HP AE370A HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 20 - Page 102
Secure file copy
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 102 highlights
Table 17 describes additional software or certificates that you must obtain to deploy secure protocols. Table 17 Items needed to deploy secure protocols Protocol Host side Switch side SSHv2 HTTPS Secure shell client No requirement on host side except a browser that supports HTTPS None Switch IP certificate for SSL SCP SNMPv1, SNMPv2, SNMPv3 SSH daemon, scp server None None None The security protocols are designed with the four main use cases described in Table 18. Table 18 Main security scenarios Fabric Management interfaces Comments Nonsecure Nonsecure Nonsecure Secure No special setup is needed to use Telnet or HTTP. Secure protocols may be used. An SSL switch certificate must be installed if HTTPS is used. Secure Secure Secure Nonsecure Switches running earlier Fabric OS versions can be part of the secure fabric, but they do not support secure management. Secure management protocols must be configured for each participating switch. Nonsecure protocols may be disabled on nonparticipating switches. If SSL is used, certificates must be installed. For more information on installing certificates, see "Installing a switch certificate" on page 110. You must use SSH because Telnet is not allowed with some features. Nonsecure management protocols are necessary under these circumstances: • The fabric contains switches running Fabric OS 3.2.0. • There are software tools that do not support secure protocols, for example, Fabric Manager 4.0.0. • The fabric contains switches running Fabric OS versions earlier than 4.4.0. Nonsecure management is enabled by default. Secure file copy You can use the configure command to specify that secure file copy (SCP) is used for configuration uploads and downloads. Setting up SCP for configUploads and downloads 1. Log in to the switch as admin. 2. Enter the configure command. 3. Enter y or yes at the cfgload attributes prompt. 4. Enter y or yes at the Enforce secure configUpload/Download prompt. 100 Configuring standard security features