Brocade Communications Systems 53-1001778-01 manual SMI Agent security

Page 37

SMI Agent security

3

FIGURE 9 User Mapping Configuration dialog box

6.Click Apply.

The value in the Status column changes from Not Persisted to Persisted.

Limitations of SMI-A user-to-switch user mapping

•Indications are not filtered based on the SMI-A user names. Indications related to fabrics for which the SMI-A user does not have access will still be delivered.

•It is not recommended to map default SMI-A users to a zoneadmin switch user. If default SMI-A users are mapped to a zoneadmin switch user, then the Brocade SMI Agent Configuration Tool is unable to display the status of the fabric connection.

•For VF-enabled chassis, read or write access restrictions are not allowed for each logical fabric separately. If the SMI-A user is mapped to a switch user on a VF-enabled chassis, then the SMI-A user has the same access privilege for all of the logical fabrics in the chassis.

•For VF-enabled chassis, the switch user mapped in User mapping and Default User mapping configurations should have access to at least one of the logical fabrics configured in the VF-enabled chassis.

•The SMI Agent does not restrict access based on the VF list accessible to the switch user in a VF-enabled chassis. The SMI Agent uses the RBAC permission map of the proxy switch alone. For switches running Fabric OS 6.3.x or earlier, RBAC restrictions in the SMI Agent cannot be specific to certain logical fabrics. To get the same RBAC behavior in the SMI Agent for switches running Fabric OS 6.4.x or later, the chassis role of these switches should not be more access restrictive than the switch role.

SMI Agent security

This section describes how to use the Brocade SMI Agent Configuration Tool to configure security options.

•“Mutual authentication setup,” next

•“Configuring mutual authentication for clients” on page 22

•“Configuring mutual authentication for indications” on page 23

•“Configuring HTTP access” on page 24

•“Importing client certificates” on page 25

•“Exporting server certificates” on page 26

•“Viewing or deleting client certificates from SMI-A server truststore” on page 27

•“Configuring user authentication” on page 28

Brocade SMI Agent User’s Guide	21
53-1001778-01

Image 37

Contents Brocade SMI Agent Brocade Communications Systems, Incorporated Title Publication number Summary of changes Date Brocade SMI Agent User’s Guide Contents Chapter Brocade SMI Agent Configuration Chapter Mutual Authentication for Clients and Indications Index How this document is organized This chapterSupported hardware and software Document conventions What’s new in this documentText formatting Key terms Identifies command syntax examplesBrocade resources Additional informationOther industry resources FT00X0054E9 Getting technical helpSupport@brocade.com Brocade SMI Agent supportDocument feedback Common Information Model CIM OverviewBrocade SMI Agent Brocade SMI-S InitiativeBrocade SMI Agent Brocade SMI Agent User’s Guide Starting the SMI-A Brocade SMI AgentStop the Brocade SMI Agent Starting the SMI-A as a serviceStopping the SMI-A Stopping the SMI-A as a service Service Location Protocol SLP supportSLP on Linux, Solaris, and AIX Slptool commandsStopping SLP on Linux, Solaris, and AIX Starting SLP on Linux, Solaris, and AIXSLP on Windows Installing SLP on WindowsStarting SLP on Windows Connection monitoring Disable Http for security reasonsFor example Enable multi-homed supportAbout the Brocade SMI Agent Configuration Tool Brocade SMI Agent ConfigurationApply Launching the Brocade SMI Agent Configuration Tool Windows Launch the Brocade SMI-A Configuration ToolReloading provider.xml on fabric segmentation Proxy connectionsAdding proxy connections Removing proxy connections Login failure status information Access control Login failure status messages Access controlMapping an SMI-A user to a switch user Setting up default SMI-A user mapping SMI Agent security Limitations of SMI-A user-to-switch user mappingConfiguring mutual authentication for clients Mutual authentication setupConfiguring mutual authentication for indications Mutual authentication for indications Configuring Http accessImporting client certificates Http accessExporting server certificates SMI Agent security Configuring user authentication User authentication Encode proxy details Encoding proxy connection detailsConfiguring or removing the SMI Agent as a service SMI Agent service configuration and removalConfigure Http and Https ports Port configurationConfiguring the Http and Https ports Configuring the ARR and eventing ports Configure ARR and eventing portsConfigure ARR and eventing ports Fabric Manager database server configurationConfiguring software locations for firmware download Firmware download software locations configurationFile Path Configuring debugging options for Cimom Debugging and logging options configurationDebugging options for Cimom Debugging options for the provider Configure debugging options for CimomDynamic Update Configuring debugging options for the providerLogging options for the provider Configuring logging options for providerLog file examples Configure logging optionsCapturing information from the provider cache Capture provider cache informationCollect support information Support information collectionCollecting support information XML dumpRunning an XML dump Configuring the Cimom server Cimom server configurationUncomment the following lines Configuring log file optionsIntroduction Mutual authentication for clientsClient configuration to use client certificates Mutual authentication for indicationsEnabling mutual authentication for clients Enabling mutual authentication for indicationsClient.ind.truststore Clientind.cer Java -classpath SMIAgent/agent/wbem.jar Xmlerror TroubleshootingXmlerror General questions Frequently Asked QuestionsHow do I collect diagnostic data from the Brocade SMI Agent? Does the SMI Agent have support for Https communication? On Linux Type the following command Appendix Open source software used in SMI-ASource Code License Sun Industry Standards Source LicenseDistribution Obligations Inability to Comply DUE to Statute or Regulation Termination IBM Common Public License Grant of Rights Commercial Distribution OpenSLP License GNU Library General Public License Bouncy CastleSun Binary Code License Agreement Public DomainBrocade SMI Agent User’s Guide Supplemental License Terms Brocade SMI Agent User’s Guide Brocade SMI Agent User’s Guide 53-1001778-01 Sun Binary Code License Agreement Index Brocade SMI Agent User’s Guide