HP SAN manual Connection security, User account security, Remote authentication

Page 22

Connection security

IMPORTANT: The SSL and SSH services can be managed only with Element Manager, which requires the Element Manager PFE key, and the CLI. See ”Installing Product Feature Enablement keys” on page 82 for more information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the web at: www.webkey.external.hp.com.

Connection security provides an encrypted data path for switch management methods. The switch supports the Secure Shell (SSH) protocol for the CLI and the Secure Socket Layer (SSL) protocol for management applications such as McDATA Web Server, Element Manager, and Common Information Module (CIM). See ”System services” on page 73 for information about enabling the SSH and SSL services.

The SSL handshake process between the workstation and the switch involves the exchanging of certificates. These certificates contain the public and private keys that define the encryption. The switch certificate is valid for one year beginning with its creation date and time. The workstation validates the switch certificate by comparing the workstation date and time to the switch certificate creation date and time. For this reason, it is important to synchronize the workstation and switch with the same date, time, and time zone. If a certificate has not been created by the user, the switch will automatically create one. If SSL connection security is required, also consider using the Network Time Protocol (NTP) service to synchronize date/time between workstations and switches.

User account security

User account security is the process by which your user account and password are authenticated with the list of valid user accounts and passwords. The switch validates your account and password when you attempt to add a fabric using McDATA Web Server or log in to a switch through Telnet. Your system administrator defines accounts, passwords, and authority levels that are stored on the switch. See ”Managing user accounts” on page 49 for more information.

The Admin account possesses Admin authority which grants full access to all tasks of the McDATA Web Server menu system. The switch validates your user account and McDATA Web Server grants access to its menus according to your authority level. If you do not have Admin authority, you are limited to monitoring tasks.

NOTE: If a user is logged into a switch using McDATA Web Server or CLI, and an administrator changes user access rights and passwords, existing login sessions will not be affected by the new settings. Login access and privileges are only checked for a new login request.

Remote authentication

IMPORTANT: Remote authentication is available only with the McDATA SANtegrity Enhanced PFE key and can be managed only with the CLI and Element Manager. Element Manager also requires a PFE key. See ”Installing Product Feature Enablement keys” on page 82 for more information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the web at: www.webkey.external.hp.com.

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of authentication passwords in larger networks. It has a client/server model, where the server is the password repository and third party authentication point and the clients are all of the managed devices. RADIUS can be configured for devices and/or user accounts. See ”Configuring RADIUS servers” on page 54 for information about configuring RADIUS servers.

The RADIUS server dialogs are available only on a secure fabric and on the entry switch (out-of-band switch). Refer ”System services” on page 73 for information about enabling the SSL service.

22

Page 21 Page 23
Image 22
Page 21 Page 23
Contents McDATA 4Gb SAN Switch Page Contents Managing switches Managing ports Glossary IndexTables Prerequisites Intended audienceRelated documentation Document conventions and symbols Jdom licenseHP technical support HP-authorized resellerHelpful web sites Using McDATA Web Server/Element Manager Workstation requirements Starting McDATA Web ServerStarting Element Manager in Hafm Exiting McDATA Web Server or Element ManagerSetting preferences Enabling call home Using online helpViewing software version and copyright information Enabling e-mail supportUser interface McDATA Web Server interfaceMenu bar Popup menus Shortcut keysMcDATA Web Server Fabric tree Graphic windowData windows and tabs Selecting switchesSelecting ports Security consistency checklist Securing a fabricConnection security Remote authenticationUser account security Device security Edit Security dialog Create Security Set dialog Create Security Group dialogCreate Security Group Member dialog McDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Editing the security configuration on a switch Viewing properties of a security set, group, or memberArchiving a security configuration to a file Security Config dialogActivating a security set Fabric services Rediscovering a fabricDisplaying the event browser Events browserSorting the event browser Filtering the event browser Saving the event browser to a fileWorking with device information and nicknames Devices data windowDisplaying detailed device information Managing device port nicknamesDeleting a nickname Creating a nicknameEditing a nickname Exporting nicknames to a fileZoning concepts Zoning a fabricZones Zone sets Zoning databaseZoning limits and properties Managing the zoning database Editing the zoning databaseMcDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Saving the zoning database to a file Configuring the zoning databaseRestoring the zoning database from a file Managing the active zone set Restoring the default zoning databaseRemoving all zoning definitions Displaying the configured and active zone sets Active zone set data windowRemoving a zone from a zone set Creating a zone setActivating and deactivating a zone set Removing a zone setManaging zones Creating a zone in a zone setRenaming a zone or a zone set Adding zone membersRemoving a zone member Merging fabrics and zoning Zone merge failure recoveryZone merge failure Managing switches Managing user accountsUser Account Administration dialog Add Account tab Creating user accountsUser Account Administration Dialog Remove Account tab Removing a user accountChanging a user account password User Account Administration dialog Change Password tabUser Account Administration dialog Modify Account tab Modifying a user accountConfiguring Radius servers Adding a Radius server Removing a Radius server Editing Radius server information Modifying Radius server authentication order Switch event log Displaying switch informationDevice and Host Bus Adapter information Switch status and operational information Switch data windowMcDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide With a switch Ratov Port performance statistics McDATA Web Server Configured Zonesets data windowPort status and operational information Configuring port threshold alarms Paging a switch Setting the date/time and enabling NTP clientResetting a switch Configuring a switch Switch propertiesDomain ID and domain ID lock Symbolic name SyslogBroadcast support Switch administrative statesIn-band management Advanced switch properties Fabric Device Management InterfaceTimeout values System servicesInterop mode Page Network properties Snmp properties Snmp configuration Snmp trap configurationArchiving a switch Switch bindingRestoring a switch Restoring the factory default configuration Downloading a support file Installing Product Feature Enablement keys Installing firmware Displaying hardware status Hardware status LEDsManaging ports Port information data windowPersistent and will be lost on a switch reset VIEnable and LCFEnable features based on Port statistics data window LIP ALPD,ALPS Alps Viewing and configuring ports Port symbolic namePort states Port types Port transceiver media status Port speedsDevice scan Testing ports Resetting a portPort binding Page Glossary FRU SFP 100 Index 102 System Fault LED 84 system services 104
Top Page Image Contents