Filter
Top Products
178 Fabric OS Administrator’s Guide
53-1002745-02
Secure Copy
6
Table 22 describes additional software or certificates that you must obtain to deploy secure
protocols.
The security protocols are designed with the four main use cases described in Table 23.
Secure Copy
The Secure Copy protocol (SCP) runs on port 22. It encrypts data during transfer, thereby avoiding
packet sniffers that attempt to extract useful information during data transfer. SCP relies on SSH to
provide authentication and security.
SSH Secure Shell (SSH) is a network protocol that allows data to be exchanged over a secure channel
between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key
cryptography to authenticate the remote computer and allow the remote computer to authenticate the
user, if necessary.
SSL Fabric OS uses Secure Socket Layer (SSL) to support HTTPS. A certificate must be generated and
installed on each switch to enable SSL. Supports SSLv3, 128-bit encryption by default.
TABLE 22 Items needed to deploy secure protocols
Protocol Host side Switch side
SSHv2 Secure shell client None
HTTPS No requirement on host side except a browser
that supports HTTPS
Switch IP certificate for SSL
SCP SSH daemon, SCP server None
SNMPv1, SNMPv2, SNMPv3 None None
TABLE 23 Main security scenarios
Fabric Management interfaces Comments
Nonsecure Nonsecure No special setup is needed to use Telnet or HTTP.
Nonsecure Secure Secure protocols may be used. An SSL switch certificate must be installed if
HTTPS is used.
Secure Secure Switches running earlier Fabric OS versions can be part of the secure fabric,
but they do not support secure management.
Secure management protocols must be configured for each participating
switch. Nonsecure protocols may be disabled on nonparticipating switches.
If SSL is used, then certificates must be installed. For more information on
installing certificates, refer to “Installing a switch certificate” on page 185.
Secure Nonsecure You must use SSH because Telnet is not allowed with some features.
TABLE 21 Secure protocol support (Continued)
Protocol Description