Manualshelf

HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)

ManualsBrandsHP ManualsStorageHP DC04 SAN Director Switch
81828384858687888990
Fabric OS 6.x administrator guide 87
Port configuration
The following Table provides information on ports that the switch uses. When configuring the switch for
various policies, take into consideration firewalls and other devices that may sit between switches in the
fabric and your network or between the managers and the switch.
Configuring for the SSL protocol
Fabric OS 4.4.0 and later supports secure sockets layer (SSL) protocol, which provides secure access to a
fabric through Web-based management tools like Web Tools. SSL support is a standard Fabric OS feature.
Switches configured for SSL grant access to management tools through hypertext transfer protocol-secure
links (which begin with https://) instead of standard links (which begin with http://).
SSL uses Public Key Infrastructure (PKI) encryption to protect data transferred over SSL connections. PKI is
based on digital certificates obtained from an Internet Certificate Authority (CA), which acts as the trusted
key agent.
Certificates are based on the switch IP address or fully qualified domain name (FQDN), depending on the
issuing CA. If you change a switch IP address or FQDN after activating an associated certificate, you may
have to obtain and install a new certificate. Check with the CA to verify this possibility, and plan these
types of changes accordingly.
Browser and Java support
Fabric OS supports the following Web browsers for SSL connections:
Internet Explorer (Microsoft Windows)
Mozilla (Solaris and Red Hat Linux)
In countries that allow the use of 128-bit encryption, you should use the latest version of your browser. For
example, Internet Explorer 6.0 and later supports 128-bit encryption by default. You can display the
encryption support (called “cipher strength”) using the Internet Explorer Help:About menu option. If you
are running an earlier version of Internet Explorer, you may be able to download an encryption patch from
the Microsoft website at http://www.microsoft.com
.
You should upgrade to the Java 1.5.0_06 Plug-in on your management workstation. To find the Java
version that is currently running, open the Java console and look at the first line of the window.
For more details on levels of browser and Java support, see the Web Tools Administrator’s Guide.
Port Type Common use Comment
22 TCP SSH
23 TCP Telnet Use the ipfilter command to block the port.
123 TC P N T P
80 TCP HTTP Use the ipfilter command to block the port.
111 TCP sunrpc This port is used by Platform API. Use the ipfilter
command to block the port.
161 UDP SNMP Disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port.
443 TCP HTTPS Use the ipfilter command to block the port.
512 TC P e x e c
513 TC P l o g i n
514 TC P s h e l l
897 TCP This port is used by the Platform API. Disable this port using
the configure command.