Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP Virtual Connect Firmware
311312313314315316317318319320
Appendix D: Virtual Connect Security 314
SNMPv1/v2 and SNMPv3
SNMPv1 and v2 use community strings for read and write access on SNMP enabled devices. These
community strings are sent as clear text and can be easily read.
VCM supports read only SNMP access. No changes can be made to VCM using SNMP. VCM also supports
SNMP access controls, so when SNMP management devices send SNMP queries, VC administrators can
specify which queries to respond to.
HP recommends using SNMPv3 as the network management protocol. SNMPv3 uses asymmetric
cryptography to encrypt SNMP traffic and requires user names for authentication.
For more information about configuring SNMP, see "Managing SNMP (on page 31)."
When the domain is in FIPS mode, SNMPv1 and v2 are disabled ("FIPS mode information and guidelines"
on page 314).
Access control
Access to the Virtual Connect Manager is controlled by the following authentication methods:
Local
LDAP
RADIUS
TACACS+
To configure user access, see "Virtual Connect users and roles (on page 65)."
When the domain is in FIPS mode, RADIUS and TACACS+ authentication is disabled.
Virtual Connect FIPS mode of operation
Beginning with version 4.30, Virtual Connect supports FIPS 140-2 Level 1 security requirements. Enabling
FIPS mode requires the use of secure protocols, standards, and procedures within the VC domain. The Virtual
Connect FIPS certification is currently based on the standards described in Federal Information Processing
Standards Publication 140-2 (http://csrc.nist.gov/publications/PubsFIPS.html).
The term FIPS mode is used throughout this document to describe the feature, not the validation status. For
information about current FIPS status of this or any other firmware version, see the following documents:
Cryptographic Module Validation Program FIPS 140-1 and FIPS 140-2 Modules In Process List
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf)
FIPS 140-1 and FIPS 140-2 Vendor List
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm)
FIPS mode information and guidelines
Before enabling FIPS mode, observe the following information:
The OA should be enabled with FIPS mode before VCM.
If FIPS mode cannot be set on the OA, perform the following procedures before enabling FIPS mode on
VCM: