

Warnings Regarding Volume Security

Do not apply security to volumes on which any job is running. If you apply security to such a volume, the job will possibly end abnormally.

About Volume Security Operations12

When applying security, make sure that your security settings are correct. If incorrect security settings are made, the system will be difficult or impossible to control.

If the CPU of a mainframe host is upgraded after you apply security settings, you must execute the system command D M=CPU at the mainframe host to obtain the latest information about the host. Next, you must use the latest information to update host information in the Add/Change Host dialog box (for details, see “The Add/Change Host Dialog Box” on page 27).

If you do not update host information, the system will be impossible to control.

• If you are using storage system copy software (TrueCopy for Mainframe, Universal Replicator for

Mainframe, ShadowImage for Mainframe, and XP for FlashCopy Mirroring or XP for FlashCopy Mirroring V2): When you use Volume Security to make security settings, you must register the

primary volume and the secondary volume (that is, the copy source volume and the copy destination volume) in the same LDEV group. For details on how to register volumes in LDEV groups, see

“Registering Volumes in an LDEV Group” on page 51 or “Registering Volumes in an LDEV Group” on page 54.

If you apply security to a primary volume (that is, copy source volume) of a pair of storage system copy software, some or all mainframe hosts might become unable to read from and write to the primary volume. However, the copy operation will be performed normally; data will be copied from the primary volume to the secondary volume.

If you register a primary volume or secondary volume in a security group and then make a setting for preventing the volume from being used as a secondary volume, this setting will take effect after the pair is split.

Mainframe hosts cannot access volumes in pool groups. If a volume in a pool group is specified as a primary volume, the pair creation command might fail.

In the Hitachi TrueCopy™ for Mainframe User's Guide, primary volumes (that is, copy source volumes) are often referred to as M-VOLs or main volumes. Also, secondary volumes (that is, copy destination volumes) are often referred to as R-VOLs or remote volumes.

In the Hitachi ShadowImage™ for Mainframe User's Guide, primary volumes (that is, copy source volumes) are often referred to as S-VOLs or source volumes. Also, secondary volumes (that is, copy destination volumes) are often referred to as T-VOLs or target volumes.

• If you are using Virtual LVI/LUN (VLL) volumes:If you apply security to a VLL volume, you will be

unable to change the VLL settings on the volume. To change the VLL settings, you must use Volume Security to disable security on the VLL volume. For details on how to disable security, see

“Disabling Volume Security” on page 58.

• If you are using HP StorageWorks XP for Compatible Parallel Access Volumes Software: If you

apply security to a Parallel Access Volumes base volume, the security settings will also apply to the corresponding alias volume.

• Removing secured volumes:If you apply security to a volume, you will be unable to remove the

volume. To remove the volume, you must disable security on the volume. For details on how to disable security, see “Disabling Volume Security” on page 58.

• Removing PCBs with secured ports: If port-level security is applied to your storage system, you

cannot remove the PCBs (printed circuit boards) that include secured ports. To remove PCBs that include secured ports, you must use Volume Security Port Option to disable security on the ports. For details on how to disable security, see “Deleting Ports from Host Groups” on page 63.

Supported Volume Emulation Types

• Volume emulation types (that is, device emulation types): Volume Security supports the following

volume emulation types:

• 3380-3, 3380-3A, 3380-3B, 3380-3C

• 3390-3, 3390-3A, 3390-3B, 3390-3C, 3390-3R

XP24000/XP20000 Volume Security User's Guide 13

• 3390-9, 3390-9A, 3390-9B, 3390-9C

• 3390-L, 3390-LA, 3390-LB, 3390-LC

• 3390-M, 3390-MA, 3390-MB, 3390-MC

• PCB types: Volume Security supports the following PCB types:

• ESCON or ACONARC

• FICON or FIBARC

Maximum Possible Number of Groups

Volume Security enables you to create up to 128 security groups per storage system, and up to 64 security groups per LDKC. Security groups are classified into access groups and pool groups:

• One access group can contain only one host group and one LDEV group. One host group can

contain up to 32 hosts. One LDEV group can contain up to 65,280 volumes.

