Access Management

The fcconfig tool allows for controlling access to a VDisk over the FC interface. Using the fcconfig tool rules can added to specify the host WWPN or GUID that can or cannot access a VDisk.

To add a rule

/quadstor/bin/fcconfig -a -v <VDisk Name> -r <allow|disallow> -w <wwpn>

For example

/quadstor/bin/fcconfig -a -v FOO -r allow -w f0:f1:f2:f3:f4:f5:f6:f7
/quadstor/bin/fcconfig -a -v FOO -r allow -w fe80:0000:0000:0000:0002:c902:0025:7f89

In the above example VDisk FOO is allowed access for a host with WWPN f0:f1:f2:f3:f4:f5:f6:f7. The WWPN expected is a 23 character string. Similarly fe80:0000:0000:0000:0002:c902:0025:7f89 is the GUID of the SRP initiator.

The WWPN or GUID specified will have be be in lower-case

To delete the above rule

/quadstor/bin/fcconfig -x -v FOO -r allow -w f0:f1:f2:f3:f4:f5:f6:f7

To list all existing rules

/quadstor/bin/fcconfig -l

Examples

/quadstor/bin/fcconfig -a -r disallow : Disallow access to all VDisks over the FC interface
/quadstor/bin/fcconfig -a -r allow : Allow access to all VDisks over the FC interface
/quadstor/bin/fcconfig -a -r disallow -w f0:f1:f2:f3:f4:f5:f6:f7 : Disallow access to all VDisks for WWPN f0:f1:f2:f3:f4:f5:f6:f7
/quadstor/bin/fcconfig -x -r disallow : Delete all disallow rules
/quadstor/bin/fcconfig -x -w /quadstor/bin/fcconfig -a -r disallow : Delete all rules corresponding to the specified WWPN

Rules can be combined. For example

/quadstor/bin/fcconfig -a -r disallow
/quadstor/bin/fcconfig -a -r allow -v FOO

The above two rules combined specify that access to only VDisk FOO is allowed over the FC interface. It should be noted that without an explicit disallow access isn't restricted. For example if '/quadstor/bin/fcconfig -a -r disallow' is not specified, other VDisks are still accessible.

Rule priority

For a given client WWPN an exact rule match for that WWPN and the target VDisk is searched. If found that rule applies. Else the following matches are searched for with the first match in the following order being the rule to apply

  1. Rule matching the client WWPN
  2. Rule matching the target VDisk
  3. Rule which applies to any WWPN

Rule matching the client WWPN

Rule matching the target VDisk

Rule which applies to any WWPN

Rule which applies to any VDisk

If there is no rule matches then access to the VDisk is considered allowed for that client WWPN