2–Planning Security

IP Security

IP Security provides encryption-based security for IP version 4 and IP version 6 communications through the use of security policies and associations. Policies can define security for host-to-host, host-to-gateway, and gateway-to-gateway connections; one policy for each direction. For example, to secure the connection between two hosts, you need two policies: one for outbound traffic from the source to the destination, and another for inbound traffic to the source from the destination.

A security association defines the encryption algorithm and encryption key to apply when called by a security policy. A security policy may call several associations at different times, but each association is related to only one policy. Consider your IP security requirements.

Port Binding

Port binding provides authorization for a list of up to 32 switch and device WWNs that are permitted to log in to a particular switch port. Switches or devices that are not among the 32 are refused access to the port. Consider what ports to secure and the set of switches and devices that are permitted to log in to those ports. For information about port binding, refer to the SANbox 9000 Series Stackable Chassis Switch Command Line Interface Guide.

Connection Security

Connection security provides an encrypted data path for switch management methods. The switch supports the Secure Shell (SSH) protocol for the command line interface and the Secure Socket Layer (SSL) protocol for management applications such as Enterprise Fabric Suite 2007 and SMI-S.

The SSL handshake process between the workstation and the switch involves the exchanging of certificates. These certificates contain the public and private keys that define the encryption. When the SSL service is enabled, a certificate is automatically created on the switch. The workstation validates the switch certificate by comparing the workstation date and time to the switch certificate creation date and time. For this reason, it is important to synchronize the workstation and switch with the same date, time, and time zone. The switch certificate is valid 24 hours before its creation date and 365 days after its creation date. If the certificate should become invalid, create a new certificate using the Create Certificate command. Refer to the SANbox 9000 Series Stackable Chassis Switch Command Line Interface Guide for information about the Create Certificate CLI command.

59229-05 A

2-13

Page 49
Image 49
Q-Logic 59229-05 A, 9100 manual IP Security, Port Binding, Connection Security

59229-05 A, 9100 specifications

The Q-Logic 9100,59229-05 A is a high-performance networking solution designed to empower data centers and enterprise environments with optimal connectivity and exceptional throughput. As an essential component in modern IT infrastructures, this product stands out due to its advanced feature set and robust technology.

One of the main features of the Q-Logic 9100,59229-05 A is its support for Fibre Channel technology, which is widely recognized for its reliability and speed in storage area networks (SANs). This networking solution facilitates seamless data transfer at high rates, significantly enhancing the performance of storage systems.

Another notable characteristic of the Q-Logic 9100,59229-05 A is its compatibility with various operating systems and virtualization platforms. This versatility allows organizations to integrate it easily into their existing infrastructure, ensuring a smooth transition and minimal downtime. The product also supports multiple protocols, enhancing its utility in diverse environments.

The Q-Logic 9100,59229-05 A employs cutting-edge technologies such as offload capabilities, which reduce CPU overhead, allowing servers to focus on critical applications. By offloading certain tasks from the server's main processor, this solution improves overall system performance and efficiency, aiding in quicker data processing and reduced latency.

Additionally, security features embedded within the Q-Logic 9100,59229-05 A help safeguard sensitive information as it traverses networks. It supports encryption and secure data transportation protocols, ensuring that corporate data remains protected against unauthorized access and breaches.

The adaptability of the Q-Logic 9100,59229-05 A is further exhibited through its support for multiple speeds, allowing organizations to choose the bandwidth that best fits their current needs while maintaining the potential for future upgrades as demands grow.

In conclusion, the Q-Logic 9100,59229-05 A not only excels in speed and performance but also offers a versatile and secure solution suitable for a wide range of data center applications. Its blend of advanced features, robust technology, and adaptability positions it as a valuable asset for organizations looking to enhance their network connectivity and storage capabilities in an increasingly data-driven world.