beautypg.com

Managing fabrics, Securing a fabric, Security consistency checklist – HP M-series HA-Fabric Manager Software User Manual

Page 29: Connection security, 2 managing fabrics, Security consistency checklist connection security, 2managing fabrics

background image

McDATA® 4Gb SAN Switch for HP p-Class BladeSystem user guide

29

2

Managing fabrics

This section describes the following tasks that manage fabrics using McDATA Web Server:

Securing a fabric

, page 29

Tracking fabric firmware and software versions

, page 39

Managing the fabric database

, page 40

Displaying fabric information

, page 44

Working with device information and nicknames

, page 50

Zoning a fabric

, page 52

Securing a fabric

Fabric security consists of the following:

Security consistency checklist

, page 29

Connection security

, page 29

User account security

, page 30

Remote authentication

, page 30

Device security

, page 30

Fabric services

, page 38

Security consistency checklist

The Security Consistency Checklist dialog enables you to compare security-related features on switches to
check for inconsistencies. Any changes must be made through the appropriate dialog, such as Network
Properties dialog, Switch Properties dialog, or SNMP Properties dialog. Select

Switch > Security

Consistency Checklist to open the Security Consistency Checklist dialog.

Connection security

Connection security provides an encrypted data path for switch management methods. The switch supports
the Secure Shell (SSH) protocol for the CLI and the Secure Socket Layer (SSL) protocol for management
applications such as McDATA Web Server, McDATA Element Manager, and Common Information Module
(CIM). See ”

Configuring system services

” on page 83 for information about enabling the SSH and SSL

services.

The SSL handshake process between the workstation and the switch involves the exchanging of certificates.
These certificates contain the public and private keys that define the encryption. The switch certificate is
valid for one year beginning with its creation date and time. The workstation validates the switch certificate
by comparing the workstation date and time to the switch certificate creation date and time. For this
reason, it is important to synchronize the workstation and switch with the same date, time, and time zone.
If a certificate has not been created by the user, the switch will automatically create one. If SSL connection
security is required, also consider using the Network Time Protocol (NTP) service to synchronize date/time
between workstations and switches.

This manual is related to the following products: