Table of Contents
Advertisement
Connection security
IMPORTANT:
Element Manager PFE key, and the CLI. See
more information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and
PFE key, follow the step-by-step instructions on the firmware feature entitlement request certificate for the PFE
key. You can obtain a PFE key from the web at: www.webkey.external.hp.com.
Connection security provides an encrypted data path for switch management methods. The switch supports
the Secure Shell (SSH) protocol for the CLI and the Secure Socket Layer (SSL) protocol for management
applications such as McDATA Web Server, Element Manager, and Common Information Module (CIM).
See
"System
services" on page 73 for information about enabling the SSH and SSL services.
The SSL handshake process between the workstation and the switch involves the exchanging of certificates.
These certificates contain the public and private keys that define the encryption. The switch certificate is
valid for one year beginning with its creation date and time. The workstation validates the switch certificate
by comparing the workstation date and time to the switch certificate creation date and time. For this
reason, it is important to synchronize the workstation and switch with the same date, time, and time zone.
If a certificate has not been created by the user, the switch will automatically create one. If SSL connection
security is required, also consider using the Network Time Protocol (NTP) service to synchronize date/time
between workstations and switches.
User account security
User account security is the process by which your user account and password are authenticated with the
list of valid user accounts and passwords. The switch validates your account and password when you
attempt to add a fabric using McDATA Web Server or log in to a switch through Telnet. Your system
administrator defines accounts, passwords, and authority levels that are stored on the switch. See
"Managing user
The Admin account possesses Admin authority which grants full access to all tasks of the McDATA Web
Server menu system. The switch validates your user account and McDATA Web Server grants access to its
menus according to your authority level. If you do not have Admin authority, you are limited to monitoring
tasks.
NOTE:
If a user is logged into a switch using McDATA Web Server or CLI, and an administrator changes
user access rights and passwords, existing login sessions will not be affected by the new settings. Login
access and privileges are only checked for a new login request.
Remote authentication
IMPORTANT:
and can be managed only with the CLI and Element Manager. Element Manager also requires a PFE key.
See
"Installing Product Feature Enablement
key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions
on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the
web at: www.webkey.external.hp.com.
Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of
authentication passwords in larger networks. It has a client/server model, where the server is the password
repository and third party authentication point and the clients are all of the managed devices. RADIUS can
be configured for devices and/or user accounts. See
information about configuring RADIUS servers.
The RADIUS server dialogs are available only on a secure fabric and on the entry switch (out-of-band
switch). Refer
22
The SSL and SSH services can be managed only with Element Manager, which requires the
accounts" on page 49 for more information.
Remote authentication is available only with the McDATA SANtegrity Enhanced PFE key
"System
services" on page 73 for information about enabling the SSL service.
"Installing Product Feature Enablement
keys" on page 82 for more information about installing a PFE
"Configuring RADIUS
keys" on page 82 for
servers" on page 54 for
Hide quick links:
Advertisement
Table of Contents
