Security Of Management Channels; Secure Shell - HP StorageWorks MSA 2/8 - SAN Switch User Manual

Hp storageworks secure fabric os v1.0 user guide (aa-ru57a-te, june 2003)

Hide thumbs Also See for StorageWorks MSA 2/8 - SAN Switch:

Reference manual (982 pages)

User manual (270 pages)

Installation manual (72 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

Table of Contents

Introducing Secure Fabric OS

Security of Management Channels

You can use Secure Fabric OS to increase the security of the local and remote

management channels, including Fabric Manager, Web Tools, standard SNMP

applications, Management Server, and a supported command line interface (CLI)

client such as sectelnet.

You can specify the access allowed through a channel by customizing the Secure

Fabric OS policy for that channel. Secure Fabric OS policies are available for

telnet (includes sectelnet and Secure Shell), SNMP, Management Server, HTTP,

and Application Programing Interface (API). Fabric Manager and Web Tools both

use HTTP and API to access the switch.

Once a digital certificate is installed on the switch, Fabric OS v2.6.1, v3.1.x, and

v4.1.x all encrypt sectelnet, API, and HTTP passwords automatically, regardless

of whether Secure Fabric OS is enabled.

Note:

or Secure Shell), and is disabled when Secure Mode is enabled.

Secure Shell

Fabric OS v4.1.x supports Secure Shell (SSH), which is a fully encrypted protocol

for CLI. Use of SSH requires installation of a SSH client on the host computer. It

does not require a digital certificate on the switch.

SSH access is configurable by the Telnet policy that is available through Secure

Fabric OS. However, Fabric OS v4.1.x supports SSH whether or not Secure Fabric

OS is licensed.

If you want to restrict CLI access over the network to SSH, disable telnet as

described under "Telnet" on page 15.

SSH clients are available in the public domain, and can be located by searching on

the Internet. Any client that supports Version 2 of the protocol is supported, such

as PuTTy or F-Secure.

Fabric OS v4.1.x also supports the following ciphers for session encryption and

Hash Message Authentication Codes (HMACs)—a hash function based message

authentication code:

The "Telnet" button in Web Tools can be used to launch telnet only (not sectelnet

Ciphers: AES128-CBC, 3DES-CBC, Blowfish-CBC, Cast128-CBC, and RC4

HMACs: HMAC-MD5, HMAC-SHA1, HMAC-SHA1-96, HMACMD5-96.

Secure Fabric OS Version 1.0 User Guide

Table of Contents

This manual is also suitable for:

Storageworks secure fabric os 1.0

Security Of Management Channels; Secure Shell - HP StorageWorks MSA 2/8 - SAN Switch User Manual

Security of Management Channels

Secure Shell

Related Manuals for HP StorageWorks MSA 2/8 - SAN Switch

Related Content for HP StorageWorks MSA 2/8 - SAN Switch

This manual is also suitable for:

Table of Contents