Manualshelf

HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 2009)

ManualsBrandsHP ManualsStorageHP 8/80 Base (48) Full Fabric Ports Enabled SAN Switch
101102103104105106107108109110
Fabric OS 6.2 administrator guide 99
3 Configuring standard security features
This chapter provides information and procedures for configuring standard Fabric OS security features such
as protocol and certificate management.
IMPORTANT: Secure Fabric OS is no longer supported in Fabric OS 6.x. However, all features of Secure
Fabric OS are included in the base Fabric OS 6.x.
Security Protocols
Security protocols provide endpoint authentication and communications privacy using cryptography.
Typically, you are authenticated to the switch while the switch remains unauthenticated to you. This means
that you can be sure with you are communicating with. The next level of security, in which both ends of the
conversation are sure with whom they are communicating, is known as two-factor authentication.
Two-factor authentication requires public key infrastructure (PKI) deployment to clients.
Fabric OS supports the secure protocols shown in Table 16.
Table 16 Secure protocol support
Protocol Description
HTTPS A Uniform Resource Identifier scheme used to indicate a secure HTTP
connection. Web Tools supports the use of hypertext transfer protocol over
secure socket layer (HTTPS).
LDAPS Lightweight Directory Access Protocol (LDAP) over SSL uses a certificate
authority (CA). By default, LDAP traffic is transmitted unsecured. You can
make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL)
/ Transport Layer Security (TLS) technology in conjunction with LDAP.
SCP Secure Copy (SCP) is a means of securely transferring computer files between
a local and a remote host or between two remote hosts, using the Secure
Shell (SSH) protocol. Configuration upload and download support the use of
SCP.
SNMP Supports SNMPv1, 2, and 3. SNMP is used in network management systems
to monitor network-attached devices for conditions that warrant
administrative attention.
SSH A network protocol that allows data to be exchanged over a secure channel
between two computers. Encryption provides confidentiality and integrity of
data. SSH uses public-key cryptography to authenticate the remote computer
and allow the remote computer to authenticate the user, if necessary.
SSL Supports SSLv3, 128-bit encryption by default. Fabric OS uses secure socket
layer (SSL) to support HTTPS. A certificate must be generated and installed on
each switch to enable SSL.