Manualshelf

HP StorageWorks Secure Fabric OS 5.0.0 User Guide (AA-RW1UA-TE, May 2005)

ManualsBrandsHP ManualsStorageBrocade BladeSystem 4/24 SAN Switch
11121314151617181920
Introducing Secure Fabric OS12
Access through a channel can be restricted by customizing the Secure Fabric OS policy for
that channel. Secure Fabric OS policies are available for telnet (includes sectelnet and Secure
Shell), SNMP, management server, HTTP, and API.
Fabric Manager, Web Tools, and API all use both HTTP and API to access the switch. To use
any of these management tools to access a fabric that has secure mode enabled, ensure that
the workstation computers can access the fabric by both API and HTTP. If an API or HTTP
policy has been created, it must include the IP addresses of all the workstation computers.
After a digital certificate has been installed on the switch, Fabric OS v3.2.0 and v4.4.x
encrypt sectelnet, API, and HTTP passwords automatically, regardless of whether Secure
Fabric OS is enabled.
NOTE: The Telnet button in Advanced Web Tools can be used to launch telnet only (not
sectelnet or Secure Shell) and is disabled when secure mode is enabled.
On two-domain directors, messages (such as notifications of password changes) that are sent
to the whole secure fabric are seen on both domains, even if the other domain is not part of
the secure fabric.
Secure shell (SSH)
Fabric OS v4.4.x supports SSH, enabling fully encrypted telnet sessions. Use of SSH requires
installation of a SSH client on the host computer; use of SSH does not require a digital
certificate on the switch.
Secure Shell access is configurable by the Telnet Policy that is available through Secure Fabric
OS. However, Fabric OS v4.4.x supports Secure Shell whether or not Secure Fabric OS is
licensed.
To restrict CLI access to Secure Shell over the network, disable telnet as described in ”Telnet
later in this section.
Secure Shell clients are available in the public domain and can be located by searching the
Internet. Use clients that support version 2 of the protocol, such as OpenSSH or F-Secure.
Fabric OS v4.4.x also supports the following ciphers for session encryption and HMACs
(hash function-based message authentication codes):
Ciphers: AES128-CBC, 3DES-CBC, Blowfish-CBC, Cast128-CBC, and RC4
HMACs: HMAC-MD5, HMAC-SHA1, HMAC-SHA1-96, and HMACMD5-96