3 – Planning
Fabric Security
3-16 59265-00 A
S
Fabric security consists of the following:
Connection Security
User Account Security
Port Binding
Device Security
Connection Security
Connection security provides an encrypted data path for switch management
methods. The switch supports the Secure Shell (SSH) protocol for the command
line interface and the Secure Socket Layer (SSL) protocol for management
applications such as Enterprise Fabric Suite 2007 and SMI-S.
The SSL handshake process between the workstation and the switch involves the
exchanging of certificates. These certificates contain the public and private keys
that define the encryption. When the SSL service is enabled, a certificate is
automatically created on the switch. The workstation validates the switch
certificate by comparing the workstation date and time to the switch certificate
creation date and time. For this reason, it is important to synchronize the
workstation and switch with the same date, time, and time zone. The switch
certificate is valid 24 hours before its creation date and 365 days after its creation
date. If the certificate should become invalid, create a new certificate using the
Create Certificate CLI command. Refer to the SANbox 5802V Fibre Channel
Switch Command Line Interface Guide for information about the Create Certificate
CLI command.
Consider your requirements for connection security: for the command line
interface (SSH), management applications such as Enterprise Fabric Suite 2007
(SSL), or both. Access to the device security menu selections in Enterprise Fabric
Suite 2007 requires an SSL connection. If an SSL connection security is required,
also consider using the Network Time Protocol (NTP) to synchronize workstations
and switches.
NOTE:
You must install the Fabric Security license key to secure connections using
SSH and SSL.