Deployment Guide
Secure protocol support (Continued)TABLE 28
Protocol Description
SSH Secure Shell (SSH) is a network protocol that allows data to be exchanged over a secure channel
between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key
cryptography to authenticate the remote computer and allow the remote computer to authenticate the
user, if necessary.
SSL Fabric OS uses Secure Socket Layer (SSL) to support HTTPS. A certificate must be generated and
installed on each switch to enable SSL. Supports SSLv3, 128-bit encryption by default. Also supports
TLSv1.0 and TLSv1.2.
Table 29 describes additional software or certificates that you must obtain to deploy secure protocols.
Items needed to deploy secure protocols TABLE 29
Protocol Host side Switch side
SSHv2 Secure shell client None
HTTPS No requirement on host side except a browser that supports HTTPS Switch IP certificate for SSL
SCP SSH daemon, SCP server None
SNMPv3 None None
The security protocols are designed with the four main use cases described in Table 30 .
Main security scenarios TABLE 30
Fabric Management
interfaces
Comments
Nonsecure Nonsecure No special setup is needed to use Telnet or HTTP.
Nonsecure Secure Secure protocols may be used. An SSL switch certificate must be installed if
HTTPS is used.
Secure Secure Switches running earlier Fabric OS versions can be part of the secure fabric,
but they do not support secure management.
Secure management protocols must be configured for each participating
switch. Nonsecure protocols may be disabled on nonparticipating switches.
If SSL is used, then certificates must be installed. For more information on
installing certificates, refer to Installing a switch certificate on page 181.
Secure Nonsecure You must use SSH because Telnet is not allowed with some features.
Configuring Protocols
174 Fabric OS Administrators Guide
53-1003130-01