Manualshelf

.Part 5 Storage Security Best Practices and Support Information HP SAN Design Reference Guide 785355-001

ManualsBrandsHP ManualsStorageHP B-Series Remote Replication Solutions
11121314151617181920
In the default configuration, FCAP authentication is tried first, then DHCHAP authentication.
Each switch can be configured to negotiate one or both types.
The Authentication policy is designed to accommodate mixed fabric environments that include
switches running Fabric OS 5.3.0 (and earlier).
When the Authorization policy is activated, you cannot implement a B-series Secure Fabric
OS environment.
E_Port Authentication
The E_Port Authentication policy allows you to configure DHCHAP authentication on the switch.
By default, the policy is set to PASSIVE.
Device Authentication policy
The Device Authentication policy is specific to HBAs. Fabric-wide distribution of the Device
Authentication policy is not supported because:
You must set the HBA and switch shared secrets manually.
Most HBAs do not support the defined DH groups used in DHCHAP.
NOTE: By default, the switches are set to OFF, causing the security bit to be cleared during fabric
login.
Zones
For detailed information about B-series switch zoning, see “Zoning guidelines for B-series Fibre
Channel switches (page 121).
B-series IP SAN
B-series IPsec uses cryptographic security to ensure private, secure communications over IP networks.
Consider the following when using IPsec with B-series switches:
IPsec is disabled by default when creating FCIP tunnels.
IPsec provides greater security with tunneling on the B-series MP Router Blade or MP Router.
IPsec does not require that you configure security for each application that uses TCP/IP. When
configuring IPsec, you must ensure that either an MP Router Blade or MP Router is at each
end of the FCIP tunnel.
IPsec supports FCIP tunnels with or without IP compression, FCIP fastwrite, or tape pipelining.
B-series iSCSI Blade
B-series iSCSI Blade supports CHAP authentication for iSCSI initiator authentication.
Security validation
B-series Fabric OS supports a logging mechanism that captures and tracks events that are vital to
security validation.
Key management
HP StorageWorks Secure Key Manager for HP LT04 tape libraries is part of the Secure Advantage
solution.
Secure Key Manager features include:
HP storage security solutions 381