Abstract: A storage port receives a login request. The storage port configures an audit mode indicator as enabled in a login response to a host port to enter a security enabled mode to indicate to the host port that Input/Output (I/O) operations are to be transmitted from the host port to the storage port even if authentication or security association negotiation with the storage port cannot be completed successfully.

Abstract: In-line data packet transformations. A transformation engine obtains data to be transformed and determines a transformation to be applied to the data. The determining uses an input/output control block that includes at least one field to be used in determining the transformation to be applied. Based on determining the transformation to be applied, the transformation is performed.

Abstract: A host port is enabled for security. In response to a determination by the host port that authentication or security association negotiation with a storage port cannot be completed successfully, the host port determines whether an audit mode indicator has been enabled in a login response from the storage port. The host port preserves input/output (I/O) access to the storage port based on determining whether the audit mode indicator has been enabled in the login response from the storage port.

Abstract: Embodiments of the invention are directed to registering one or more endpoint devices to receive a notification and detecting a congestion event related to a storage area network. The storage area network includes the one or more endpoint devices. The notification is sent regarding the congestion event to the one or more endpoint devices that have been registered for the notification.

Abstract: Techniques for a virtualized fabric login server for a storage area network are described herein. An aspect includes operating a storage area network, the storage area network including a hybrid control plane. Another aspect includes managing, using a virtualized fabric login server and the hybrid control plane, the storage area network, wherein the virtualized fabric login server is disposed in a container that is hosted on an element of the storage area network.

Abstract: Techniques for a virtualized fabric name server for a storage area network are described herein. An aspect includes operating a storage area network, the storage area network including a hybrid control plane. Another aspect includes managing, using a virtualized fabric name server and the hybrid control plane, the storage area network, wherein the virtualized fabric name server is disposed in a container that is hosted on an element of the storage area network.

Abstract: Techniques for a virtualized fabric management server for a storage area network are described herein. An aspect includes operating a storage area network, the storage area network including a hybrid control plane. Another aspect includes managing, using a virtualized fabric management server and the hybrid control plane, the storage area network, wherein the virtualized fabric management server is disposed in a container that is hosted on an element of the storage area network.

Abstract: A storage port receives a login request. The storage port configures an audit mode indicator as enabled in a login response to a host port to enter a security enabled mode to indicate to the host port that Input/Output (I/O) operations are to be transmitted from the host port to the storage port even if authentication or security association negotiation with the storage port cannot be completed successfully.

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.

Abstract: A method for dynamically allocating buffer credits between a system and a storage area network (SAN). The method includes one or more computer processors determining a forecast of a change related to a pattern of network traffic that originates from a computing system that links to a storage area network (SAN) via a network connection. The method further includes determining whether the forecast change related to the pattern of network traffic dictates a change to a buffer credit allocation associated with the network connection. The method further includes responding to determining that the forecast change related to the pattern of network traffic dictates the buffer credit allocation change by determining a value for the buffer credit allocation associated with the change. The method further includes transmitting a request to a switch of the SAN to modify a buffer credit allocation value corresponding to a port of the switch linked to the network connection.

Abstract: A method for dynamically allocating buffer credits between a system and a storage area network (SAN). The method includes one or more computer processors determining a forecast of a change related to a pattern of network traffic that originates from a computing system that links to a storage area network (SAN) via a network connection. The method further includes determining whether the forecast change related to the pattern of network traffic dictates a change to a buffer credit allocation associated with the network connection. The method further includes responding to determining that the forecast change related to the pattern of network traffic dictates the buffer credit allocation change by determining a value for the buffer credit allocation associated with the change. The method further includes transmitting a request to a switch of the SAN to modify a buffer credit allocation value corresponding to a port of the switch linked to the network connection.

Abstract: In response to receiving a login request message with a security indicator enabled for security, a storage port establishes a security association by transmitting a response indicating a login accept with the security indicator enabled for security. In response to establishing the security association, the storage port modifies a protocol behavior for transmitting and receiving information units.

Abstract: Embodiments include simulating a design under test on an electronic device. Aspects include running a test program on the design under test and capturing inputs into the design under test. Aspects also include storing the inputs into the design under test in a storage device. Responsive to determining that an event has occurred during execution of the test program, aspects include halting the test program on the design under test. Aspects further include enabling a user via a user interface to determine a cause of the event by performing a simulation of the design under test using the inputs stored in the storage device.

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

Abstract: Aspects of the invention include channel key loading of a host bus adapter (HBA) based on a secure key exchange (SKE) authentication response by a responder node of a computing environment. A non-limiting example computer-implemented method includes receiving an authentication response message at an initiator channel on an initiator node from a responder channel on a responder node to establish a secure communication, the receiving at a local key manager (LKM) executing on the initiator node. A state check can be performed based on a security association of the initiator node and the responder node. An identifier of a selected encryption algorithm can be extracted from the authentication response message. The initiator channel can request to communicate with the responder channel based at least in part on a successful state check and the selected encryption algorithm.

Abstract: Aspects include obtaining, by a sending system, a measured receive optical power level of an optical signal that was received at a receiving system coupled to the sending system via an optical network. The optical signal was sent via an optical transmitter of the sending system to an optical receiver of the receiving system. An optimal receive optical power level of the optical receiver of the receiving system is determined by the sending system. The sending system adjusts an output optical power level of the optical transmitter in response to determining that the measured receive optical power level is not within a threshold of the optimal receive optical power level. The adjusting is performed without decoupling the sending system from the receiving system.

Abstract: Embodiments include methods, systems, and computer program products for routing mode selection in a switched fabric network. A fabric login request including a fabric login payload is received at a network device to establish communication parameters with a switched fabric network. The network device can determine whether the fabric login payload includes an extension for routing policy support and whether a current routing policy of the network device is compatible with a routing mode defined in the fabric login payload based on the extension for routing policy support. The fabric login request can be rejected based on determining that the current routing policy of the network device is incompatible with the routing mode defined in the fabric login payload. The fabric login request is completed based on determining that the current routing policy of the network device is compatible with the routing mode defined in the fabric login payload.

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.

Abstract: Embodiments include methods, systems, and computer program products for routing mode selection in a switched fabric network. A fabric login request including a fabric login payload is received at a network device to establish communication parameters with a switched fabric network. The network device can determine whether the fabric login payload includes an extension for routing policy support and whether a current routing policy of the network device is compatible with a routing mode defined in the fabric login payload based on the extension for routing policy support. The fabric login request can be rejected based on determining that the current routing policy of the network device is incompatible with the routing mode defined in the fabric login payload. The fabric login request is completed based on determining that the current routing policy of the network device is compatible with the routing mode defined in the fabric login payload.

Abstract: Embodiments include methods, systems, and computer program products for routing mode support in a switched fabric network. A fabric login payload is built at a device to establish a plurality of communication parameters with a switched fabric network. A routing mode capability of the device is determined. One or more routing support bits are configured in the fabric login payload based on the routing mode capability of the device. The fabric login payload is sent to the switched fabric network to establish communication between the device and a network device of the switched fabric network.