HP 8/20q HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabr - Page 65
Managing Fabric Security
View all HP 8/20q manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
4 Managing Fabric Security This chapter describes connection security and user account security concepts. It also describes the tasks to configure port security, device security, and RADIUS servers. Connection security Connection security provides an encrypted data path for switch management methods. The switch supports the Secure Shell (SSH) protocol for the command line interface and the Secure Socket Layer (SSL) protocol for management applications such as Enterprise Fabric Management Suite and Common Information Module (CIM). For information about enabling SSH, SSL, and CIM services, see "Managing system services" (page 97). The SSL handshake process between the workstation and the switch involves the exchanging of certificates, which contain the public and private keys that define the encryption. The switch certificate is valid for one year beginning with its creation date and time. The workstation validates the switch certificate by comparing the workstation date and time to the switch certificate creation date and time. For this reason, it is important to synchronize the workstation and switch with the same date, time, and time zone. If you do not create a certificate, the switch automatically creates one. Consider your requirements for connection security: for the command line interface (SSH), management applications such as Enterprise Fabric Management Suite (SSL), or both. If SSL connection security is required, also consider using the Network Time Protocol (NTP) to synchronize workstations and switches. User account security User account security is the process by which your user account and password are authenticated with the list of valid user accounts and passwords. The switch validates your account and password when you attempt to add a fabric using Enterprise Fabric Management Suite or log in to a switch through Telnet. Your system administrator defines accounts, passwords, and authority levels that are stored on the switch. For information about creating user accounts, see "Managing user accounts" (page 79). The Admin account has Admin authority, which grants full access to all tasks of the Enterprise Fabric Management Suite menu system. The switch validates your user account, and Enterprise Fabric Management Suite grants access to its menus. If you do not have Admin authority, you are limited to monitoring tasks. NOTE: If an administrator changes user access rights and passwords, existing Enterprise Fabric Management Suite, QuickTools, and CLI logins are not affected by the new settings. Login access and privileges are only checked for a new login request. HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabric Management Suite User Guide 65