• One pool group can contain only one LDEV group. One LDEV group can contain up to 65,280

volumes.

The maximum possible number of host groups is 128 per storage system, and 64 per LDKC.

The maximum possible number of LDEV groups is 128 per storage system, and 64 per LDKC.

Maximum Possible Number of Hosts and Volumes

Volume Security allows you to manipulate up to 128 hosts for storage system, and up to 64 hosts per LDKC. Volume Security enables you to manipulate up to 130,560 volumes per storage system, and up to 65,280 volumes per LDKC.

About Volume Security Operations14

3 Using the Volume Security GUI

This chapter explains Volume Security window and dialog boxes.

The Volume Security Window

The Volume Security window (Figure 4) appears when you start Volume Security. This window is the starting point for all the Volume Security operations.

To start the Volume Security software:

1. Log on to the disk array to open the Remote Web Console main window. For details, see the HP

StorageWorks XP24000/XP20000 Remote Web Console User’s Guide.

2. Click Go, Mainframe Connection, and then select Volume Security on the menu bar of the Remote

Web Console main window.

• To make security settings and apply the settings, you must use a user account that has the write

permission (For example, the Administrator account). If you use a user account that does not have the write permission, you will be able to view security settings but will neither be able to make security settings nor apply security settings.

• To set security using Volume Security, you must make sure that Remote Web Console is in Modify

mode. For detailed information on how to do this, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide.

Figure 4 shows the Volume Security window when a Security Group belonging to an LDKC is selected.

XP24000/XP20000 Volume Security User's Guide 15

Figure 4 The Volume Security Window

DescriptionItem

Security Group tree

Hosts table

CU list

LDEVs table

Apply

Cancel

Displays the security, host, and LDEV groups assigned to each LDKC defined on the storage system. For details see “Security Group Tree ” on page 16.

Displays the type, model, SEQNUMBER, Logical Partition (LPAR) and vendor of each host. For details, see “Hosts Table” on page 18.

Allows you to select the desired command unit(s) available in each group. When you select a CU image, the table below shows a list of volumes in the selected CU image

Shows the LDEV, emulation, and attribute information assigned to each logical device on the storage system. For details, see “LDEVs Table ” on page 19.

Applies the requested XRC setting changes to the storage system. Any change made to a volume appears in blue italics until you click Apply.

Discards the requested changes without applying them to the storage system. A confirmation message appears to allow you to cancel the requested operation(s). Click OK on the confirmation message to cancel the requested operation(s), or click Cancel to keep (but not start) the requested operation(s).

Security Group Tree

Figure 5 shows the Security Group tree where you can select the LDKC (logical disk controller), and

then choose a security group, host group, or LDEV group residing on that LDKC.

When you double-click LDKC:00 or LDKC:01, you can display a list of security groups, host groups, and LDEV groups in that LDKC. Once you have selected the LDCK you can choose from these options:

Using the Volume Security GUI16

• Double-click Security Group and a list of security groups appears. Then select a host group or

LDEV group in that security group.

• Double-click Host Group and a list of host groups appears. Then select a specific host group.

• Double-click LDEV Group. The tree view shows the host group and/or LDEV group registered in

the security group.

Figure 5 Security Group Tree

DescriptionIcon

Indicates an access group whose volumes can be used as secondary volumes (i.e., copy destination volumes) for copy operations.

Indicates an access group whose volumes cannot be used as secondary volumes (i.e., copy destination volumes) for copy operations.

Indicates a pool group whose volumes can be used as secondary volumes (i.e., copy destination volumes) for copy operations.

Indicates a pool group whose volumes cannot be used as secondary volumes (i.e., copy destination volumes) for copy operations.

XP24000/XP20000 Volume Security User's Guide 17

DescriptionIcon

Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group is classified as an access group. Also, volumes in this security group can be used as secondary volumes (i.e., copy destination volumes) for copy operations.

Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group will be classified as an access group. Also, volumes in this security group are unavailable for use as secondary volumes (i.e., copy destination volumes) for copy operations.

Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group will be classified as a pool group. Also, volumes in this security group will be available for use as secondary volumes (i.e., copy destination volumes) for copy operations.

