beautypg.com

User account security, Remote authentication, Device security – HP M-series HA-Fabric Manager Software User Manual

Page 30

background image

30

Managing fabrics

User account security

User account security is the process by which your user account and password are authenticated with the
list of valid user accounts and passwords. The switch validates your account and password when you
attempt to add a fabric using McDATA Web Server or log in to a switch through Telnet. Your system
administrator defines accounts, passwords, and authority levels that are stored on the switch. See

Managing user accounts

” on page 61 for more information.

The Admin account possesses Admin authority which grants full access to all tasks of the McDATA Web
Server menu system. The switch validates your user account and McDATA Web Server grants access to its
menus according to your authority level. If you do not have Admin authority, you are limited to monitoring
tasks.

NOTE:

If a user is logged into a switch using McDATA Web Server or CLI, and an administrator changes

user access rights and passwords, existing login sessions will not be affected by the new settings. Login
access and privileges are only checked for a new login request.

Remote authentication

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of
authentication passwords in larger networks. It has a client/server model, where the server is the password
repository and third party authentication point and the clients are all of the managed devices. RADIUS can
be configured for devices and/or user accounts. See ”

Configuring RADIUS servers

” on page 66 for

information about configuring RADIUS servers.

The RADIUS server dialogs are available only on a secure (SSL) fabric and on the entry switch (out of band
switch). Refer

Configuring system services

” on page 83 for information about enabling the SSL service.

Device security

IMPORTANT:

Device security is available only with the McDATA SANtegrity™ Product Feature

Enablement (PFE) key. See ”

Installing Product Feature Enablement (PFE) keys

” on page 91 for more

information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and Product
Feature Enablement key, follow the step-by-step instructions on the "firmware feature entitlement request
certificate" for the PFE key. One of the license key retrieval options is via the web:

www.webkey.external.hp.com

.

Device security provides for the authorization and authentication of devices that you attach to a switch. You
can configure a switch with a group of devices against which the switch authorizes new attachments by
devices, other switches, or devices issuing management server commands. Device security is configured
through the use of security sets and groups. A group is a list of device worldwide names that are
authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for
devices (port), and a third for devices issuing management server commands (MS). A security set is a set of
up to three groups with no more than one of each group type. The security configuration is made up of all
security sets on the switch.

This manual is related to the following products: