HP AARTDZHTE/958000284008 manual Enhanced SANtegrity Security Suite, Standard features

Page 16

The Zone FlexPar feature is available in both Open Fabric 1.0 and Homogeneous Fabric 1.0 Interop modes, as well as in environments with loop-attached devices. In Homogeneous Fabric 1.0 mode, the default zone is treated like any other zone, and RSCNs are sent only to the affected devices if the default zone is enabled or disabled. A PFE key is not required for the Zone FlexPar feature, and it can be enabled or disabled through CLI for a specific switch. When upgrading to firmware 07.01.02-4 or installing

anew switch with firmware 07.01.02-4 the feature is enabled by default, allowing it to work immediately. If the Zone FlexPar feature is not enabled on all switches in the fabric, the restricted RSCN distribution only applies for devices attached to switches with the feature enabled.

Enhanced SANtegrity Security Suite

SANtegrity Security Suite enhanced features include authentication support for device login, interswitch connections and management interfaces. The Secure Access features are included as a standard part of the SANtegrity Security Suite in firmware 07.01.02–4.

Standard features

The following SANtegrity features do not require a license or SANtegrity Binding.

CHAP Authentication for HAFM/SWAPI—This provides authentication of connections from the HAFM appliance service processor and SWAPI Direct Connect. This ensures that requested HAFM management sessions or SWAPI Direct Connect sessions are from a trusted source.

Encryption of Passwords and Secrets Shared with HAFM—All secrets and password information are passed in encrypted format for greater security. This prevents “snooping” of Ethernet connection to capture user login and authentication secret information.

RADIUS Server Support—This provides support for IETF RADIUS (Remote Authentication Dial In User Service) protocol for password authentication. Firmware 07.01.02-4 allows users to configure settings for using a RADIUS server. RADIUS provides centralized authentication services for multiple devices on a network. This means that several switches can be configured to use a single RADIUS server.

Prompted Change of EWS and CLI Passwords from Default—This prompts users to modify the password settings for both the CLI and EWS interfaces the first time they log in using either of these interfaces.

RBAC Phase I: Enhanced User Rights Configuration—RBAC is role based access control. This is the first phase of more comprehensive role-based access control planned for the CLI and EWS interfaces. Multiple users can now be configured for EWS or CLI, or both, through either interface. This allows users to configure additional user name/password combinations.

SSH for CLI—Secure Shell (SSH) provides an encrypted connection, as an alternative to Telnet, to secure CLI access to switches and directors.

14

Image 16
Contents HP StorageWorks Edge Switch release notes Edge Switch release notes Intended audience Release notes informationFirmware version Other edge switch documentation CD-ROM directory structure Supported configurations Important information Cable requirementsMinor Code Enhancements and Fixes in fw Occasional Ethernet hang issue is resolved Features not supported in this releaseDocumentation released with firmware 07.00.00 and Hafm HP and McDATA terminology Hafm and firmware compatibility Hafm and firmware compatibilityPrerequisites for installing and using firmware Upgrading from an earlier version of firmwareUpgrading firmware on an edge switch from 04.xx.xx to Considerations for downgrading the version of firmwareEdge Switch release notes Hafm upgrade required for firmware version Zone FlexPar feature Standard features Enhanced SANtegrity Security SuiteAdvanced Fabric Diagnostics ISL fencingOsms change Default zone is disabled by defaultSome IP addresses must be avoided Zoning change Rscn control Hard zoningSnmp changes Using the same firmware Zoning limitationsReinstalling feature licenses Disconnecting the null modem cableEthernet switch support CTP controls port lightsCLI show.eventLog command CLI threshold alertsMihpto value EWS enhancementsChanging password in CLI BBCredit Allocation for portsNvram caching Robust large fabricsKnown issues Full-fabric capability for Edge Switch 2/12HSG80 transparent mode not supported with IBM AIX WorkaroundSupport for speed Auto-Negotiate Snmp issues Ports may accumulate spurious events