Fabric Security

Device Security

NOTE: Device security is available only with the McDATA SANtegrity Enhanced Product Features Enabled (PFE) key. Refer to EFCM Basic Management Guide for information about installing a PFE key. For additional McDATA PFE keys, please contact your McDATA representative or visit the web site at www.mcdata.com.

Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands. Device security is configured through the use of security sets and groups. A group is a list of device worldwide names that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (port), and a third for devices issuing management server commands (MS). A security set is a set of up to three groups with no more than one of each group type. The security configuration is made up of all security sets on the switch. The security database has the following limits:

Maximum number of security sets is 4.

Maximum number of groups is 16.

Maximum number of members in a group is 1000.

Maximum total number of group members is 1000.

In addition to authorization, the switch can be configured to require authentication to validate the identity of the connecting switch, device, or host. Authentication can be performed locally using the switch’s security database, or remotely using a Remote Dial-In User Service (RADIUS) server such as Microsoft® RADIUS. With a RADIUS server, the security database for the entire fabric resides on the server. In this way, the security database can be managed centrally, rather than on each switch module. You can configure up to five RADIUS servers to provide failover.

You can configure the RADIUS server to authenticate just the switch module or both the switch module and the initiator device if the device supports authentication. When using a RADIUS server, every switch in the fabric must have a network connection. A RADIUS server can also be configured to authenticate user accounts as described in “User Account Security” on page 2-12. A secure connection is required to authenticate user logins with a RADIUS server. Refer to “Connection Security” on page 2-10for more information.

Consider the devices, switches, and management agents and evaluate the need for authorization and authentication. Also consider whether the security database is to distributed on the switches or centralized on a RADIUS server and how many servers to configure.

Planning

2-11

Page 31
Image 31
McDATA 4314 manual Device Security

4314 specifications

The McDATA 4314 is a highly regarded Fibre Channel switch designed for enterprise storage area networks (SANs). This switch is particularly known for its reliability, high performance, and scalability. As part of McDATA's extensive range of networking products, the 4314 stands out for its ability to meet the demands of modern data centers, providing seamless connectivity for numerous storage and server devices.

One of the main features of the McDATA 4314 is its robust architecture, which supports up to 32 ports. This enables a flexible configuration that can easily scale as the needs of the organization grow. The switch is characterized by its ability to handle both FC-AL and FC-SW protocols, thus providing compatibility with a wide range of existing Fibre Channel devices. This versatility makes it ideal for organizations looking to enhance their existing infrastructure without the need for a complete overhaul.

In terms of performance, the McDATA 4314 supports high bandwidth requirements, with each port capable of delivering up to 4 Gbps. This high throughput is critical for data-intensive applications, ensuring low latency access to data stored on SAN devices. Additionally, the switch incorporates advanced technologies such as dynamic load balancing and intelligent pathing, which further optimize traffic flow and enhance overall system performance.

Security is a key consideration in any data center environment, and the McDATA 4314 addresses this with features such as zoning and masking. These capabilities ensure that only authorized devices can access specific data, safeguarding sensitive information from potential breaches. Moreover, the switch supports management protocols like SNMP (Simple Network Management Protocol), allowing for seamless integration into existing network management systems and enabling administrators to monitor performance and troubleshoot efficiently.

In terms of characteristics, the McDATA 4314 is designed for high availability, with redundant components that minimize downtime in critical environments. Furthermore, its compact form factor allows for efficient rack space utilization, making it a practical choice for organizations with space constraints.

Overall, the McDATA 4314 Fibre Channel switch provides a combination of performance, reliability, and scalability, making it an ideal choice for enterprise environments. Its advanced features and robust design ensure that organizations can maintain high levels of performance while effectively managing their storage networks. Whether supporting virtualized environments or managing extensive data storage, the McDATA 4314 is a valuable asset for any data center infrastructure.