HP StorageWorks 2/16V HP StorageWorks Fabric OS 5.X Procedures User Guide (AA- - Page 40
Table 6 Main security scenarios, Ensuring network security, Fabric OS 3.2.0.
View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 40 highlights
Table 6 Main security scenarios Fabric Management interfaces Nonsecure Nonsecure Nonsecure Secure Secure Secure Secure Nonsecure Comments No special setup is need to use telnet or HTTP. An HP switch certificate must be installed if sectelnet is used. Secure protocols may be used. An SSL switch certificate must be installed if SSH/HTTPS is used. Secure protocols are supported on Fabric OS 4.4.0 (and later) switches. Switches running earlier Fabric OS versions can be part of the secure fabric, but they do not support secure management. Secure management protocols must be configured for each participating switch. Nonsecure protocols may be disabled on nonparticipating switches. If SSL is used, certificates must be installed. You must use sectelnet because telnet is not allowed in secure mode. Nonsecure management protocols are necessary under these circumstances: • The fabric contains switches running Fabric OS 3.2.0. • The presence of software tools that do not support Secure protocols: for example, Fabric Manager 4.0.0. • The fabric contains switches running Fabric OS versions earlier than 4.4.0. Nonsecure management is enabled by default. Ensuring network security To ensure security, Fabric OS supports SSH encrypted sessions. SSH encrypts all messages, including the client's transmission of password during login. The SSH package contains a daemon (sshd), which runs on the switch. The daemon supports a wide variety of encryption algorithms, such as Blowfish-CBC and AES. NOTE: To maintain a secure network, avoid using telnet or any other unprotected application when you are working on the switch. For example, if you use telnet to connect to a machine, and then start an SSH or secure telnet session from that machine to the switch, the communication to the switch is in clear text and, therefore, is not secure. Nor is the FTP protocol secure. When you use FTP to copy files to or from the switch, the contents are in clear text. When you use FTP to copy files to or from the switch, the contents, including the remote FTP server's login and password, are in clear text. This limitation affects the following commands: saveCore, configUpload, configDownload, and firmwareDownload. 40 Configuring standard security features