Manualshelf

HP 3PAR InForm OS Common Criteria Administrator's Reference (QL226-96586, October 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP 3PAR InForm T400/4x300GB 15K SAS Magazine E-LTU
11121314151617181920
13 Operating in Common Criteria Mode
Port Type Use
Status in
CC mode
Status in
non-CC
mode
5780 TCP Legacy guisrv port no longer used
Visible but
closed
Visible but
closed
5781 TCP
Port on which the Service Processor listens for HP
3PAR Storage System events
Not visible
(firewalled at
installation)
Active
5782 TCP Unsecured CLI/IMC port
Not visible
(firewalled at
installation)
Active
5783 TCP Secured (SSL) CLI/IMC port Active Active
5988 TCP Unsecured (HTTP) CIM server port
Visible but
closed
Visible/Active
if enabled
5989 TCP Secured (HTTPS) CIM server port
Visible but
closed
Visible/Active
if enabled
Ports that are “visible but closed” result in a failure to connect if a connection attempt is
made to them. Ports that are “not visible” will not respond if a packet is sent to them (i.e.,
the packets are thrown away) and the connection attempt will time out. Ports marked
“visible but unresponsive” will supply a udp-response packet but no service is supplied on
the ports.
All connections on the exposed ports in the evaluated configuration (SSH, CLI, IMC) are
performed using the cipher suites listed below.
AES-128-CBC, AES-192-CBC and AES-256-CBC
AES-128-CTR, AES-192-CTR and AES-256-CTR
Clients that were able to securely connect to a prior InForm OS release may no longer be
able to securely connect. Prior to 3.1.1 MU1, clients could securely connect using the
weaker DES cipher. Since this cipher is no longer accepted, those clients will be unable to
connect unless they are updated to a 3.1.1 MU1 version.
See sectionsConfiguration Steps for CC Operationand Confirming the System
Configurationfor more details.
Host Identity and Authentication
There are four ways that a volume can be exported (i.e., made accessible) to one or more
hosts: Host Sees, Host Set, Port Presents, and Matched Set. Hosts are identified by FC
WWN/ iSCSI name and IP address. However, because Port Presents makes VLUNs
available to any host that connects through that port (via node:slot:port), its use is not
advised to export VLUNs to prevent the possibility of a host gaining access to a volume
that it should not.