Indicates that the security settings in this security group are currently disabled. If you enable the security settings, this security group will be classified as a pool group. Also, volumes in this security group will be unavailable for use as secondary volumes (i.e., copy destination volumes) for copy operations.

To make changes to a group, right-click a group or the group entry in the tree, then select Add/Change from the pop-up menu. Changes you make in the resulting dialog box appear in blue italics until you click Apply or Cancel.

NOTE:

If you make Volume Security settings on one LDKC and then move on to another LDKC, click Apply or Cancel before moving on to the LDKC.

Hosts Table

This table provides information about hosts. The table contents depend on the selection in the Security Group tree, as explained below:

• If you select Subsystem, LDKC:00, LDKC:01, Security Group, Host Group, or LDEV Group, the table

shows information about all the hosts.

• If you select a security group, the table shows information about all the hosts that belong to the

selected security group.

• If you select a host group, the table shows information about all the hosts that belong to the selected

host group.

• If you select an LDEV group, the table displays nothing.

Using the Volume Security GUI18

Figure 6 Hosts Table

Vendor

If you make any change to a host, the host appears in blue italics. When you click Apply or Cancel, the host is restored to its original typeface and color.

The Reports Display dialog boxes in Remote Web Console also show information about hosts. For details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide.

LDEVs Table

Figure 7 provides information about volumes. The information available depends on the selection in

the Security Group tree:

• If you select Subsystem, Security Group, Host Group, or LDEV Group, the table provides information

about all the volumes that are accessible from the mainframe hosts.

• If you select a security group, the table provides information about all the volumes that belong to

the selected security group.

• If you select an LDEV group, the table provides information about all the volumes that belong to

the selected LDEV group.

• If you select a host group, the table displays nothing.

DescriptionColumn

A sequential number associated with a host (or channel extender).No.

Type and model number of a host (or a channel extender).Type/Model

Node ID of a host (or a channel extender).SEQNUMBER

The logical partition number of a host.LPAR

The host vendor. Vendors include FJT (Fujitsu), IBM, HTC (Hitachi), and CNT(Ex). If CNT(Ex) appears, the table row indicates the type, model number, and node ID of a channel extender.

XP24000/XP20000 Volume Security User's Guide 19

Figure 7 LDEV table

LDEV

DescriptionColumn

The volume ID (in hexadecimal from 00 to FF)

NOTE:

A volume ID ending in # (for example, 00#) indicates , the volume is an external volume.

Emulation

Attribute

The emulation type of the volume

The volume status:

• An asterisk (*) denotes a secondary volume (copy destination) for USP V/VM

copy software.

• A plus symbol (+) denotes that one or more LU paths are assigned to the volume.

The Add/Change Security Group Dialog Box

The Add/Change Security Group dialog box (Figure 8) appears when you right-click a security group or the Security Group entry in the tree view of the Volume Security window (Figure 4) and then select Add/Change from the pop-up menu.

This dialog box enables you to:

• create a security group and classify the security group as an access group or a pool group (sees

“Creating a Security Group for Use As an Access Group” on page 52 and “Creating a Security Group for Use As a Pool Group” on page 55)

• prevent data in volumes from being overwritten by copy operations (see

“Protecting Volumes from Copy Operations” on page 57)

• disable security settings (see “Disabling Volume Security” on page 58)

• rename security groups (see “Renaming Security Groups” on page 60)

• delete security groups (see “Deleting Security Groups” on page 61)

Using the Volume Security GUI20

Figure 8 The Add/Change Security Group Dialog Box

DescriptionItem

LDKC

Security Group List

Indicates the selected LDKC number.

Descriptive information about the security groups in the LDKC.

• Security indicates whether the security settings in the security group are Enabled or Disabled.

CAUTION:

It is possible that security settings are disabled even if Enabled is displayed. If the Status is Access and the security group contains neither a host nor an LDEV group, security settings in the security group are disabled unconditionally.

• Group Status indicates whether the security group is an Access or a Pool group. If Access

appears, the security group is an access group; volumes in the group can be accessed only by hosts registered in the same group. If Pool appears, the security group is a pool group; volumes in the group cannot be accessed by any hosts.

