0

3 – Managing Fabrics

 

 

Securing a Fabric

 

 

 

 

3.2

Securing a Fabric

Fabric security consists of the following:

„Connection Security

„User Account Security

„Security Consistency Checklist

„Device Security

„Fabric Services

3.2.1

Connection Security

Connection security provides an encrypted data path for switch management methods. The switch supports the Secure Shell (SSH) protocol for the command line interface and the Secure Socket Layer (SSL) protocol for management applications such as SANsurfer Switch Manager and Common Information Module (CIM).

The SSL handshake process between the workstation and the switch involves the exchanging of certificates. These certificates contain the public and private keys that define the encryption. The switch certificate is valid for one year beginning with its creation date and time. The workstation validates the switch certificate by comparing the workstation date and time to the switch certificate creation date and time. For this reason, it is important to snychronize the workstation and switch with the same date, time, and time zone. If a certificate has not been created by the user, the switch will automatically create one.

Consider your requirements for connection security: for the command line interface (SSH), management applications such as SANsurfer Switch Manager (SSL), or both. If SSL connection security is required, also consider using the Network Time Protocol (NTP) to synchronize workstations and switches.

59097-01 A

3-7

Page 53
Image 53
Sun Microsystems 5602 manual Securing a Fabric, Connection Security, Fabric security consists of the following