Document Audience:INTERNAL
Document ID:I0667-2
Title:Sun StorEdge T3 and T3+ array controllers which are connected to a public ethernet network may disable without warning or experience availability problems if they are scanned by third party security software
Copyright Notice:Copyright © 2005 Sun Microsystems, Inc. All Rights Reserved
Update Date:2002-03-07

---------------------------------------------------------------------
- Sun Proprietary/Confidential: Internal Use Only -
---------------------------------------------------------------------  
                            FIELD INFORMATION NOTICE
                  (For Authorized Distribution by SunService)
FIN #: I0667-2
Synopsis: Sun StorEdge T3 and T3+ array controllers which are connected to a public ethernet network may disable without warning or experience availability problems if they are scanned by third party security software
Create Date: Mar/07/02
Keywords: 

Sun StorEdge T3 and T3+ array controllers which are connected to a public ethernet network may disable without warning or experience availability problems if they are scanned by third party security software

SunAlert: Yes
Top FIN/FCO Report: Yes
Products Reference: T3/T3+ StorEdge Array w/Third Party Network Security 
                    Software
Product Category: Storage / SW Admin
Product Affected: 
Systems Affected:
-----------------  
Mkt_ID   Platform   Model   Description   		Serial Number
------   --------   -----   -----------   		-------------
   -     Anysys      -      System Platform Independent       -
   

X-Options Affected:
-------------------
Mkt_ID   Platform   Model   Description   		Serial Number
------   --------   -----   -----------   		-------------
   -     T3         ALL     StorEdge T3 Array                 -
   -     T3+        ALL     StorEdge T3+ Array                -
Parts Affected: 
Part Number   Description   Model
-----------   -----------   -----
   -              -           -
References: 
BugId: 4356418 - Cybercop test causes controller data access exception.
       4527674 - H.E.A.T security software scan causes T3 controller 
                 failure. 

SunAlert: 26464
Issue Description: 
-----------------
|FROM FIN I0667-1:|
 ----------------- 

Any customers that have T3 units connected to a general purpose
ethernet network, and using T3 firmware versions 1.16a / 1.16c, or
earlier, may experience the problems stated below.  Depending on the
configuration, I/O performance may decrease, or data may become
inaccessible.
 
A number of problems have been identified within the ethernet
networking module (pNA) of the T3's embedded real-time operating system
(pSOS).  Firmware versions 1.16a / 1.16c, and all earlier versions are
susceptible to these problems.
 
The problems identified so far include:

  o Cybercop security package test causes controller data access exception.
  o Executing arp -a on a T3 may cause a controller reset.
  o Long http strings can result in a T3 probe break.

As a result of ANY of these issues, and possibly others that have not
yet been identified, the following problems may be observed:

1. StorEdge T3 Partner Group Array Configurations
   ============================================== 

   In a partner group configuration, the master controller will disable.
   This will cause the alternate master controller to perform a fail-over
   and it will be promoted to the master role.  As long as multi-pathing
   software is installed and properly configured on the data host, I/O
   will fail-over to the remaining controller path. This could cause a
   performance impact due to the loss of I/O bandwidth and the T3 partner
   group cache mode shifting to write through for all LUNs on the partner
   group.

2. StorEdge T3 Single Array Configurations
   ======================================= 

   With single arrays, the controller will disable and any LUNs defined on
   the T3 will be inaccessible to its attached host(s) until the T3 is
   rebooted.
 
   The ethernet port and associated TCP/IP services provided by the T3 are
   critical to maintaining and monitoring its overall health.
   Unfortunately, the TCP/IP services provided with the T3's embedded
   real-time operating system prior to FW 1.17a, had a number of
   deficiencies, which made the T3 sensitive to certain network events.
   Using a Sun StorEdge T3 array with FW 1.16a / 1.16c or earlier versions
   on a general purpose network, has been shown under certain conditions
   to cause controllers to disable.  As a result, performance can decrease,
   or data can become inaccessible.

