Cisco Systems OL-11390-01 manual Secure Socket Layer SSL, SNMPv3, Working with Firewalls, 11-2

Page 2

Chapter 11 Administering DFM (Advanced)

Security Considerations

Secure Socket Layer (SSL)

SSL is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates, public keys, and private keys. You can enable or disable SSL depending on the need to use secure access.

DFM supports SSL between clients and the server. By default, DFM is not SSL-enabled. For information on enabling SSL, refer to the Common Services online help.

SNMPv3

Like CiscoWorks Common Services, DFM supports SNMPv3 (authentication and access control but no data encryption) between server and devices to eliminate leakage of confidential info. This provides packet-level security, integrity protection, and replay protection, but does not encrypt the packets.

Working with Firewalls

DFM will work across firewalls, but you must perform the following two tasks:

Configure the DFM server to use a specific port (outgoing connection)

Configure the firewall to use an automatic established connection (incoming connection)

Step 1 Configure the DfmServer process so it binds to a privileged port, using the pdcmd --port option (see Table 11-4 on page 11-16for more pdreg options):

Note The ports and protocols used by CiscoWorks are listed in the Installation and Getting Started Guide for LAN Management Solution 3.0.

a.Check the flags that are currently set for the DfmServer process, and write them down (you will need to reset them later):

#NMSROOT/bin/pdreg -l DfmServer

b.Unregister the DfmServer process:

#NMSROOT/bin/pdcmd -u DfmServer

 

User Guide for Device Fault Manager

11-2

OL-11390-01

Page 1 Page 3
Image 2
Page 1 Page 3
Contents File Ownership and Protection 11-1Working with Firewalls Secure Socket Layer SSLSNMPv3 11-2NMSROOT/objects/smarts/bin/smserver --help 11-311-4 Configuring Users ACS and Non-ACSRegistering Additional DFM Servers with the LMS Portal Configuring Users Using CiscoWorks Local Mode 11-5Using DFM in ACS Mode 11-611-7 Creating Self-Signed Security Certificates YearlyField Description Usage Notes Backing Up and Restoring DFM Data 11-8Before You Begin Changing the Password for DFM DatabasesOption Description Usage Notes 11-9Configuring Logging 11-10No. Folder Maximum Backup Function/ModuleViewing and Maintaining Log Files Log Files Size KBDPS 11-1211-13 Starting and Stopping DFM ProcessesName Description Dependency 11-14 Registering and Unregistering DFM Processes 11-15Option Description and Arguments 11-16Arguments 11-17Example 1 Specifying Clients that Can Connect to DFM 11-18Reregister any processes that depend on DfmServer 11-1911-20
Top Page Image Contents