Configuring Brocade switches for monitoring

Configure Brocade switches for monitoring through a direct connection. IBM Storage Insights establishes this connection by using the Brocade REST API and requires Fabric OS 8.2.1 or later.

About this task

Before you add a Brocade switch for monitoring in IBM Storage Insights, you must configure it for HTTPS and set up the proper user role.

Procedure

  1. To enhance security, configure a switch for HTTPS. This action disables HTTP access.
    Option 1
    Create a self-signed HTTPS certificate by using the seccertmgnt generate command.
    seccertmgmt generate -cert [https | extn -keypair_tag keypair_tag] [-type [rsa | dsa | ecdsa]][-keysize value] 
[-hash type] [-years value] [-f]
    For example:
    switch:admin> seccertmgmt generate -cert https
    Option 2
    Upload a CA-signed certificate by using the seccertmgmt import command.
    seccertmgmt import -cert [fcap | commoncert | https | radius | ldap | syslog | extn -keypair_tag keypair_tag | mgmtip] 
-protocol [scp | ftp]-ipaddr IP_address -remotedir remote_directory-certname certificate_name-cacert preimported_local_ca_cert-login login_name 
-password password

    For more information, see Brocade® Fabric OS® Command Reference Manual, 8.2.x.

  2. Configure a user with required roles for the switches.
    1. To collect metadata about a switch, IBM Storage Insights requires a user account with "user" or "admin" role. If the switch is virtualized, the user must also have a "user" or "admin" role for the chassis and have access to all the Logical Fabric IDs 1 - 128.
    2. To create a user with the required roles, run one of the following commands.
      • For virtualized switches, run the userconfg --add command with the -r role, -l LF_ID_LIST, and -c chassis_role options.
        virtualizedswitch:admin> userconfig --add user_name -r user -l 1-128 -c user -p MyPassword
      • For non-virtualized switches, run the userconfg --add command with the -r role option.
        physicalswitch:admin> userconfig --add user_name -r user -p MyPassword
    3. To change the role for an existing user, run one of the following commands.
      • For virtualized switches, run the userconfig --change command with the -r, -l, or -c options along with the userconfig --addlf command to expand the list of Logical Fabric IDs.
        For example, run the following command to change the chassis role and the list of Logical Fabric IDs that the user is allowed to access.
        virtualizedswitch:admin> userconfig --change user_name -c admin -l 128
        virtualizedswitch:admin> userconfig --addlf user_name -c admin -l 1-128
      • For non-virtualized switches, run the userconfig --change command with the -r option.
        physicalswitch:admin> userconfig--change user_name -r admin
    4. To verify the roles, run the userconfig --show command. Add the -a option to list all users on the switch.