Brocade Communications Systems 53-1001778-01 manual Disable Http for security reasons

Page 27

Disable HTTP for security reasons

2

Verifying that the SLP service is correctly installed and operating

1.Start the SLP service and SMI-A.

2.Open a command prompt via Start > Programs > Accessories > Command Prompt.

3.Change to the directory where slpd.bat is located:

cd C:\<SMIAgent>\agent\bin

4.Verify that the SLP service is properly running as a Service Agent.

>slptool findsrvs service:service-agent

5.Verify that the SLP service is properly advertising its WBEM services:

>slptool findsrvs service:wbem

6.Verify that the SLP service is properly advertising its WBEM SLP template over its configured Client Protocol Adapters. Note: Change the IP Address:Port to those displayed by slptool findsrvs service:wbem

>slptool findattrs service:wbem:http://192.168.0.100:5988

>slptool findattrs service:wbem:https://192.168.0.100:5989

Disable HTTP for security reasons

If security or mutual authentication is enabled, you might want to disable the unsecure HTTP protocol, leaving only the secure HTTPS enabled. There are two ways to enable and disable the HTTP protocol:

Use the SMI-A Configuration Tool (see “Configuring HTTP access” on page 24).

Use the command-line scripts packaged by the SMI-A installer.

The SMI-A installer packages the scripts DeleteXMLProtocolAdapter to permanently disable the HTTP port used by the SMI-A and CreateXMLProtocolAdapter to enable the HTTP port again. These scripts can be found in the following directory:

<SMIAgent>/agent/bin

Connection monitoring

The SMI-A handles connection monitoring for the connection to the proxy switch. Whenever there is a connection failure to the proxy switch, by default the SMI-A automatically tries to reconnect to the proxy switch 5 times with a wait time of 90 seconds between each retry. This process is repeated every 30 minutes until the connection is reestablished to the proxy switch.

NOTE

The actual time between each retry is the 90-second wait time plus the retry time (the time spent on reestablishing the connection to the proxy switch). The retry time is beyond the SMI Agent’s control.

These default values of 5 retries, 90-second sleep interval between retries, and 30 minutes between each retry process are all configurable through the Brocade_ConnectionMonitoringService and through instances of Brocade_ConnectionMonitor. These values are not configurable through the SMI-A installer or configuration tool.

Brocade SMI Agent User’s Guide

11

53-1001778-01

 

Page 26 Page 28
Image 27
Page 26 Page 28
Contents Brocade SMI Agent Brocade Communications Systems, Incorporated Title Publication number Summary of changes Date Brocade SMI Agent User’s Guide Contents Chapter Brocade SMI Agent Configuration Chapter Mutual Authentication for Clients and Indications Index How this document is organized This chapterSupported hardware and software What’s new in this document Document conventionsText formatting Key terms Identifies command syntax examplesAdditional information Brocade resourcesOther industry resources FT00X0054E9 Getting technical helpSupport@brocade.com Brocade SMI Agent supportDocument feedback Common Information Model CIM OverviewBrocade SMI Agent Brocade SMI-S InitiativeBrocade SMI Agent Brocade SMI Agent User’s Guide Starting the SMI-A Brocade SMI AgentStarting the SMI-A as a service Stop the Brocade SMI AgentStopping the SMI-A Stopping the SMI-A as a service Service Location Protocol SLP supportSLP on Linux, Solaris, and AIX Slptool commandsStopping SLP on Linux, Solaris, and AIX Starting SLP on Linux, Solaris, and AIXInstalling SLP on Windows SLP on WindowsStarting SLP on Windows Connection monitoring Disable Http for security reasonsFor example Enable multi-homed supportAbout the Brocade SMI Agent Configuration Tool Brocade SMI Agent ConfigurationApply Launching the Brocade SMI Agent Configuration Tool Windows Launch the Brocade SMI-A Configuration ToolProxy connections Reloading provider.xml on fabric segmentationAdding proxy connections Removing proxy connections Login failure status informationAccess control Login failure status messages Access controlMapping an SMI-A user to a switch user Setting up default SMI-A user mapping SMI Agent security Limitations of SMI-A user-to-switch user mappingConfiguring mutual authentication for clients Mutual authentication setupConfiguring mutual authentication for indications Mutual authentication for indications Configuring Http accessImporting client certificates Http accessExporting server certificates SMI Agent security Configuring user authentication User authentication Encode proxy details Encoding proxy connection detailsConfiguring or removing the SMI Agent as a service SMI Agent service configuration and removalPort configuration Configure Http and Https portsConfiguring the Http and Https ports Configuring the ARR and eventing ports Configure ARR and eventing portsConfigure ARR and eventing ports Fabric Manager database server configurationConfiguring software locations for firmware download Firmware download software locations configurationFile Path Debugging and logging options configuration Configuring debugging options for CimomDebugging options for Cimom Debugging options for the provider Configure debugging options for CimomDynamic Update Configuring debugging options for the providerLogging options for the provider Configuring logging options for providerLog file examples Configure logging optionsCapturing information from the provider cache Capture provider cache informationCollect support information Support information collectionXML dump Collecting support informationRunning an XML dump Configuring the Cimom server Cimom server configurationUncomment the following lines Configuring log file optionsIntroduction Mutual authentication for clientsEnabling mutual authentication for indications Mutual authentication for indicationsClient configuration to use client certificates Enabling mutual authentication for clientsClient.ind.truststore Clientind.cer Java -classpath SMIAgent/agent/wbem.jar Xmlerror TroubleshootingXmlerror General questions Frequently Asked QuestionsHow do I collect diagnostic data from the Brocade SMI Agent? Does the SMI Agent have support for Https communication? On Linux Type the following command Appendix Open source software used in SMI-ASource Code License Sun Industry Standards Source LicenseDistribution Obligations Inability to Comply DUE to Statute or Regulation Termination IBM Common Public License Grant of Rights Commercial Distribution OpenSLP License GNU Library General Public License Bouncy CastleSun Binary Code License Agreement Public DomainBrocade SMI Agent User’s Guide Supplemental License Terms Brocade SMI Agent User’s Guide Brocade SMI Agent User’s Guide 53-1001778-01 Sun Binary Code License Agreement Index Brocade SMI Agent User’s Guide
Top Page Image Contents