HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 411

B-series Fabric OS security, Hardware requirements, Supported security components, Resource protection

Get HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays PDF manuals and user guides View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 411 highlights

Hardware requirements You can use either the Encryption SAN Switch or the Encryption FC Blade for data encryption as part of the B-series Encryption Switch security platform. Supported security components B-series Encryption Switch security platform supports the following software components: • Encryption • Frame filtering • Advanced Zoning • WebTools • Enhanced Group Management The B-series Encryption Switch security platform supports the following optional software components: • Encryption SAN Switch Power Pack+ Software Bundle (optional) • Adaptive Networking • Fabric Watch • Advanced Performance Monitor • Extended Fabrics • ISL Trunking • Integrated Routing • Data Center Fabric Manager Enterprise B-series Fabric OS security This section describes the B-series Fabric OS security features for resource protection, data protection, and security validation. Resource protection This section describes the B-series Fabric OS resource protection features. User management Fabric OS provides two options for authenticating users: • Remote RADIUS services-Users are managed by a remote RADIUS server. All switches in the fabric can be configured to authenticate against this centralized database. • Local user database-Users are managed by a local database, which is synchronized manually using the distribute command. This command pushes a copy of the switch's database to all other Fabric OS 5.3.0 (or later) switches in the fabric. Fabric OS uses RBAC to determine which commands are supported for each user. Secure Shell Fabric OS supports SSH encrypted sessions to ensure security. SSH encrypts all messages, including client transmission of passwords during login. SSH includes a daemon (sshd), which runs on the switch and supports many encryption algorithms, such as Blowfish-CBC and AES. Commands that require a secure login channel must be issued from an original SSH session. Nested SSH sessions will reject commands that require a secure channel. SAN Design Reference Guide 411

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
Hardware requirements
You can use either the Encryption SAN Switch or the Encryption FC Blade for data encryption as part
of the B-series Encryption Switch security platform.
Supported security components
B-series Encryption Switch security platform supports the following software components:
Encryption
Frame filtering
Advanced Zoning
WebTools
Enhanced Group Management
The B-series Encryption Switch security platform supports the following optional software components:
Encryption SAN Switch Power Pack+ Software Bundle (optional)
Adaptive Networking
Fabric Watch
Advanced Performance Monitor
Extended Fabrics
ISL Trunking
Integrated Routing
Data Center Fabric Manager Enterprise
B-series Fabric OS security
This section describes the B-series Fabric OS security features for resource protection, data protection,
and security validation.
Resource protection
This section describes the B-series Fabric OS resource protection features.
User management
Fabric OS provides two options for authenticating users:
Remote RADIUS services
Users are managed by a remote RADIUS server. All switches in the
fabric can be configured to authenticate against this centralized database.
Local user database
Users are managed by a local database, which is synchronized manually
using the
distribute
command. This command pushes a copy of the switch's database to all
other Fabric OS 5.3.0 (or later) switches in the fabric.
Fabric OS uses RBAC to determine which commands are supported for each user.
Secure Shell
Fabric OS supports SSH encrypted sessions to ensure security. SSH encrypts all messages, including
client transmission of passwords during login. SSH includes a daemon (
sshd
), which runs on the
switch and supports many encryption algorithms, such as Blowfish-CBC and AES.
Commands that require a secure login channel must be issued from an original SSH session. Nested
SSH sessions will reject commands that require a secure channel.
SAN Design Reference Guide
411