HP StorageWorks 2/140 FW 07.01.02/HAFM SW 08.06.00 HP StorageWorks Director Re - Page 16

Enhanced SANtegrity Security Suite

Get HP StorageWorks 2/140 - Director Switch PDF manuals and user guides View all HP StorageWorks 2/140 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 16 highlights

With the Zone FlexPar feature enabled, RSCN messages for a zoning change are handled like RSCNs for availability/unavailability changes. Specifically, RSCNs are restricted to only those devices sharing at least one common zone with the device that changed. This way, only devices that are impacted by the change in connectivity receive RSCNs. The Zone FlexPar feature is available in both Open Fabric 1.0 and Homogeneous Fabric 1.0 Interop modes, as well as in environments with loop-attached devices. In Homogeneous Fabric 1.0 mode, the default zone is treated like any other zone, and RSCNs are sent only to the affected devices if the default zone is enabled or disabled. A PFE key is not required for the Zone FlexPar feature, and it can be enabled or disabled through CLI for a specific switch. When upgrading to firmware 07.01.02-4 or installing a new switch with firmware 07.01.02-4 the feature is enabled by default, allowing it to work immediately. If the Zone FlexPar feature is not enabled on all switches in the fabric, the restricted RSCN distribution only applies for devices attached to switches with the feature enabled. Enhanced SANtegrity Security Suite SANtegrity Security Suite enhanced features include authentication support for device login, interswitch connections and management interfaces. The Secure Access features are included as a standard part of the SANtegrity Security Suite in firmware 07.01.02-4. Standard features The following SANtegrity features do not require a license or SANtegrity Binding. • CHAP Authentication for HAFM/SWAPI-This provides authentication of connections from the HAFM appliance service processor and SWAPI Direct Connect. This ensures that requested HAFM management sessions or SWAPI Direct Connect sessions are from a trusted source. • Encryption of Passwords and Secrets Shared with HAFM-All secrets and password information are passed in encrypted format for greater security. This prevents "snooping" of Ethernet connection to capture user login and authentication secret information. • RADIUS Server Support-This provides support for IETF RADIUS (Remote Authentication Dial In User Service) protocol for password authentication. Firmware 07.01.02-4 allows users to configure settings for using a RADIUS server. RADIUS provides centralized authentication services for multiple devices on a network. This means that several switches can be configured to use a single RADIUS server. • Prompted Change of EWS and CLI Passwords from Default-This prompts users to modify the password settings for both the CLI and EWS interfaces the first time they log in using either of these interfaces. 14

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
With the Zone FlexPar feature enabled, RSCN messages for a zoning change are
handled like RSCNs for availability/unavailability changes. Speci
cally, RSCNs are
restricted to only those devices sharing at least one common zone with the device that
changed. This way, only devices that are impacted by the change in connectivity
receive RSCNs.
The Zone FlexPar feature is available in both Open Fabric 1.0 and Homogeneous
Fabric 1.0 Interop modes, as well as in environments with loop-attached devices. In
Homogeneous Fabric 1.0 mode, the default zone is treated like any other zone, and
RSCNs are sent only to the affected devices if the default zone is enabled or disabled. A
PFE key is not required for the Zone FlexPar feature, and it can be enabled or disabled
through CLI for a speci
c switch. When upgrading to
rmware 07.01.02-4 or installing
a new switch with
rmware 07.01.02-4 the feature is enabled by default, allowing it
to work immediately. If the Zone FlexPar feature is not enabled on all switches in the
fabric, the restricted RSCN distribution only applies for devices attached to switches
with the feature enabled.
Enhanced SANtegrity Security Suite
SANtegrity Security Suite enhanced features include authentication support for device
login, interswitch connections and management interfaces. The Secure Access features
are included as a standard part of the SANtegrity Security Suite in
rmware 07.01.02–4.
Standard features
The following SANtegrity features do not require a license or SANtegrity Binding.
CHAP Authentication for HAFM/SWAPI
—This provides authentication of
connections from the HAFM appliance service processor and SWAPI Direct
Connect. This ensures that requested HAFM management sessions or SWAPI
Direct Connect sessions are from a trusted source.
Encryption of Passwords and Secrets Shared with HAFM
—All secrets and
password information are passed in encrypted format for greater security.
This prevents “snooping” of Ethernet connection to capture user login and
authentication secret information.
RADIUS Server Support
—This provides support for IETF RADIUS (Remote
Authentication Dial In User Service) protocol for password authentication.
Firmware 07.01.02-4 allows users to con
gure settings for using a RADIUS
server. RADIUS provides centralized authentication services for multiple devices
on a network. This means that several switches can be con
gured to use a
single RADIUS server.
Prompted Change of EWS and CLI Passwords from Default
—This prompts users
to modify the password settings for both the CLI and EWS interfaces the
rst time
they log in using either of these interfaces.
14