• T-VOL/R-VOL indicates whether volumes in the security group can be used as secondary

volumes (i.e., copy destination volume). Enable indicates the volumes can be used as secondary volumes. Disable indicates the volumes cannot be used as secondary volumes.

NOTE:

Secondary volumes (that is, copy destination volumes) are often referred to as remote volumes or R-VOLs in the Also, secondary volumes are referred to as target volumes or T-VOLs in the

ShadowImage™ for Mainframe User's Guide

Hitachi TrueCopy™ for Mainframe User's Guide

Hitachi

XP24000/XP20000 Volume Security User's Guide 21

Enter Security Group

Security

DescriptionItem

When creating a new security group, you enter the name of the security group in this Enter Security Group text box. When renaming an existing security group, you select the security group

in the Security Group List table and then enter a new name. The following conventions apply to security group names:

• Up to eight characters can be used.

• Characters are case-sensitive.

• The following characters cannot be used:

\ , / : ; * ? " < > |

• The first character and the last character must not be a space.

Select to make no changes, enable, or disable security settings. The default is Enable.

• No Change does not change the security status of the security groups selected in the Security

Group List table. For example, if you select a security-enabled group and a security-disabled

group in the table, Disable disables security settings in both groups, but No Change does not change the current security status for both groups (The former remains security-enabled and the latter remains security-disabled).

• Enable enables the security settings that are made in the security groups selected in the Se-

curity Group List table.

CAUTION:

It is possible that security settings are disabled even if Enable is selected. If Access is selected in the Group Status box (see below) and the security group contains neither a host group nor an LDEV group, security settings in the security group are disabled unconditionally.

Group Status

T-VOL/RVOL

• Disable disables the security settings that are made in the security groups selected in the Se-

curity Group List table.

Sets a selected security group as access groups or pool groups. The default is Access.

• No Change does not change the group status of the security groups selected in the Security

Group List table. For example, if you select one access group and one pool group, Access

changes the two groups into access groups, but No Change does not change the two groups (The former remains an access group and the latter remains a pool group).

• Access specifies the selected security groups as access groups. Volumes in an access group

can only be accessed by hosts registered in the same access group but cannot be accessed by other hosts.

• Pool specifies the selected security groups as pool groups. Volumes in a pool group cannot

be accessed by any hosts.

Specifies whether volumes in the security group can be used a secondary volumes (i.e., copy destination volumes). The default is Enable.

• No Change does not change the secondary volume settings of the security groups selected

in the Security Group List table. For example, if volumes in one of the selected security groups are usable as copy destinations, but volumes in the other security group are unusable, Enable makes volumes in both groups usable as destinations. However, No Change does not change volumes in both groups (The former remains usable, and the latter remains unusable).

• Enable makes volumes in the selected security groups usable as secondary volumes (copy

destinations).

• Disable makes volumes in the selected security groups unusable as secondary volumes (copy

destinations).

Add

Enter the name of a new security group and click Add. Then the new security group is added to the Security Group List table.

Using the Volume Security GUI22

DescriptionItem

Change

When settings of the selected security groups are changed, click Change to make the changes appear in the Security Group List table.

Applies settings in the Add/Change Security Group dialog box to the Volume Security window, and then closes the dialog box.

CAUTION:

Clicking OK applies the settings to the Volume Security window, but does not apply the settings to the storage system. To apply the security settings to the subsystem, you must continue to click Apply in the Volume Security window until they appear in the dialog box.

Discards settings in the Add/Change Security Group dialog box and closes the dialog boxCancel

The Add/Change Host Group Dialog Box

The Add/Change Host Group dialog box (Figure 9) appears when you right-click a host group or the Host Group entry in the tree view of the Volume Security window (Figure 4) and then select Add/Change from the pop-up menu.

This dialog box enables you to:

• create host groups (see “Creating a Host Group” on page 47)

• rename host groups (see “Renaming Host Groups” on page 64)

• delete host groups (see “Deleting Host Groups” on page 65)

XP24000/XP20000 Volume Security User's Guide 23

+ 53 hidden pages