Sun Microsystems 5802 用户手册
80
Enterprise Fabric Suite 2007 User Guide • September 2008
Connection Security
Connection security provides an encrypted data path for switch management
methods. The switch supports the Secure Shell (SSH) protocol for the command line
interface and the Secure Socket Layer (SSL) protocol for management applications
such as Enterprise Fabric Suite 2007 and Common Information Module (CIM).
methods. The switch supports the Secure Shell (SSH) protocol for the command line
interface and the Secure Socket Layer (SSL) protocol for management applications
such as Enterprise Fabric Suite 2007 and Common Information Module (CIM).
The SSL handshake process between the workstation and the switch involves the
exchanging of certificates. These certificates contain the public and private keys that
define the encryption. The switch certificate is valid for one year beginning with its
creation date and time. The workstation validates the switch certificate by
comparing the workstation date and time to the switch certificate creation date and
time. For this reason, it is important to synchronize the workstation and switch with
the same date, time, and time zone. If a certificate has not been created by the user,
the switch will automatically create one.
exchanging of certificates. These certificates contain the public and private keys that
define the encryption. The switch certificate is valid for one year beginning with its
creation date and time. The workstation validates the switch certificate by
comparing the workstation date and time to the switch certificate creation date and
time. For this reason, it is important to synchronize the workstation and switch with
the same date, time, and time zone. If a certificate has not been created by the user,
the switch will automatically create one.
Consider your requirements for connection security: for the command line interface
(SSH), management applications such as Enterprise Fabric Suite 2007 (SSL), or both.
If SSL connection security is required, also consider using the Network Time
Protocol (NTP) to synchronize workstations and switches.
(SSH), management applications such as Enterprise Fabric Suite 2007 (SSL), or both.
If SSL connection security is required, also consider using the Network Time
Protocol (NTP) to synchronize workstations and switches.
User Account Security
User account security is the process by which your user account and password are
authenticated with the list of valid user accounts and passwords. The switch
validates your account and password when you attempt to add a fabric using
Enterprise Fabric Suite 2007 or log in to a switch through Telnet. Your system
administrator defines accounts, passwords, and authority levels that are stored on
the switch. Refer to
authenticated with the list of valid user accounts and passwords. The switch
validates your account and password when you attempt to add a fabric using
Enterprise Fabric Suite 2007 or log in to a switch through Telnet. Your system
administrator defines accounts, passwords, and authority levels that are stored on
the switch. Refer to
for more information.
The Admin account possesses Admin authority which grants full access to all tasks
of the Enterprise Fabric Suite 2007 menu system. The switch validates your user
account and Enterprise Fabric Suite 2007 grants access to its menus according to
your authority level. If you do not have Admin authority, you are limited to
monitoring tasks.
of the Enterprise Fabric Suite 2007 menu system. The switch validates your user
account and Enterprise Fabric Suite 2007 grants access to its menus according to
your authority level. If you do not have Admin authority, you are limited to
monitoring tasks.
Note –
If a user is logged into a switch using Enterprise Fabric Suite 2007 or CLI,
and an administrator changes user access rights and passwords, existing logins will
not be affected by the new settings. Login access and privileges are only checked for
a new login request.
not be affected by the new settings. Login access and privileges are only checked for
a new login request.