Disable the USB Drive on the Management Module

Some data centers have strict security requirements—for example, they prohibit any device that can be used to remove data from the premises, such as a USB thumbstick. The Management Module has a USB drive which is useful primarily for recovering the system in the very rare case of a system crash.

Because the USB drive does allow data to be copied off of the Fabric Interconnect to a removable device, it might not comply with the strict data center security requirements. As a result, in XgOS 3.6.0 and later, the USB drive is disabled by default. For new shipments from the factory, the USB is inactive, but some existing Fabric Interconnects that are already deployed might still have the USB active. The USB can be disabled through a software procedure.

Some notes about disabling the USB drive:

• Upgrading to Oracle XgOS 3.6.0 or later from a previous version of software does not cause the USB to be deactivated. You must explicitly disable the USB drive by using the procedure in this section.

• The procedure for disabling the USB drive is relevant to both models of Oracle Fabric Interconnect.

• Disabling the USB device requires entering the Fabric Interconnect BIOS, which might or might not have additional layers of security depending on your department's policies. The procedure in this section assumes that no BIOS security is present. If you have set up BIOS security, make sure to comply with your department's security policies after completing this procedure—for example, reset the BIOS password.

• To enter the Fabric Interconnect's BIOS, you will need the following:

  • Interrupt the Fabric Interconnect's boot up sequence in a timely manner. You have approximately 5 seconds after the Fabric Interconnect starts booting.

    If you are watching the console, you will see the BIOS prompt. When you see the prompt, follow the key sequence. If you do not enter the BIOS in a timely manner, you can power off the Fabric Interconnect (for example, remove the power cables) and try again.

  • A remote terminal connection (for example, hyperterminal) that uses ANSI encoding. By default, when you connect to the Serial 1 port (SER-1) on the Management Module, the terminal session requires VT100 encoding. However, the BIOS is a special case. In order to enter the Fabric Interconnect BIOS, the terminal connection must be set to ANSI encoding.

1. Connect to the SER-1 port on the Management Module. See Removing the Fabric Interconnect F1-15 Management Module for the location of the SER-1 port.
2. Using a terminal server or other connection appliance that is set to ANSI encoding, open up a terminal window.
3. Power on the Fabric Interconnect, and watch the terminal window for a message that gives you the option of entering the system BIOS.
4. When prompted with the option of entering BIOS, enter the BIOS by pressing the key sequence indicated in the prompt (which is typically F4 for ANSI terminal connections). Do this in a timely manner.
5. In the BIOS's menu-driven interface, select Advanced Æ USB Configuration Æ Disable USB Function.
6. When the USB device is disabled, press Esc to return to the top level menu system in the BIOS.
7. Using the right arrow key, scroll over to the Exit menu, and select Save Changes and Exit. When prompted to save changes, press Enter (for “Yes”) to save and quit.
8. When you press Enter, the USB devices are deactivated and you exit the BIOS. The Fabric Interconnect will automatically reboot. Do not interrupt this reboot.

   When the reboot is complete, the USB drive on the Management Module is no longer active.

9. Disconnect the cable from the SER-1 port, close the terminal window, and restore any security that is required by your department's policies.

   ---

   Note -  If the USB device is not active and you need to activate it, you can use this procedure and select Enable USB Function to re-enable the USB drive.

   ---