HP StorageWorks 2/32 Brocade Secure Fabric OS Administrator's Guide (53-100024 - Page 19
Switch-to-Switch Authentication, Using PKI
View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
1 sectelnet The sectelnet client is a secure form of telnet that encrypts passwords only. It is available from your switch supplier. Fabric OS v4.4.0, v5.0.1, v5.1.0, and v5.2.0 include the sectelnet server; the sectelnet client must be installed on the workstation computer. The sectelnet client can be used as soon as a digital certificate is installed on the switch. sectelnet access is configurable by the Telnet policy. Telnet Standard telnet is not available when secure mode is enabled. To remove all telnet access to the fabric, disable telnet through the telnetd option of the configure command. This configure option does not require disabling the switch. For more information about the configure command, see the Fabric OS Command Reference Manual. Switch-to-Switch Authentication Switch-to-switch authentication supports the following: • "Using PKI" on page 1-3 • "Using DH-CHAP" on page 1-4 on Note A secure edge fabric that is connected to a Fibre Channel router (such as the SilkWorm 7500) can use only DH-CHAP authentication. Using PKI Secure Fabric OS can use digital certificates based on public key infrastructure (PKI) and switch WWNs and the SLAP or FCAP protocols to identify the authorized switches and prevent the addition of unauthorized switches to the fabric. A PKI certificate installation utility (PKICert) is provided for generating certificate signing requests (CSRs) and installing digital certificates on switches. For information about how to use the PKICert utility, see "Using the PKICert Utility to Obtain CSR" on page 2-8. Support for FCAP is provided in Secure Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 and is used instead of SLAP when both switches support it. PKI authentication automatically uses SLAP when a switch does not support FCAP. Note Fabric OS v4.4.0, v5.0.1, v5.1.0, and v5.2.0 also use PKI digital certificates. Secure Fabric OS and secure sockets layer (SSL) use different digital certificates and different methods of obtaining and installing the certificates. PKI digital certificates are used for the secure fabric, and SSL digital certificates are not. The methods described in this manual are specific to Secure Fabric OS. See the Fabric OS Administrator's Guide for information about SSL and digital certificates. Secure Fabric OS Administrator's Guide 1-3 Publication Number 53-1000244-01