Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual
Page 174
Secure protocol support (Continued)
TABLE 28
Protocol Description
SSH
Secure Shell (SSH) is a network protocol that allows data to be exchanged over a secure channel
between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key
cryptography to authenticate the remote computer and allow the remote computer to authenticate the
user, if necessary.
SSL
Fabric OS uses Secure Socket Layer (SSL) to support HTTPS. A certificate must be generated and
installed on each switch to enable SSL. Supports SSLv3, 128-bit encryption by default. Also supports
TLSv1.0 and TLSv1.2.
describes additional software or certificates that you must obtain to deploy secure protocols.
Items needed to deploy secure protocols
TABLE 29
Protocol Host side
Switch side
SSHv2
Secure shell client
None
HTTPS
No requirement on host side except a browser that supports HTTPS
Switch IP certificate for SSL
SCP
SSH daemon, SCP server
None
SNMPv3 None
None
The security protocols are designed with the four main use cases described in
Main security scenarios
TABLE 30
Fabric
Management
interfaces
Comments
Nonsecure Nonsecure
No special setup is needed to use Telnet or HTTP.
Nonsecure Secure
Secure protocols may be used. An SSL switch certificate must be installed if
HTTPS is used.
Secure
Secure
Switches running earlier Fabric OS versions can be part of the secure fabric,
but they do not support secure management.
Secure management protocols must be configured for each participating
switch. Nonsecure protocols may be disabled on nonparticipating switches.
If SSL is used, then certificates must be installed. For more information on
installing certificates, refer to
Installing a switch certificate
on page 181.
Secure
Nonsecure
You must use SSH because Telnet is not allowed with some features.
Configuring Protocols
174
Fabric OS Administrators Guide
53-1003130-01