Manualshelf

Web Tools Administrator's Guide (53-1001772-01, June 2010)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class
231232233234235236237238239240
Web Tools Administrator’s Guide 207
53-1001772-01
DRAFT: BROCADE CONFIDENTIAL
Chapter
17
Configuring Standard Security Features
In this chapter
User-defined accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Access control list policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Fabric-Wide Consistency Policy configuration . . . . . . . . . . . . . . . . . . . . . . . 218
Authentication policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
SNMP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
RADIUS management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Active Directory service management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
IPsec concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
IPsec over FCIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
IPsec over management ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Establishing authentication policies for HBAs. . . . . . . . . . . . . . . . . . . . . . . 241
User-defined accounts
In addition to the default accounts—root, factory, admin, and user—Fabric OS supports up to 256
user-defined accounts in each logical switch (domain). These accounts expand your ability to track
account access and audit administrative activities.
When the Virtual Fabrics capability is enabled, each user-defined account is associated with the
following:
Virtual Fabric ID—Specifies the accessible Virtual Fabrics for a user account.
Home Virtual Fabric—Specifies the default Virtual Fabric for a user account.
Role—Determines functional access levels within the Virtual Fabric.
When the Admin Domain capability is enabled, each user-defined account is associated with the
following:
Admin Domain list—Specifies the accessible Admin Domains for a user account.
Home Admin Domain—Specifies the default Admin Domain for a user account. The home
Admin Domain must be a member of the user’s Admin Domain list.
Role—Determines functional access levels within the bounds of the user’s current Admin
Domain.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive.