HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 411
B-series Fabric OS security, Hardware requirements, Supported security components, Resource protection
View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 411 highlights
Hardware requirements You can use either the Encryption SAN Switch or the Encryption FC Blade for data encryption as part of the B-series Encryption Switch security platform. Supported security components B-series Encryption Switch security platform supports the following software components: • Encryption • Frame filtering • Advanced Zoning • WebTools • Enhanced Group Management The B-series Encryption Switch security platform supports the following optional software components: • Encryption SAN Switch Power Pack+ Software Bundle (optional) • Adaptive Networking • Fabric Watch • Advanced Performance Monitor • Extended Fabrics • ISL Trunking • Integrated Routing • Data Center Fabric Manager Enterprise B-series Fabric OS security This section describes the B-series Fabric OS security features for resource protection, data protection, and security validation. Resource protection This section describes the B-series Fabric OS resource protection features. User management Fabric OS provides two options for authenticating users: • Remote RADIUS services-Users are managed by a remote RADIUS server. All switches in the fabric can be configured to authenticate against this centralized database. • Local user database-Users are managed by a local database, which is synchronized manually using the distribute command. This command pushes a copy of the switch's database to all other Fabric OS 5.3.0 (or later) switches in the fabric. Fabric OS uses RBAC to determine which commands are supported for each user. Secure Shell Fabric OS supports SSH encrypted sessions to ensure security. SSH encrypts all messages, including client transmission of passwords during login. SSH includes a daemon (sshd), which runs on the switch and supports many encryption algorithms, such as Blowfish-CBC and AES. Commands that require a secure login channel must be issued from an original SSH session. Nested SSH sessions will reject commands that require a secure channel. SAN Design Reference Guide 411