HP 3PAR StoreServ 7200 2-node HP 3PAR CIM API Programming Reference (OS 3.1.2 - Page 11
Security, TCP Ports, Authentication - manual
View all HP 3PAR StoreServ 7200 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 11 highlights
2 Security CAUTION: The CIM API is not part of the evaluated Common Criteria storage system configuration and should not be used when operating in Common Criteria mode. TCP Ports The CIM-API uses dedicated TCP ports for CIM-XML communications and server location information. Two ports are specified by the DMTF and registered with IANA for CIM-XML communications between management clients and any CIM Server. The following table lists the TCP Ports for the CIM-XML communication and service location protocols: Table 2 TCP Ports for CIM-XML Communication Protocol HTTP HTTPS Service Location (SLP) TCP Port 5988 (default value) 5989 (default value) 427 Authentication Authentication verifies the identity of an entity. Management clients accessing the CIM Server are authenticated using a request/challenge mechanism using HTTP Basic authentication. When a request is received from a management client, the CIM Server challenges the client to send a user name and password encoded in the HTTP Authorization header. The user names and passwords used are the same as those used by other management interfaces and are case sensitive. NOTE: CIM does not currently support LDAP user name and password authentication; only local user names and passwords are valid. Please see the HP 3PAR Concepts Guide for more information on local versus LDAP user credentials. The CIM Server uses Open SSL to support HTTPS connections. The server supports SSLv3 and TLSv1 by default and uses the default Open SSL cipher list only. For more about OpenSSL, refer to http:// www.openssl.org/docs. NOTE: Because Basic Authentication means that client user names and passwords are sent over the wire in unencrypted form, it is recommended that the authentication is carried out either over a physically secure private network, or in conjunction with HTTPS. Authorization Authorization determines whether an entity that has already been authenticated is allowed to perform a given operation. The CIM Server allows any authenticated user to retrieve CIM class and instance information. However, to invoke methods on CIM classes or instances, you must either have an Edit , Super, Administrator, or User permission level. Refer to the HP 3PAR Concepts Guide or the HP 3PAR InForm OS CLI Administrators Manual for complete information on authorization levels. NOTE: Access to certain information concerning volumes, CPGs, etc., is controlled by the InForm OS. Therefore, if a user authenticates with the CIM API and only has access to certain domains, only those objects in those domains returned by the InForm OS. In addition, operations on those objects also be constrained at the domain level. TCP Ports 11