Manualshelf

HP StorageWorks Fabric OS 5.X Administrator Guide (AA-RVHWB-TE, September 2005)

ManualsBrandsHP ManualsStorageHP A7535A 4GB SAN Switch
31323334353637383940
Fabric OS 5.x administrator guide 39
3 Configuring standard security features
This chapter provides information and procedures for configuring standard Fabric OS security features
such as account and password management.
Additional security features are available when secure mode is enabled. For information about licensed
security features available in Secure Fabric OS, see the HP StorageWorks Secure Fabric OS administrator
guide.
Secure protocols
Fabric OS supports the secure protocols shown in Table 4.
,
SNMP is a standard method for monitoring and managing network devices. Using SNMP components,
you can program tools to view, browse, and manipulate HP StorageWorks switch variables and set up
enterprise-level management processes.
Every HP StorageWorks switch carries an SNMP agent and Management Information Base (MIB). The
agent accesses MIB information about a device and makes it available to a network manager station. You
can manipulate information of your choice by trapping MIB elements using the Fabric OS CLI, Advanced
Web Tools, or Fabric Manager.
The SNMP Access Control List (ACL) provides a way for you to restrict SNMP get and set operations to
certain hosts and IP addresses. This is used for enhanced management security in the SAN.
For details on HP StorageWorks MIB files, naming conventions, loading instructions, and information
about using the HP SNMP agent, see the HP StorageWorks Fabric OS 5.x MIB reference guide.
Table 5 describes additional software or certificates that you must obtain to deploy secure protocols.
The security protocols are designed with the four main usage cases described in Table 6.
Table 4 Secure protocol support
Protocol Description
Secure Sockets Layer (SSL) Supports SSLv3, 128-bit encryption by default. Fabric OS uses SSL to support
HTTPS. A certificate must be generated and installed on each switch to enable
SSL.
HTTPS Advanced Web Tools supports the use of HTTPS.
Secure File Copy (scp) Configuration upload and download support the use of scp.
SNMPv3 SNMPv1 is also supported.
Table 5 Items needed to deploy secure protocols
Protocol Host side Switch side
Secure telnet (sectelnet) Sectelnet client License not required, but a switch certificate
issued by HP is required
Secure Shell (SSH) SSH client None
HTTPS No requirement on host
side except a browser that
supports HTTPS
Switch IP certificate for SSL
Secure File Copy (scp) SSH daemon, scp server None
SNMPv3, SNMPv1 None None