> CommCell Console > Storage > Libraries > Commvault VTL 2.0 > Setting Up Access Control for Fiber Channel

Configuring Access Control Rules

Fiber Channel (FC) access control rules, can be defined to restrict access to entire VTL instances, or specific drives/medium changer within a VTL instance to specific Host HBA ports. Access control rules can be used to even specify the incoming HBA port through which access is allowed.

Rules can be defined using the following entities:

  • Host WWPN is the WWPN of the host HBA port through which a SCSI command will be a sent.

  • Target WWPN is the WWPN of the VTL HBA port through which a SCSI command will be received.

  • Access can be Allow access to the specified device, or Disallow/Deny to the specified device.

  • VTL Name is the VTL instance for which the rule is applicable to.

  • Drive ID is the drive id of the VTL, or a medium changer for which the rule is applicable to.

Before You Begin

Make sure that you have disallowed access by default before defining a rule.

Procedure

  1. From the navigation pane, click Access Management.

  2. Under FC Access Rules, click Add Rule.

    The Add FC Rule page appears.

  3. From the Host list, select the host WWPN.

  4. In the WWPN box, type the incoming host port that must be used as the target WWPN .

    WWPN is specified in the format f0:f1:f2:f3:f4:f5:f6:f7 in lower case. If no WWPN is specified then the rule implies any host WWPN.

  5. From the Target WWPN list, select All if the rule applies to all target ports (the HBA port on which the SCSI command will be received by the VTL) or select a specific WWPN from the list.

    If no target WWPN is specified then the rule implies any target WWPN.

  6. From the Rule list, select Allow or Disallow to define the access.

  7. Select the VTL Name from the list.

    If no VTL is specified then the rule implies any configured VTL.

  8. In the Drive ID box, type one of the following values:

    • 0 or no drive ID: The rule applies to the entire VTL, both medium changer and drives.

    • 65535: Rule applies to the medium changer only.

    • 1 and above: Rule applies to the specific drive only. Drives are numbered starting from 1 for each VTL.

  9. Click Submit.

Result

The rule will be added and displayed under FC Access Rules.

Rule Priority

When a SCSI command is received for a VTL device, if there is a rule which matches the sending host WWPN, the incoming target WWPN, the VTL name and the exact drive ID, then that rule is given the priority. If the rule allows access, the SCSI command is processed. If the rule does not allow access, the command is rejected with a SCSI Check Condition, Sense Key Illegal Request, and a ASC/ASCQ LOGICAL UNIT NOT SUPPORTED ASC/ASCQ.

If there is no exact rule, then the rules are prioritized in following order:

  • Host WWPN match, target WWPN match, VTL match, drive ID for the rule is 0 (entire VTL)

  • Host WWPN match, any target WWPN rule, VTL match, drive ID match (Rule for a specific VTL device received through any VTL HBA port)

  • Host WWPN match, any target WWPN rule, VTL match, any drive ID (drive ID 0, entire VTL)

  • Any host WWPN, target WWPN match, VTL Match, drive ID match

  • Any host WWPN, target WWPN match, VTL Match, any drive ID

  • Any host WWPN, any target WWPN, VTL Match, drive ID match

  • Any host WWPN, any target WWPN, VTL Match, any drive ID

×

Loading...