Secure copy, Table 22, Table 23 – Dell POWEREDGE M1000E User Manual

Page 178

Advertising
background image

178

Fabric OS Administrator’s Guide

53-1002745-02

Secure Copy

6

Table 22

describes additional software or certificates that you must obtain to deploy secure

protocols.

The security protocols are designed with the four main use cases described in

Table 23

.

Secure Copy

The Secure Copy protocol (SCP) runs on port 22. It encrypts data during transfer, thereby avoiding
packet sniffers that attempt to extract useful information during data transfer. SCP relies on SSH to
provide authentication and security.

SSH

Secure Shell (SSH) is a network protocol that allows data to be exchanged over a secure channel
between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key
cryptography to authenticate the remote computer and allow the remote computer to authenticate the
user, if necessary.

SSL

Fabric OS uses Secure Socket Layer (SSL) to support HTTPS. A certificate must be generated and
installed on each switch to enable SSL. Supports SSLv3, 128-bit encryption by default.

TABLE 22

Items needed to deploy secure protocols

Protocol

Host side

Switch side

SSHv2

Secure shell client

None

HTTPS

No requirement on host side except a browser
that supports HTTPS

Switch IP certificate for SSL

SCP

SSH daemon, SCP server

None

SNMPv1, SNMPv2, SNMPv3

None

None

TABLE 23

Main security scenarios

Fabric

Management interfaces Comments

Nonsecure

Nonsecure

No special setup is needed to use Telnet or HTTP.

Nonsecure

Secure

Secure protocols may be used. An SSL switch certificate must be installed if
HTTPS is used.

Secure

Secure

Switches running earlier Fabric OS versions can be part of the secure fabric,
but they do not support secure management.
Secure management protocols must be configured for each participating
switch. Nonsecure protocols may be disabled on nonparticipating switches.
If SSL is used, then certificates must be installed. For more information on
installing certificates, refer to

“Installing a switch certificate”

on page 185.

Secure

Nonsecure

You must use SSH because Telnet is not allowed with some features.

TABLE 21

Secure protocol support (Continued)

Protocol Description

Advertising