 ----------------------
|UPDATE FOR FIN I0667-2:|
 ----------------------
 
The following sections in the Corrective Action for FIN I0667-1 have 
been updated:

. T3+ storage array product has been added to the affected current 
  storage array product list.
  
. A command to use to identify the current firmware version installed 
  in the system is as follows:
  
    The "ver" command can be typed on the Sun StorEdge T3/T3+ array to
    display the firmware version of the Sun StorEdge T3/T3+ array
    controller.  At this point ALL Sun StorEdge T3/T3+ array controller
    firmware versions are susceptible to this problem.
    
    Any Sun StorEdge T3/T3+ array controller connected to an ethernet 
    network where third party security software is in use may be
    affected.

. An error message that may be displayed if HEAT software is used:

    Below is a snip of the syslog messages on a Sun StorEdge T3 array
    partner group which was connected to an ethernet network.  The Sun
    StorEdge T3 array master controller (u1) was disabled after being
    scanned by the H.E.A.T security software developed by third party
    software company.

      H.E.A.T. is launching the process /usr/local/heat/bin/hydrarecon as 
               id 1026
      H.E.A.T. is launching the process /usr/local/heat/bin/hydraprobe as 
               id 1027
      Nov 15 14:40:14 hws27-41 sh05[1]: N: fru stat
      Nov 15 14:41:34 hws27-41 HBTT[2]: N: u2ctr: Takeover process completed
      Nov 15 14:41:34 hws27-41 HBTT[2]: W: u1ctr: Offline
      H.E.A.T. is launching the process /usr/local/heat/bin/hydraexplore as 
               id 1030
      Nov 15 14:44:52 hws27-41 sh10[2]: N: fru stat
      H.E.A.T. is launching the process /usr/local/heat/bin/hydraanalysis as 
               id 1050
	
. The recommended workaround is as follows:

    A recommended workaround to this problem is to install all Sun StorEdge
    T3/T3+ arrays on a private network which is excluded from third party
    software security scans.    
    
At this point a fix has not been implemented. PDE engineering has
identified a specific instance of this problem involving the H.E.A.T
security software. It is expected that the specific problem identified
involving the H.E.A.T security software will be corrected in a future
release of the Sun StorEdge T3 array controller firmware.
Implementation: 
---
        |   |   MANDATORY (Fully Pro-Active)
         ---    
         
  
         ---
        | X |   CONTROLLED PRO-ACTIVE (per Sun Geo Plan) 
         --- 
         
                                
         ---
        |   |   REACTIVE (As Required)
         ---
Corrective Action: 
An Authorized Enterprise Services Field Representative may avoid the
above mentioned problems by following the recommendations as shown
below.
 
At this point a recommended workaround is to install Sun StorEdge T3/T3+
Arrays on a private network which excludes the use of third party
security software.
Comments: 
----------------------------------------------------------------------------
Implementation Footnote: 
i)   In case of MANDATORY FINs, Enterprise Services will attempt to    
     contact all affected customers to recommend implementation of 
     the FIN. 
   
ii)  For CONTROLLED PROACTIVE FINs, Enterprise Services mission critical    
     support teams will recommend implementation of the FIN  (to their  
     respective accounts), at the convenience of the customer. 

iii) For REACTIVE FINs, Enterprise Services will implement the FIN as the   
     need arises.
----------------------------------------------------------------------------
All released FINs and FCOs can be accessed using your favorite network 
browser as follows:
 
SunWeb Access:
-------------- 
* Access the top level URL of http://sdpsweb.ebay/FIN_FCO/

* From there, select the appropriate link to query or browse the FIN and
  FCO Homepage collections.
 
SunSolve Online Access:
-----------------------
* Access the SunSolve Online URL at http://sunsolve.Corp/

* From there, select the appropriate link to browse the FIN or FCO index.

Internet Access:
----------------
* Access the top level URL of https://infoserver.Sun.COM
--------------------------------------------------------------------------
General:
--------
* Send questions or comments to finfco-manager@Sun.COM
--------------------------------------------------------------------------
Statusactive