Devices are specified by the device group name in the following ways in the VirtualFabric section:

When Security is 1 (On), LimitedMembers are not permitted to talk to other LimitedMembers. However, LimitedMembers can always talk to Members. LimitedMembers cannot join multicast groups in the vFabric.

When security is on for a vFabric, PKeys and switch hardware enforcement is used to secure the vFabric and enforce the Members and LimitedMembers rule. Security also ensures that devices in other vFabrics cannot talk to devices in the given vFabric. This security includes hardware-enforced per-packet PKey checking and enforcement by switches and end nodes.

If Security is 0 (Off), LimitedMembers are treated the same as Members. This allows the user to easily turn off Security for a vFabric without changing the rest of the definition. If Security is not specified under VirtualFabric, vFabric Security will default to 0.

Member and LimitedMember can each be specified more than once per VirtualFabric if required. If a device is in both the Members and LimitedMembersDeviceGroups subsection, it is treated as a Member. This allows All to be specified as a LimitedMember; then selected Members can be specified, ensuring the VirtualFabric includes all devices while allowing a limited set of Members.

Devices in a DeviceGroup but not found in the fabric are ignored.

By default, the FM picks an available PKey for the vFabric. When Security is off, the SM may share the same PKey among multiple vFabrics.

If required a user-selected PKey can be specified.

A PKey must be specified for applications that do not use SA PathRecord queries, including MPIs that use nonstandard mechanisms for job startup.