2–Planning Security

Consider your requirements for connection security: for the command line interface (SSH), management applications such as Enterprise Fabric Suite 2007 (SSL), or both. Access to the device security menu selections in Enterprise Fabric Suite 2007 requires an SSL connection. If an SSL connection security is required, also consider using the Network Time Protocol (NTP) to synchronize workstations and switches.

Device Security

Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands. Device security is configured through the use of security sets and groups.

A group is a list of device worldwide names that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (port), and a third for devices issuing management server commands (MS). ISL groups can be enabled for fabric binding. Fabric binding defines a list of switch domain IDs that are permitted to join the fabric.

A security set is a set of up to three groups with no more than one of each group type. The security configuration is made up of all security sets on the switch. The security database has the following limits:

Maximum number of security sets is 4.

Maximum number of groups is 16.

Maximum number of members in a group is 1000.

Maximum total number of group members is 1000.

In addition to authorization, the switch can be configured to require authentication to validate the identity of the connecting switch, device, or host. Authentication can be performed locally using the switch’s security database, or remotely using a Remote Authentication Dial-In User Service (RADIUS) server such as Microsoft RADIUS. With a RADIUS server, the security database for the entire fabric resides on the server. In this way, the security database can be managed centrally, rather than on each switch. You can configure up to five RADIUS servers to provide failover.

You can configure the RADIUS server to authenticate just the switch or both the switch and the initiator device if the device supports authentication. When using a RADIUS server, every switch in the fabric must have a network connection. A RADIUS server can also be configured to authenticate user accounts as described in “User Account Security” on page 2-12. A secure connection is required to authenticate user logins with a RADIUS server. Refer to “Connection Security” on page 2-13for more information.

2-14

59229-05 A

Page 49 Page 51
Page 50
Image 50
Q-Logic 9100, 59229-05 A manual Device Security
Page 49 Page 51

59229-05 A, 9100 specifications

The Q-Logic 9100,59229-05 A is a high-performance networking solution designed to empower data centers and enterprise environments with optimal connectivity and exceptional throughput. As an essential component in modern IT infrastructures, this product stands out due to its advanced feature set and robust technology.

One of the main features of the Q-Logic 9100,59229-05 A is its support for Fibre Channel technology, which is widely recognized for its reliability and speed in storage area networks (SANs). This networking solution facilitates seamless data transfer at high rates, significantly enhancing the performance of storage systems.

Another notable characteristic of the Q-Logic 9100,59229-05 A is its compatibility with various operating systems and virtualization platforms. This versatility allows organizations to integrate it easily into their existing infrastructure, ensuring a smooth transition and minimal downtime. The product also supports multiple protocols, enhancing its utility in diverse environments.

The Q-Logic 9100,59229-05 A employs cutting-edge technologies such as offload capabilities, which reduce CPU overhead, allowing servers to focus on critical applications. By offloading certain tasks from the server's main processor, this solution improves overall system performance and efficiency, aiding in quicker data processing and reduced latency.

Additionally, security features embedded within the Q-Logic 9100,59229-05 A help safeguard sensitive information as it traverses networks. It supports encryption and secure data transportation protocols, ensuring that corporate data remains protected against unauthorized access and breaches.

The adaptability of the Q-Logic 9100,59229-05 A is further exhibited through its support for multiple speeds, allowing organizations to choose the bandwidth that best fits their current needs while maintaining the potential for future upgrades as demands grow.

In conclusion, the Q-Logic 9100,59229-05 A not only excels in speed and performance but also offers a versatile and secure solution suitable for a wide range of data center applications. Its blend of advanced features, robust technology, and adaptability positions it as a valuable asset for organizations looking to enhance their network connectivity and storage capabilities in an increasingly data-driven world.
Top Page Image Contents