Manualshelf

HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsComputer AccessoriesHP 8/40 SAN Switch 8-port Upgrade E-LTU
81828384858687888990
Fabric OS 5.3.0 administrator guide 89
4 Configuring standard security features
This chapter provides information and procedures for configuring standard Fabric OS security features such
as account and password management.
Additional security features are available when secure mode is enabled. For information about licensed
security features available in Secure Fabric OS, refer to the Secure Fabric OS administrator’s guide.
Secure protocols
Fabric OS supports the secure protocols shown in Table 16.
,
Simple Network Management Protocol (SNMP) is a standard method for monitoring and managing
network devices. Using SNMP components, you can program tools to view, browse, and manipulate switch
variables and set up enterprise-level management processes.
Every HP switch carries an SNMP agent and management information b ase (MIB). The agent accesses
MIB information about a device and makes it available to a network manager station. You can manipulate
information of your choice by
trapping
MIB elements using the Fabric OS CLI, Web Tools, or Fabric
Manager.
The SNMP Access Control List (ACL) provides a way for the administrator to restrict SNMP get/set
operations to certain hosts/IP addresses. This is used for enhanced management security in the storage
area network.
For details on MIB files, naming conventions, loading instructions, and information about using the SNMP
agent, refer to the Fabric OS MIB reference manual.
Table 17 describes additional software or certificates that you must obtain to deploy secure protocols.
Table 16 Secure protocol support
Protocol Description
SSL Supports SSLv3, 128-bit encryption by default. Fabric OS uses SSL to
support HTTPS. A certificate must be generated and installed on each
switch to enable SSL.
HTTPS Web Tools supports the use of HTTPS.
Secure File Copy (scp) Configuration upload and download support the use of scp.
SNMPv3 SNMPv1 is also supported.
Table 17 Items needed to deploy secure protocols
Protocol Host side Switch side
Secure telnet
(sectelnet)
Sectelnet client License not required, but a switch
certificate issued by HP is required
SSH SSH client None
HTTPS No requirement on host
side except a browser
that supports HTTPS
Switch IP certificate for SSL
Secure File Copy (scp) SSH daemon, scp
server
None
SNMPv3, SNMPv1 None None