HP StorageWorks 2/140 FW 07.01.02/HAFM SW 08.06.00 HP StorageWorks Director Re - Page 17

Advanced Fabric Diagnostics, RBAC Phase I: Enhanced User Rights Con, guration, SSH for CLI

Get HP StorageWorks 2/140 - Director Switch PDF manuals and user guides View all HP StorageWorks 2/140 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

• RBAC Phase I: Enhanced User Rights Configuration-RBAC is role based access control. This is the first phase of more comprehensive role-based access control planned for the CLI and EWS interfaces. Multiple users can now be configured for EWS or CLI, or both, through either interface. This allows users to configure additional user name/password combinations. • SSH for CLI-Secure Shell (SSH) provides an encrypted connection, as an alternative to Telnet, to secure CLI access to switches and directors. • Enhanced Maintenance Port Security-This allows users to enable enhanced authorization on the maintenance port, which is the switch or director RS-232 connection. Enhanced Authorization mode enforces stronger security policies, requiring users to change the well-known password to a case- sensitive private password the first time they use the maintenance port. Subsequent access by service personnel requires log in through the private customer-level access. • Security Log-The Security Log is a new log available in EWS, CLI, and HAFM that records various events concerning the integrity of a switch. This includes authorization or authentication problem detection, and approved and invalid access attempts. Each log entry provides an event number or reason, a date/time stamp, a trigger level (a type of security event severity), an event count, and a category and data pertaining to the specific event. The log wraps at 200 entries. This log provides customers with details to track down attempted security threats and identify the source of problems that might jeopardize the switch integrity. • IP Access Control List-This allows users to establish a list of IP addresses from which the switch is allowed to accept connections. This prevents users who have access to the Ethernet LAN from attempting to access the Fibre Channel switches. Connection attempts from unauthorized IP addresses are ignored by the switch, making it appear that no device is connected. This is primarily intended for environments that are not on a private, inaccessible subnet, such as when installed in most cabinet configurations with a dual-NIC HAFM appliance processor. Advanced Fabric Diagnostics This provides tools to monitor the fabric and identify potential problems before they impact network and application performance. Tools include ISL Fencing, new switch-centric Fabric and Embedded Port Logs, an Audit Log for the embedded user interfaces, and access to the Digital Diagnostic capabilities included with newer SFP transceivers. ISL Fencing Also called Port Fencing, this feature allows customers to set up policies for blocking an ISL when problems occur that cause an ISL to "bounce" or repeatedly attempt to establish a connection. Any time an ISL is brought up or down, a fabric rebuild occurs, which can cause disruption in some environments. ISL Fencing will lessen the likelihood of having a problematic ISL connection disrupt a SAN. Director release notes 15

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
RBAC Phase I: Enhanced User Rights Con
guration
—RBAC is role based access
control. This is the
rst phase of more comprehensive role-based access control
planned for the CLI and EWS interfaces. Multiple users can now be con
gured
for EWS or CLI, or both, through either interface. This allows users to con
gure
additional user name/password combinations.
SSH for CLI
—Secure Shell (SSH) provides an encrypted connection, as an
alternative to Telnet, to secure CLI access to switches and directors.
Enhanced Maintenance Port Security
—This allows users to enable enhanced
authorization on the maintenance port, which is the switch or director RS-232
connection. Enhanced Authorization mode enforces stronger security policies,
requiring users to change the well-known password to a case- sensitive private
password the
rst time they use the maintenance port. Subsequent access by
service personnel requires log in through the private customer-level access.
Security Log
—The Security Log is a new log available in EWS, CLI, and HAFM
that records various events concerning the integrity of a switch. This includes
authorization or authentication problem detection, and approved and invalid
access attempts. Each log entry provides an event number or reason, a date/time
stamp, a trigger level (a type of security event severity), an event count, and a
category and data pertaining to the speci
c event. The log wraps at 200 entries.
This log provides customers with details to track down attempted security threats
and identify the source of problems that might jeopardize the switch integrity.
IP Access Control List
—This allows users to establish a list of IP addresses from
which the switch is allowed to accept connections. This prevents users who
have access to the Ethernet LAN from attempting to access the Fibre Channel
switches. Connection attempts from unauthorized IP addresses are ignored by
the switch, making it appear that no device is connected. This is primarily
intended for environments that are not on a private, inaccessible subnet, such as
when installed in most cabinet con
gurations with a dual-NIC HAFM appliance
processor.
Advanced Fabric Diagnostics
This provides tools to monitor the fabric and identify potential problems before
they impact network and application performance. Tools include ISL Fencing, new
switch-centric Fabric and Embedded Port Logs, an Audit Log for the embedded user
interfaces, and access to the Digital Diagnostic capabilities included with newer SFP
transceivers.
ISL Fencing
Also called Port Fencing, this feature allows customers to set up policies for blocking
an ISL when problems occur that cause an ISL to “bounce” or repeatedly attempt to
establish a connection. Any time an ISL is brought up or down, a fabric rebuild occurs,
which can cause disruption in some environments. ISL Fencing will lessen the likelihood
of having a problematic ISL connection disrupt a SAN.
Director release notes
15