Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP Virtual Connect Firmware
311312313314315316317318319320
Appendix D: Virtual Connect Security 313
Appendix D: Virtual Connect Security
Insecure protocols and secure alternatives
HP recommends using secure alternatives for the following protocols when managing the VC domain:
TFTP
SNMPv1/v2
When the domain is in FIPS mode, these protocols are automatically restricted. For more information about
FIPS mode, see "Virtual Connect FIPS mode of operation (on page 314)."
Telnet and Secure Shell
Telnet sends all traffic across the network in clear text. This includes user names and passwords. If there is any
snooping or sniffing of network traffic, the information can easily be read. HP recommends using SSH
instead of Telnet. SSH uses asymmetric authentication to exchange keys, and then creates a secure encrypted
session before transmitting information.
Use SSH when managing VCM from a terminal.
To import SSH keys, see "SSH Key Administration screen (on page 58)."
HTTP and HTTPS
The Virtual Connect domain is configured through a web browser using HTTPS. HTTPS uses SSL or TLS
protocols to transmit secure traffic.
To configure web SSL, see "Web SSL Configuration screen (on page 59)."
When the domain is in FIPS mode, TLS is the default communication security protocol instead of SSL. To verify
browser settings, see "Configuring browser support (on page 12)."
TFTP and SFTP
TFTP depends on UDP and provides no authentication or encryption. HP recommends using SFTP protocols
to transfer files to and from the VC domain. SFTP provides an encrypted session using public/private keys.
With VC4.10, VCSU 1.9.0 and later, SFTP is used in place of FTP.
The FTP service cannot be disabled on older versions of VC firmware. On VC modules , the FTP service
prohibits write operations. All operations are logged, and anonymous logins are disabled. The FTP user is
handled between the VCSU and the VCM.
Beginning with VC 4.10 and VCSU 1.9.0, the FTP service on VC-Enet modules is disabled by default. The
VCSU software temporarily enables and disables the FTP service during firmware upgrades of older VC
firmware for VC-FC modules as needed. SFTP is now used in more recent versions of VC and VCSU.
When the domain is in FIPS mode, TFTP and FTP are fully restricted ("FIPS mode information and guidelines"
on page 314).