Support User Manuals

Brocade Communications Systems 53-1001778-01 Computer Accessories User Manual

Open as PDF

of 90

Brocade SMI Agent User’s Guide 21

53-1001778-01

SMI Agent security

3

FIGURE 9 User Mapping Configuration dialog box

6. Click Apply.

The value in the Status column changes from Not Persisted to Persisted.

Limitations of SMI-A user-to-switch user mapping

• Indications are not filtered based on the SMI-A user names. Indications related to fabrics for

which the SMI-A user does not have access will still be delivered.

• It is not recommended to map default SMI-A users to a zoneadmin switch user. If default SMI-A

users are mapped to a zoneadmin switch user, then the Brocade SMI Agent Configuration Tool

is unable to display the status of the fabric connection.

• For VF-enabled chassis, read or write access restrictions are not allowed for each logical fabric

separately. If the SMI-A user is mapped to a switch user on a VF-enabled chassis, then the

SMI-A user has the same access privilege for all of the logical fabrics in the chassis.

• For VF-enabled chassis, the switch user mapped in User mapping and Default User mapping

configurations should have access to at least one of the logical fabrics configured in the

VF-enabled chassis.

• The SMI Agent does not restrict access based on the VF list accessible to the switch user in a

VF-enabled chassis. The SMI Agent uses the RBAC permission map of the proxy switch alone.

For switches running Fabric OS 6.3.x or earlier, RBAC restrictions in the SMI Agent cannot be

specific to certain logical fabrics. To get the same RBAC behavior in the SMI Agent for switches

running Fabric OS 6.4.x or later, the chassis role of these switches should not be more access

restrictive than the switch role.

SMI Agent security

This section describes how to use the Brocade SMI Agent Configuration Tool to configure security

options.

• “Mutual authentication setup,” next

• “Configuring mutual authentication for clients” on page 22

• “Configuring mutual authentication for indications” on page 23

• “Configuring HTTP access” on page 24

• “Importing client certificates” on page 25

• “Exporting server certificates” on page 26

• “Viewing or deleting client certificates from SMI-A server truststore” on page 27

• “Configuring user authentication” on page 28

previous next