Technical data
3-2 Fabric OS Administrator’s Guide
Publication Number: 53-0000518-09
Secure Protocols
3
Table 3-2 describes additional software or certificates that you must obtain to deploy secure protocols.
The security protocols are designed with the four main usage cases described in Table 3-3.
Table 3-2 Items Needed to Deploy Secure Protocols
Protocol Host Side Switch Side
Secure telnet (sectelnet) Sectelnet client License not required, but a switch certificate
issued by Brocade is required
SSH SSH client None
HTTPS No requirement on host
side except a browser that
supports HTTPS
Switch IP certificate for SSL
Secure File Copy (scp) SSH daemon, scp server None
SNMPv3, SNMPv1 None None
Table 3-3 Main Security Scenarios
Fabric Management
Interfaces
Comments
Nonsecure Nonsecure No special setup is need to use telnet or HTTP. A
Brocade switch certificate must be installed if
sectelnet is used.
Nonsecure Secure Secure protocols may be used. An SSL switch
certificate must be installed if SSH/HTTPS is used.
Secure Secure Secure protocols are supported on Fabric OS v4.4.0
(and later) switches. Switches running earlier Fabric
OS versions can be part of the secure fabric, but they
do not support secure management.
Secure management protocols must be configured for
each participating switch. Nonsecure protocols may
be disabled on nonparticipating switches.
If SSL is used, then certificates must be installed.
Secure Nonsecure You must use sectelnet because telnet is not allowed
in secure mode.
Nonsecure management protocols are necessary
under these circumstances:
• The fabric contains switches running
Fabric OS v3.2.0.
• The presence of software tools that do not
support Secure protocols: for example, Fabric
Manager v4.0.0.
• The fabric contains switches running Fabric OS
versions earlier than v4.4.0. Nonsecure
management is enabled by default.