Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


borderWidth

Panel
network
Anchor
brocadebrocade
Panel
borderColor#248D51
bgColorwhite
titleColorwhite
borderColor#248D51
bgColorwhite
titleColorwhite
borderWidth3
titleBGColor#248D51
borderStylesolid
titleCreate Network System Users
Anchor
network
titleBGColor#248D51
borderStylesolid
title
3
Brocade SAN Switch preparation

Unlike BVQ versions prior to 2023.H1 where Brocade scanner configurations had to be configured for each virtual fabric, now only one scanner configuration per SAN is required. All switches that belong to the same fabric or are reachable by any virtual fabric on one of those switches will be detected and configured in a single scanner configuration. The switch IP used to discover the SAN must be one that has virtual fabrics feature in enabled - unless none of the switches in the fabric support this feature or have it enabled.

Switches in access gateway mode are not part of the fabric, and hence, have to be added to the configuration manually.

FOS REST API function calls are permitted or denied based on user privilege configurations determined by the role-based access control (RBAC) functionality in Fabric OS.
Implementing the following changes to your Brocade switches will not interrupt system operation or compromise performance.
Rest assured, these adjustments can be safely applied even on your running productive system.

Brocade REST API is supported on SAN switches running Fabric OS 8.2.1 and later but we recommend to use FOS 9 and higher. All switches running earlier versions cannot be monitored by BVQ! (see Supported Brocade systems).

Brocade SAN Switch User

For switches running FOS 9, the user needs at least the permissions of the default role basicswitchadmin for all virtual Switches and the chassis.
For switches running FOS 8.2.x, the user needs at least the permissions of the default role admin.
For all versions, there is no support for default switch role user, because it has no permission to observe the RBAC class configure, that BVQ needs to gather information about the switch configuration.

It is recommended to have the same user credentials and access configuration (https / http and SSL certificate) on all Switches belonging to the same SAN.

Depending on the specific FOS level, the following user has to be added on each and every switch you want to scan:

Code Block
languagebash
themeDJango
titleAdd BVQ user via FOS CLI (switches with VF)
FOS 9.x:
userconfig --add bvq -r basicswitchadmin -c basicswitchadmin -l 1-128 -h 128 -d "BVQ Scanner User" -p ChangeMeP@ssw0rd
passwd bvq
> <final_password>

FOS 8.2.x:
userconfig --add bvq -r admin -c admin -l 1-128 -h 128 -d "BVQ Scanner User" -p ChangeMeP@ssw0rd
passwd bvq 
> <final_password>


Code Block
languagebash
themeDJango
titleAdd BVQ user via FOS CLI (switches without VF)
FOS 9.x:
userconfig --add bvq -r basicswitchadmin -d "BVQ Scanner User" -p ChangeMeP@ssw0rd
passwd bvq
> <final_password>

FOS 8.2.x:
userconfig --add bvq -r admin -d "BVQ Scanner User" -p ChangeMeP@ssw0rd 
passwd bvq 
> <final_password>

Increase Rest sessions

It is also an essential requirement to increase the number of allowed REST sessions to 10 on each switch in the fabric. This adjustment is a necessary step to ensure efficient operation.

Code Block
languagebash
themeDJango
titleIncrease the number of allowed Rest sessions to 10
mgmtapp --config -maxrestsession 10

mgmtapp --show
REST Configuration:
Interface State: Enabled
Effective Protocol: HTTPS only
HTTP State: Enabled
Session Count: 10
Throttling Configurations:
Sample Requests : 120
Sample Time (in sec) : 30
Idle Time (in sec) : 3

Gather information for BVQ Scanner configuration

Unlike

BVQ

versions prior to 2023.H1 where Brocade

scanner configurations

had to be configured for each virtual fabric, now only one scanner configuration per SAN is required. All switches that belong to the same fabric or are reachable by any virtual fabric on one of those switches will be detected and configured in a single scanner configuration. The switch IP used to discover the SAN must be one that has virtual fabrics feature in enabled - unless none of the switches in the fabric support this feature or have it enabled.

Switches in access gateway mode are not part of the fabric, and hence, have to be added to the configuration manually.

BVQ scanner configurations

need the following input:

  • Switch IP address or DNS name of one switch in the SAN. This does not need to be the principal but must be one that has virtual fabrics enabled if any of the switches in the SAN are using this feature.
  • Protocol - http or https
  • Switch username and password
  • Port number (if not default)
  • SSL / HTTPS certificate handling

    Code Block
    languagebash
    themeDJango
    titleAdd BVQ user via FOS CLI (switches without VF)
    seccertmgmt show -cert https

    If you want to enable the BVQ Scanner Switch Check SSL certificate, you need to install a non-self-signed certificate on the switch.

Note:

If switches or virtual fabrics are added to or removed from the SAN, the scanner configuration needs to be adjusted manually. Edit the scanner configuration and select "Discover switches" to rediscover the SAN.

Anchor
ciscocisco




white
Panel
borderColor#248D51
bgColor
titleColorwhite
borderWidth3
titleBGColor#248D51
borderStylesolid
titleCisco SAN preparation

BVQ 2022.H2.1 and higher

BVQ collects topology and performance data from Cisco MDS switches using the Cisco MDS NX-API. This feature needs to be enabled on all Cisco MDS switches that should be monitored by BVQ.

Code Block
themeMidnight
titleEnable nxapi
switch# show feature
Feature Name         Instance State
-------------------- -------- -----
...
nxapi                1        disabled
...

switch# conf t
switch(config)# feature nxapi

switch# show feature
Feature Name         Instance State
-------------------- -------- -----
...
nxapi                1        enabled
...

Cisco SAN Switch User

The following user has to be added on each and every switch you want to scan:

Code Block
themeMidnight
titleAdd BVQ User via CLI
cisco-BVQ-1# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
cisco-BVQ-1(config)# role name bvq-role
cisco-BVQ-1(config-role)# description Monitoring role for BVQ
cisco-BVQ-1(config-role)# rule 1 permit show
cisco-BVQ-1(config-role)# exit
cisco-BVQ-1(config)# role show
cisco-BVQ-1(config)# show role
Role: bvq-role
  Description: Monitoring role for BVQ
  Vsan policy: permit (default)
  -------------------------------------------------
  Rule    Type    Command-type    Feature
  -------------------------------------------------
  1       permit  show            *

cisco-BVQ-1(config)# username bvq-user password P@ssw0rd role bvq-role
cisco-BVQ-1(config)# exit
cisco-BVQ-1# show user-account
user:bvq-user
        this user account has no expiry date
        roles:bvq-role


Code Block
themeMidnight
titlecopy and paste following commands
config terminal
role name bvq-role
description Monitoring role for BVQ
rule 1 permit show
exit
username bvq-user password P@ssw0rd role bvq-role
exit