Fabric Security | Q-Logic 5000 instruction

3 – Planning Fabric Security

S

Common Information Model (CIM): Provides for the management of the switch through third-party applications that use the Storage Management Initiative–Specification (SMI-S). The default is enabled.

File Transfer Protocol (FTP): Provides for transferring files rapidly between the workstation and the switch using FTP. The default is enabled.

Management Server (MS): Enables or disables the management of the switch through third-party applications that use GS-3 Management Server. The default is disabled.

3.7

Fabric Security

An effective security profile begins with a security policy that states the requirements. A threat analysis is needed to define the plan of action followed by an implementation that meets the security policy requirements. Internet portals, such as remote access and E-mail, usually present the greatest threats. Fabric security should also be considered in defining the security policy.

Most fabrics are located at a single site and are protected by physical security, such as key-code locked computer rooms. For these cases, security methods such as user passwords for equipment and zoning for controlling device access, are satisfactory.

Fabric security is needed when security policy requirements are more demanding: for example, when fabrics span multiple locations and traditional physical protection is insufficient to protect the IT infrastructure. Another benefit of fabric security is that it creates a structure that helps prevent unintended changes to the fabric.

Fabric security consists of the following:

Connection Security

User Account Security

Port Binding

Device Security

3-16	59096-04 A

Image 56

Q-Logic 5000 manual Fabric Security

Contents

SANbox 5000 Series Fibre Channel Switch Installation Guide Document Revision History Table of Contents Section Planning Section Installation Section Removal/Replacement List of Figures Page Introduction Intended Audience Related Materials New in this Release Safety Notices Sicherheitshinweise Communications Statements Federal Communications Commission FCC Class a Statement CE Statement Vcci Class a Statement MIC Class a Statement model 5200 only Laser Safety Information Electrostatic Discharge Sensitivity Esds Precautions Zugängliche Teile Accessible PartsPièces Accessibles General Public License Preamble 13.2 Introduction General Public License Introduction General Public License Introduction General Public License Introduction General Public License How to Apply These Terms to Your New Programs Copyright C yyyy name of author Training Technical SupportAvailability Contact Information Support Headquarters General Description Chassis Controls and LEDs Maintenance ButtonResetting a Switch Placing the Switch in Maintenance Mode Chassis LEDs Heartbeat LED Green Input Power LED GreenSystem Fault LED Amber Fibre Channel Ports Fibre Channel Ports Port Activity LED Green Port LEDsPort Logged-In LED Green Transceivers Port Types Ethernet Port Ethernet Port Serial Port Serial Port Pin Identification Power Supplies and Fans Model 5202/5602 Switch Power Supplies Switch Management QuickTools Web Applet Application Programming Interface Command Line InterfaceEnterprise Fabric Suite File Transfer Protocols Storage Management Initiative-Specification SMI-SSimple Network Management Protocol General Description Switch Management 59096-04 a Planning Devices Device Access Performance Zoning Database Limits Distance Extended Credit Distances and Cable Lengths Bandwidth Latency Feature Licensing Multiple Chassis Fabrics Optimizing Device Performance Domain ID, Principal Priority, and Domain ID Lock Two-Switch Stack Stacking Four-Switch Stack Six Switch Stack Common Topologies Cascade Topology Cascade-with-a-Loop Topology Mesh Topology Mesh Topology MultiStage Topology Multistage Topology Switch Services Fabric Security Connection Security User Account Security Port Binding Device Security Security Example Switches and HBAs with Authentication Security Example Switches and HBAs HBA1 ISL Group on Switch1 GroupISL1 Security Example Radius Server 10. Security Example Radius Server Radius1 Configuration on Switch1 and Switch2 HBA1 Save and activate SecuritySet2 on Switch2 Security Example Host Authentication 11. Security Example Management Server MS Group Group1 Fabric Management Planning Fabric Management 59096-04 a Installation Site Requirements Environmental Conditions Switch Power RequirementsFabric Management Workstation Installing a Switch Mount the Switch Avertissement Mounting the Model 5200/5600 Switch in a Rack without Rails Install Transceivers Removing 10-Gbps Port Covers Configure the Workstation Choose Make New Connection Configuring the Workstation Serial Port Connect the Workstation to the Switch Workstation Cable Connections Connect the Switch to AC Power Installation Installing a Switch Installation Installing a Switch Configure the Switch Configuration Wizard Prompts Telnet 10.0.0.1 Switch Login admin Password Cable Devices to the Switch Installing Firmware Installation Installing Firmware One-Step Firmware Installation Using QuickTools to Install FirmwareUsing the CLI to Install Firmware Enter the password for your account name FTP only Custom Firmware Installation Adding a Switch to an Existing Fabric Installing Feature License Keys Installation Installing Feature License Keys 59096-04 a Diagnostics/Troubleshooting Chassis Diagnostics Input Power LED Is Extinguished System Fault LED Is Illuminated Power-On Self Test Diagnostics Heartbeat LED Blink Patterns Fatal Post Error Blink Pattern Internal Firmware Failure Blink Pattern Configuration File System Error Blink Pattern Over Temperature Blink Pattern Logged-In LED Indications Logged-In LED EPort Isolation Excessive Port Errors Diagnostics/Troubleshooting Power-On Self Test Diagnostics Transceiver Diagnostics Power Supply Diagnostics Model 5202/5602 Switch Power Supply LEDs Recovering a Switch Using Maintenance Mode Exiting the Maintenance Menu Unpacking a Firmware Image File in Maintenance Mode Resetting the Network Configuration in Maintenance Mode Resetting User Accounts in Maintenance ModeCopying Log Files in Maintenance Mode Removing the Switch Configuration in Maintenance Mode Updating the Boot Loader in Maintenance Mode Remaking the File System in Maintenance ModeResetting the Switch in Maintenance Mode Removal/Replacement SFP Transceiver Removal and Replacement Power Supply Removal and Replacement Power Supply Removal Power Supply Installation Page Specifications Fabric Specifications Specifications Fabric Specifications Maintainability Dimensions Snmp FTP Tftp Electrical Environmental Regulatory Certifications Glossary Fdmi FRU MIB WWN Page Index Index-2 59096-04 a LED Index-4 59096-04 a 59096-04 a Index-5