The operation authority with cmd security enabled, Target commands for protection, Permission command – HP XP7 Storage User Manual

The operation authority with CMD security enabled

If the CMD security is enabled, you have the operation authority for the LU which meets both of
the following requirements.

•

The connection to the host has been recognized when you start RAID Manager.

•

The LU is the target of the pair operation specified with MU# which is defined in the
configuration definition file.

For the volumes that you do not have the operation authority, "****" is displayed as the LDEV#,
and "----" is displayed as the status. If you perform the pair operations, RAID Manager rejects the
request with the error code "EX_ENPERM" (pairdisplay is not included).

If you specify 0, 1, 2... for the MU#, your operation authority is limited on the LUs for the local
copy program products (Business Copy, Business Copy Z and Snapshot). If you specify h0, h1,
h2... for the MU#, your operation authority is limited on the LUs for the remote copy (Continuous
Access Synchronous, Continuous Access Synchronous Z, Continuous Access Synchronous Async,
Continuous Access Journal and Continuous Access Journal Z) operations. If you specify nothing
for the MU#, you have the operation authority on MU#0 for the local copy and the remote copy
operations.

Target commands for protection

The following commands are controlled by the Data Protection Facility: horctakeover,
paircurchk

, paircreate, pairsplit, pairresync, pairvolchk, pairevtwait,

pairsyncwait

, raidvchkset, raidvchkdsp, pairdisplay. When the command is issued

to non-permitted volumes, RAID Manager rejects the request with error code "EX_ENPERM"
(pairdisplay is not included).

•

The pairdisplay command shows all volumes, so that you can confirm non-permitted
volumes. Non-permitted volumes are shown without LDEV# information. As shown below, the
LDEV# information is " **** " (if you use -CLI, "****" is displayed as "----". P/S, Status, Seq#
and P-LDEV# M are "----", "-----" or "-").

#

pairdisplay -g oradb

Group PairVol(L/R) (Port#,TID,LU-M),Seq#, LDEV#.P/S,Status, Seq#,P-LDEV# M

oradb oradev1(L) (CL1-D , 3, 0-0) 35013

****..---- ----,----- ---- -

oradb oradev1(R) (CL1-D , 3, 1-0) 35013

****..---- ----,----- ---- -

•

The raidscan command shows all volumes same as current specification, because it does
not need HORCM_DEV and HORCM_INST on horcm.conf. If you want to know permitted
volumes at raidscan, use raidscan -find. The -find option shows device file name
and storage system information by using internal Inquiry result. You can use raidscan
-find

to make horcm.conf, because only permitted volumes are shown with host side

view. Following is an example for HP-UX systems:

#

ioscan -fun | grep rdsk | raidscan -find

DEVICE_FILE UID S/F PORT TARG LUN SERIAL LDEV PRODUCT_ID
/dev/rdsk/c0t3d0 0 F CL1-D 3 0 35013 17 OPEN-3
/dev/rdsk/c0t3d1 0 F CL1-D 3 1 35013 18 OPEN-3

Permission command

RAID Manager recognizes permitted volumes at the result of the permission command. The
permission

command is the -find inst option of raidscan. This option issues an inquiry

to a specified device file to get Ser# and LDEV# from the RAID storage system, and checks an
identification for volumes of horcm.conf to all of own host volumes, then stores the result within
HORCM of the instance. This permission command is started by /etc/horcmgr automatically.

The following example shows the relation between the device file and horcm.conf for a manual
operation on an HP-UX system. All volumes of ioscan are permitted.

192 Data protection operations with RAID Manager