Fibre Channel (SAN)

SFOS-to-FOS Conversion

by venkatesh.r4 on ‎03-13-2007 01:00 AM - edited on ‎10-30-2013 01:04 PM by bcm1 (219 Views)

DETAILED DESCRIPTION  

Brocade Secure Fabric OS introduced the notion of a "secure mode" in the fabric. Secure mode provides mandatory enforcement of a set of security mechanisms considered desirable for fabric-wide properties, such as SCC policies, and for fabric-wide password distribution in environments that do not use RADIUS authentication, authorization, and accounting (AAA) service. 

However, Secure Fabric OS fabric-wide enforcement may be too inflexible and the propagation of configuration changes too wide-ranging and implicit for some users. For this reason, Brocade is introducing a new model with the following characteristics: More granular, explicit control over the switch and fabric-wide configuration changes to a fabric 
A fabric-wide distribution enforcement mechanism that accommodates mixed Fabric OS version environments in which updates to a fabric can be performed incrementally 

The first phase delivers advanced security features in the standard Fabric OS in version 5.2.0, including: Delivering selected security policy enforcement via access control lists (ACLs), without requiring a secure mode on the fabric 

You upload a configuration file from the primary FCS switch in a secure fabric, edit the file manually, and then download the edited file. Or you can upload a configuration file from the primary FCS switch in a secure fabric, use this script to delete policies that are unnecessary for ACLs in Fabric OS 5.2.0, and then download the file 

REQUIREMENTS 

Operating System Not Applicable 

Interface Not Applicable 

Fabric Operating System Fabric OS v5.2.0 

Other None 

 

NOTES (INCLUDING LIMITATIONS) 

In order to migrate to use the security features in standard Fabric OS, you must have Fabric OS 5.2.0 installed in the fabric VLAN (8021.q and ISL 802.1p).

NOTE: Fabric OS 5.2.0 provides SCC and DCC policies stored in a local database; however, SCC and DCC policies in Secure Fabric OS and in Fabric OS are not interchangeable. If you have security enabled in the fabric via Secure Fabric OS, you must disable it before you can use the ACL policies in Fabric OS. 

For more about ACLs and Fabric OS, see "Configuring Advanced Security" in the Fabric OS Administrator's Guide for version 5.2.0. 

 

NOTE: This contribution was migrated by Brocade from the former Brocade Connect community on March 13, 2008, on behalf of the author.

Contributors