Table of Contents
Advertisement
Configuring secure-communication on the controller
On the GSLB controller, to enable the secure protocol instead of the standard one, enter
commands such as the following:
SLB-Ctrl-ServerIronADX(config)# gslb site sfo
SLB-Ctrl-ServerIronADX(config-gslb-site-sfo)# si slb-1 100.1.1.3
secure-communication
Syntax: si <si-name> <si-ip-address> secure-communication
The GSLB site ServerIron ADX will automatically understand the secure protocol. There is no CLI
command required to enable the feature on the site.
If you want the GSLB site ServerIron ADX to accept only the secure protocol and reject the standard
GSLB connection request, then enter the following command on the site ServerIron ADX.
SLB-Site-ServerIronADX(config)# gslb auth-encrypt-communication secure-only
Syntax: gslb auth-encrypt-communication secure-only
Generating RSA key pair
Before authentication can proceed, each ServerIron ADX that is secure GSLB enabled must
generate a static RSA public/private key pair for itself. The private key is used to prove the identity
of the local device. It never leaves the system. In comparison, the public key is sent to the remote
peer. The peer then uses that key to decrypt data.
The private key and public key compensate each other.
You can refer to either operation as encryption and the other decryption. Many engineers refer to
the public key operation as encryption, and call the private key operation decryption.
Use the crypto key generate rsa command on both the controller and site ServerIron ADXs to
generate a random RSA public/private key pair. This key pair needs to be generated on each
ServerIron ADX involved in the secure GSLB communication. Since the keys on each box are
generated together, they are always in agreement.
Syntax: [no] crypto key generate rsa
Example
The following GSLB controller example assumes a minimum working GSLB configuration is already
set up (refer to
SLB-Ctrl-ServerIronADX(config)# ip dns domain-name foo.com
SLB-Ctrl-ServerIronADX(config)# crypto key generate rsa
Generating rsa
keypair..................................................................done!
rsapublic_key"10243516320480114350385337927420684604699847215100737339140179784
0463596710017038795521320990076735951547998548950700124427622983729636247496044
8810297880244822925958194700326493941745541854086588315530748050102379348032059
7889011743490357195498301864347794398342179943239191530516416905654211931607212
87517491 chassis@foo.com"
rsa private_key "*************************"
ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Private(Public(A)) = A and
Public(Private(A)) = A
page
64).
1
Secure GSLB
59
Advertisement
Table of Contents
Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00
Related Products for Brocade Communications Systems ServerIron ADX 12.4.00
- Brocade Communications Systems ServerIron ADX 12.4.00a
- Brocade Communications Systems SERVERIRON ADX 1000
- Brocade Communications Systems SERVERIRON ADX 10000
- Brocade Communications Systems ServerIron ADX 1000F
- Brocade Communications Systems SERVERIRON ADX 4000
- Brocade Communications Systems ServerIron ADX 8000
- Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base
- Brocade Communications Systems AE370A - Brocade 4Gb SAN Switch 4/12
- Brocade Communications Systems AA979A - StorageWorks SAN Switch 2/8V
- Brocade Communications Systems A7990A - StorageWorks SAN Director 4/16 Blade Switch
- Brocade Communications Systems AP7420 Series
- Brocade Communications Systems AM866A - StorageWorks 8/8 Base SAN Switch
- Brocade Communications Systems SMI Agent 120.11.0
- Brocade Communications Systems Access Gateway
- Brocade Communications Systems Network Advisor SMI Agent 12.0.0
- Brocade Communications Systems 200E Series