User Manual
Table Of Contents
- Contents
- About this guide
- Using McDATA Web Server/Element Manager
- Managing Fabrics
- Securing a fabric
- Security consistency checklist
- Connection security
- User account security
- Remote authentication
- Device security
- Edit Security dialog
- Create Security Set dialog
- Create Security Group dialog
- Create Security Group Member dialog
- Editing the security configuration on a switch
- Viewing properties of a security set, group, or member
- Security Config dialog
- Archiving a security configuration to a file
- Activating a security set
- Deactivating a security set
- Configured Security data window
- Active Security data window
- Fabric services
- Rediscovering a fabric
- Displaying the event browser
- Working with device information and nicknames
- Zoning a fabric
- Zoning concepts
- Managing the zoning database
- Managing the active zone set
- Managing zones
- Merging fabrics and zoning
- Securing a fabric
- Managing switches
- Managing user accounts
- Configuring RADIUS servers
- Displaying switch information
- Configuring port threshold alarms
- Paging a switch
- Setting the date/time and enabling NTP client
- Resetting a switch
- Configuring a switch
- Archiving a switch
- Switch binding
- Restoring a switch
- Restoring the factory default configuration
- Downloading a support file
- Installing Product Feature Enablement keys
- Installing firmware
- Displaying hardware status
- Managing ports
- Glossary
- Index
McDATA® 4Gb SAN Switch for HP p-Class BladeSystem user guide 23
Device security
IMPORTANT: Device security is available only with the McDATA SANtegrity™ Enhanced PFE key and can
be managed only with the CLI and Element Manager. Element Manager also requires a PFE key. See
”Installing Product Feature Enablement keys” on page 82 for more information about installing a PFE key.
To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions on
the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the web
at: www.webkey.external.hp.com
.
Device security provides for the authorization and authentication of devices that you attach to a switch. You
can configure a switch with a group of devices against which the switch authorizes new attachments by
devices, other switches, or devices issuing management server commands. Device security is configured
through the use of security sets and groups. A group is a list of device worldwide names that are
authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for
devices (port), and a third for devices issuing management server commands (MS). A security set is a set of
up to three groups with no more than one of each group type. The security configuration is made up of all
security sets on the switch.
In addition to authorization, the switch can be configured to require authentication to validate the identity
of the connecting switch, device, or host. Authentication can be performed locally using the switch security
database, or remotely using a RADIUS server. With a RADIUS server, the security database for the entire
fabric resides on the server. In this way, the security database can be managed centrally, rather than on
each switch. You can configure up to five RADIUS servers to provide failover.
You can configure the RADIUS server to authenticate just the switch or both the switch and the initiator
device if the device supports authentication. When using a RADIUS server, every switch in the fabric must
have a network connection. A RADIUS server can also be configured to authenticate user accounts.
Managing device security involves the following tasks:
• Creating security sets, groups, and members
• Editing a security configuration on a switch
• Viewing properties of a security set, group, or member
• Archiving a security configuration on a switch to a file
• Activating and deactivating a security set
The security database is made up of all security sets on the switch. The security database has the following
limits:
• Maximum number of security sets is 4.
• Maximum number of security groups is 16.
• Maximum number of members in a group is 1000.
• Maximum total number of group members is 1000.