Managing fabric security, Connection security, User account security – HP H-series Enterprise Fabric Management Suite Software User Manual
Page 65: 4 managing fabric security, 4managing fabric security
HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabric Management Suite User Guide
65
4
Managing Fabric Security
This chapter describes connection security and user account security concepts. It also describes the tasks to
configure port security, device security, and RADIUS servers.
Connection security
Connection security provides an encrypted data path for switch management methods. The switch supports
the Secure Shell (SSH) protocol for the command line interface and the Secure Socket Layer (SSL) protocol
for management applications such as Enterprise Fabric Management Suite and Common Information
Module (CIM). For information about enabling SSH, SSL, and CIM services, see ”
The SSL handshake process between the workstation and the switch involves the exchanging of certificates,
which contain the public and private keys that define the encryption. The switch certificate is valid for one
year beginning with its creation date and time. The workstation validates the switch certificate by
comparing the workstation date and time to the switch certificate creation date and time. For this reason, it
is important to synchronize the workstation and switch with the same date, time, and time zone. If you do
not create a certificate, the switch automatically creates one.
Consider your requirements for connection security: for the command line interface (SSH), management
applications such as Enterprise Fabric Management Suite (SSL), or both. If SSL connection security is
required, also consider using the Network Time Protocol (NTP) to synchronize workstations and switches.
User account security
User account security is the process by which your user account and password are authenticated with the
list of valid user accounts and passwords. The switch validates your account and password when you
attempt to add a fabric using Enterprise Fabric Management Suite or log in to a switch through Telnet. Your
system administrator defines accounts, passwords, and authority levels that are stored on the switch. For
information about creating user accounts, see ”
The Admin account has Admin authority, which grants full access to all tasks of the Enterprise Fabric
Management Suite menu system. The switch validates your user account, and Enterprise Fabric
Management Suite grants access to its menus. If you do not have Admin authority, you are limited to
monitoring tasks.
NOTE:
If an administrator changes user access rights and passwords, existing Enterprise Fabric
Management Suite, QuickTools, and CLI logins are not affected by the new settings. Login access and
privileges are only checked for a new login request.