3 – Managing FabricsSecuring a Fabric59097-02 B 3-7A3.2Securing a FabricFabric security consists of the following: Connection Security User Account Security Security Consistency Checklist Device Security Fabric Services3.2.1Connection SecurityConnection security provides an encrypted data path for switch managementmethods. The switch supports the Secure Shell (SSH) protocol for the commandline interface and the Secure Socket Layer (SSL) protocol for managementapplications such as SANsurfer Switch Manager and Common InformationModule (CIM).The SSL handshake process between the workstation and the switch involves theexchanging of certificates. These certificates contain the public and private keysthat define the encryption. The switch certificate is valid for one year beginningwith its creation date and time. The workstation validates the switch certificate bycomparing the workstation date and time to the switch certificate creation date andtime. For this reason, it is important to snychronize the workstation and switch withthe same date, time, and time zone. If a certificate has not been created by theuser, the switch will automatically create one.Consider your requirements for connection security: for the command lineinterface (SSH), management applications such as SANsurfer Switch Manager(SSL), or both. If SSL connection security is required, also consider using theNetwork Time Protocol (NTP) to synchronize workstations and switches.
