Admin domain features, Requirements for admin domains, Admin domain access levels – Dell POWEREDGE M1000E User Manual

Fabric OS Administrator’s Guide

435

53-1002745-02

Administrative Domains overview

17

Admin Domain features

Admin Domains allow you to do the following:

•

Define the scope of an Admin Domain to encompass ports and devices within a switch or a
fabric.

•

Share resources across multiple Admin Domains. For example, you can share array ports and
tape drives between multiple departments. In

Figure 52

on page 434, one of the storage

devices is shared between AD1 and AD2.

•

Have a separate zone database for each Admin Domain. Refer to

“Admin Domains, zones, and

zone databases”

on page 458 for more information.

•

Move devices from one Admin Domain to another without traffic disruption, cable reconnects,
or discontinuity in zone enforcement.

•

Provide strong fault and event isolation between Admin Domains.

•

Have visibility of all physical fabric resources. All switches, E_Ports, and FRUs (including blade
information) are visible.

•

Continue to run existing third-party management applications. Prior and existing versions of
third-party management applications continue to work with admin IDs and user IDs.

Requirements for Admin Domains

Implementing Admin Domains in a fabric has the following requirements:

•

Admin Domains are not supported on the Brocade 8000. The Brocade 8000 can be in AD0
only.

•

The default zone mode setting must be set to No Access before you create Admin Domains
(refer to

“Setting the default zoning mode for Admin Domains”

on page 443 for instructions).

•

Virtual Fabrics must be disabled before you create Admin Domains (refer to

“Disabling

Virtual Fabrics mode”

on page 290 for instructions).

•

Gigabit Ethernet (GbE) ports cannot be members of an Admin Domain.

•

Traffic Isolation Zoning is supported within Admin Domains, with some restrictions, as
described in

“Admin Domain considerations for Traffic Isolation Zoning”

on page 360.

•

If the fabric includes LSAN zones:

-

The LSAN zone names must not end with “_ADn”.

-

The LSAN zone names must not be longer than 57 characters.

Refer to

Chapter 24, “Using FC-FC Routing to Connect Fabrics,”

for information about the FC-FC

Routing Service and LSAN zones.

Admin Domain access levels

Admin Domains offer a hierarchy of administrative access. To manage Admin Domains, you must
be a physical fabric administrator. A physical fabric administrator is a user with admin permissions
and access to all Admin Domains (AD0 through AD255). Only a physical fabric administrator can
perform Admin Domain configuration and management.

Other administrative access is determined by your defined Role-Based Access Control (RBAC) role
and AD membership. Your role determines your access level and permission to perform an
operation. Your AD membership determines the fabric resources on which you can operate.