HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 2009)

ManualsBrandsHP ManualsStorageHP 8/80 Base (48) Full Fabric Ports Enabled SAN Switch

101

102

103

104

105

106

107

108

109

110

100 Configuring standard security features

Table 17 describes additional software or certificates that you must obtain to deploy secure protocols.

The security protocols are designed with the four main use cases described in Table 18.

Secure file copy

You can use the configure command to specify that secure file copy (SCP) is used for configuration

uploads and downloads.

Setting up SCP for configUploads and downloads

1. Log in to the switch as admin.

2. Enter the configure command.

3. Enter y or yes at the cfgload attributes prompt.

4. Enter y or yes at the Enforce secure configUpload/Download prompt.

Table 17 Items needed to deploy secure protocols

Protocol Host side Switch side

SSHv2 Secure shell client None

HTTPS No requirement on host

side except a browser that

supports HTTPS

Switch IP certificate for SSL

SCP SSH daemon, scp server None

SNMPv1, SNMPv2,

SNMPv3

None None

Table 18 Main security scenarios

Fabric Management

interfaces

Comments

Nonsecure Nonsecure No special setup is needed to use Telnet or HTTP.

Nonsecure Secure Secure protocols may be used. An SSL switch certificate must be

installed if HTTPS is used.

Secure Secure Switches running earlier Fabric OS versions can be part of the

secure fabric, but they do not support secure management.

Secure management protocols must be configured for each

participating switch. Nonsecure protocols may be disabled on

nonparticipating switches.

If SSL is used, certificates must be installed. For more

information on installing certificates, see ”Installing a switch

certificate” on page 110.

Secure Nonsecure You must use SSH because Telnet is not allowed with some

features.

Nonsecure management protocols are necessary under these

circumstances:

• The fabric contains switches running Fabric OS 3.2.0.

• There are software tools that do not support secure

protocols, for example, Fabric Manager 4.0.0.

• The fabric contains switches running Fabric OS versions

earlier than 4.4.0. Nonsecure management is enabled by

default.