Download Print this page

Santegrity Authentication - McDATA StorageWorks 64 - SAN Director Switch Planning Manual

Fw 07.00.00/hafm sw 08.06.00 mcdata products in a san environment planning manual (620-000124-500, april 2005)

Hide thumbs Also See for StorageWorks 64 - SAN Director Switch:

Manual (508 pages)

Table Of Contents

page of 322

/ 322
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Physical Planning Considerations

5

SANtegrity

Authentication

McDATA Products in a SAN Environment - Planning Manual

5-16

System administrators can use the SAN management application to

assign remote workstation access to directors and switches. Remote

sessions are allowed for anyone on a customer intranet, disallowed

completely, or restricted to specific workstations. Remote users must

log into the SAN management application with a user name and

password, just as when logging in to the local management server.

Passwords are encrypted when sent across the network. By entering

workstation IP addresses at the SAN management application,

administrators can allow access from all user workstations or from

only specific workstations.

For access through the SANpilot interface, the system administrator

provides IP addresses of products to authorized users, assigns access

usernames, and controls associated passwords.

SANtegrity Authentication enhances SAN security by providing a set

of user-configurable, software-enforced features that restrict access to

Fibre Channel fabric elements. Features protect against accidental or

intentional attacks to fabric elements by not allowing connection of

devices or management interfaces that cannot be identified. Security

features are independent from one another and may be individually

enabled or disabled by an administrator. SANtegrity Authentication

features include:

•

Password safety - When accessing a director or fabric switch for

the first time through the command line interface (CLI) or

SANpilot interface, the password must be changed. When

accessing a director or switch for the first time through the

maintenance port (enhanced serial authentication enabled), the

password must be changed.

Upon user login, the password is checked against the original

default password. If the password and default password match,

the user must change the password. This functionality addresses

a common security defect where the default password is never

changed.

•

Management server CHAP authentication - Enhanced login

security between a fabric element (director, fabric switch, or SAN

router) and the management server is provided through

challenge handshake authentication protocol (CHAP). A fabric

element uses CHAP to authenticate any management server that

attempts a connection.

Table of Contents

Advertisement

Table of Contents

Related Products for McDATA StorageWorks 64 - SAN Director Switch

McDATA Intrepid 6064 Director

McDATA Intrepid 6140 Director

This manual is also suitable for:

316095-b21 - storageworks edge switch 2/24Storageworks 2/140 - director switchStorageworks 2/24 - edge switchStorageworks 2/12 - edge switch316095-b21 - storageworks edge switch 2/24 Storageworks 2/140 - director switch ... Show all