Managing fabrics, Securing a fabric, Security consistency checklist – HP M-series HA-Fabric Manager Software User Manual
Page 29: Connection security, 2 managing fabrics, Security consistency checklist connection security, 2managing fabrics
McDATA® 4Gb SAN Switch for HP p-Class BladeSystem user guide
29
2
Managing fabrics
This section describes the following tasks that manage fabrics using McDATA Web Server:
• Tracking fabric firmware and software versions
• Managing the fabric database
• Displaying fabric information
• Working with device information and nicknames
Securing a fabric
Fabric security consists of the following:
• Security consistency checklist
Security consistency checklist
The Security Consistency Checklist dialog enables you to compare security-related features on switches to
check for inconsistencies. Any changes must be made through the appropriate dialog, such as Network
Properties dialog, Switch Properties dialog, or SNMP Properties dialog. Select
Switch > Security
Consistency Checklist to open the Security Consistency Checklist dialog.
Connection security
Connection security provides an encrypted data path for switch management methods. The switch supports
the Secure Shell (SSH) protocol for the CLI and the Secure Socket Layer (SSL) protocol for management
applications such as McDATA Web Server, McDATA Element Manager, and Common Information Module
(CIM). See ”
” on page 83 for information about enabling the SSH and SSL
services.
The SSL handshake process between the workstation and the switch involves the exchanging of certificates.
These certificates contain the public and private keys that define the encryption. The switch certificate is
valid for one year beginning with its creation date and time. The workstation validates the switch certificate
by comparing the workstation date and time to the switch certificate creation date and time. For this
reason, it is important to synchronize the workstation and switch with the same date, time, and time zone.
If a certificate has not been created by the user, the switch will automatically create one. If SSL connection
security is required, also consider using the Network Time Protocol (NTP) service to synchronize date/time
between workstations and switches.