Connection Security - Qlogic SANbox 5600 Series Installation Manual

A
3.7.1

Connection Security

Connection security provides an encrypted data path for switch management
methods. The switch supports the Secure Shell (SSH) protocol for the command
line interface and the Secure Socket Layer (SSL) protocol for management
applications such as SANsurfer Switch Manager and Common Information
Module (CIM).
The SSL handshake process between the workstation and the switch involves the
exchanging of certificates. These certificates contain the public and private keys
that define the encryption. When the SSL service is enabled, a certificate is
automatically created on the switch. The workstation validates the switch
certificate by comparing the workstation date and time to the switch certificate
creation date and time. For this reason, it is important to synchronize the
workstation and switch with the same date, time, and time zone. The switch
certificate is valid 24 hours before its creation date and 365 days after its creation
date. If the certificate should become invalid, refer to the
page B-20
Consider your requirements for connection security: for the command line
interface (SSH), management applications such as SANsurfer Switch Manager
(SSL), or both. If SSL connection security is required, also consider using the
Network Time Protocol (NTP) to synchronize workstations and switches.
Refer to System keyword of the
information about enabling the NTP client on the switch and configuring the
NTP server.
Refer to the
time zone.
59096-02 C
for information about creating a certificate.
"Set Command" on page B-61
"Create Command" on
"Set Setup Command" on page B-82
for information about setting the
3 – Planning
Fabric Security
for
3-15