Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

1866

Brocade Network Advisor SAN + IP User Manual

53-1003155-01

Policy monitor overview

47

The resiliency and redundancy of the fabric is an important aspect of the SAN topology. To
remove any single point of failure, SAN fabrics have resiliency built into the Fabric OS.

For example, when a link between two switches fails, routing is recalculated and traffic is
assigned to a new route. Therefore, to provide redundancy and enable resiliency, using ISLs,
the best practice is to make sure that there are at least two ISLs between each switch pair.

The redundant link refers to both the physical connection and the logical ISL. No matter how
many physical connections exist between the two base switches, there is only one logical ISL
between two logical switches. A logical ISL counts as one connection between the source and
destination switches; therefore, when a logical ISL is present, the connection count may be
inaccurate. To pass this monitor, the total number of logical ISL and physical connections must
be greater than the minimum connection.

For FCIP tunnels, one tunnel counts as one connection. This rule does not check circuits within
the FCIP tunnel. The total number of trunk ISLs, single ISLs, and the number of tunnels is
compared with the minimum number settings to decide if the redundant ISL check is a
success or a failure.

Rule Violation Fix — If the configuration policy manager report shows a violation, the SAN
Administrator can add redundant ISLs between the source and the target switch.

•

Check for HTTPS (secure HTTP) configuration — This switch and router configuration policy
manager enables you to check each target to see if HTTPS is active for device data
transmission.

NOTE

Not supported on Network OS products and the following IronWare products: Ethernet Core
routers, Ethernet Carrier Routers, Ethernet Edge router, and Data Center switch, as well as the
6650 Ethernet switch, router, and L3 router.

The preferred Management application product communication must be HTTPS for this check
to pass.

For Fabric OS products, verifies the IP ACL active policy rules. You should verify that the IP ACL
active rules deny HTTP access to all.

For Fabric OS products, if the IPv6 interface is enabled, verifies both IPv4 and IPv6 IP ACL
active policies.

Rule Violation Fix — If the configuration policy manager report shows a violation, enable HTTPS
on the device. Disable HTTP settings on the device, if enabled.

•

Check if the product is configured to send events to this server — This switch and router
configuration policy manager enables you to determine if the Management application server
is registered as an SNMP recipient and Syslog recipient.

If the server has multiple NICs, the server uses an IP address reachable from the switch for
event registration. This policy cannot determine if the server is using a reachable IP address for
the event registration.

If the Management application server fails to register as a listener for SNMP, Syslog, and other
events, the Management application server cannot notify you of changes to the fabric or
device. If a fabric or switch fails, the Management application cannot provide notification, log,
or support data. Therefore, you may not realize that there is an inconsistency between the
physical device status and the device status in the Management application for some time.
This policy cannot determine if the SNMP trap or syslog listener ports are available or working.