Manualshelf

FW 07.01.02/HAFM SW 08.06.00 HP StorageWorks HA-Fabric Manager Release Notes (AA-RUR6G-TE, August 2005)

ManualsBrandsHP ManualsStorageHP StorageWorks Director 2/64
11121314151617181920
This prevents snooping of Ethernet connection to capture user login and
authentication secret information.
RADIUS Server SupportThisprovidessupportforIETFRADIUS(Remote
Authentication Dial In User Service) protocol for password authentication.
Firmware 0 7.01.02–4 allows users to congure settings for using a R ADIUS
server. RADIUS provides centralized authentication ser vices for multiple devices
on a network. This means that several switches ca n be congured to use a
single R A DIUS server.
Prompted Change of EWS and CLI Passwords from Default—This prompts users
to modify the p assword settings for both the CLI and EWS interfaces the rst time
they log in using either of these interfaces.
RBAC Phase I: Enhanced User Rights Con guration—RBAC is role based access
control. This is the rst phase of more comprehensive role-based access control
planned for the C LI and EWS interfaces. Multiple users can now be congured
for EWS or CLI, or both, through either interface. This allows users to congure
additional user name/password combinations.
SSH for CLI—Secure Shell (SSH) provides an encrypted connection, as an
alternative to Telnet, to secure CLI access to sw itches and directors.
Enhanced Maintenance Port Sec urity—This allows users to enable enhanced
authorization on the maintenance port, which is the switch or director RS-232
connection. Enhanced Authorization mode enforces stronger security policies,
requiring users to change the well-known password to a case- sensitive private
password the rst time they use the maintenance port. Subsequent access by
service personnel will require log in through the private customer-level access.
Security Lo gTheSecurityLogisanewlogavailableinEWS,CLI,andHAFM
that records various events concerning integrity of a switch. This includes
authorization or authentication problem detection, and approved and invalid
access attempts. Each log entry provides an event number or reason, a date/time
stamp, a trigger level (a type of security event severity), an event count, and a
category and data pertaining to the specic event. The log wraps at 200 entries.
This log provides customers with details to track down attempted security threats
and identify the source of problems that might jeopardize the switch integrity.
IP Access Control List—This allows users to establish a list of IP addresses from
which the switch is allowed to accept connections. This prevents users who
have access to the Ethernet LAN from attempting to access the Fibre Channel
switches. Connection attempts from unauthorized IP addresses are ignored by
the switch, making it appear that no device is connected. This is primarily
intended for environments that are not on a p rivate, inaccessible subnet, such as
when installed in most cabinet congurations with a dual-NIC HAFM appliance
Processor.
HA-Fabric Manager release notes
15