Chapter 11: Setting up SSL encryption
You can set up a Secure Sockets Layer (SSL) connection between the storage system and
the SVP.
SSL encrypts the Hitachi Device Manager - Storage Navigator user ID and password
exchanged between the storage system and SVP.
About SSL
SSL is a protocol for transmitting data securely over the Internet. Two SSL-enabled peers
use their private key and public key to establish a secure communication session, with
each peer encrypting transmitted data with a randomly generated and agreed-upon
symmetric key.
The following terms are associated with SSL:
■
Keypair: A keypair is two mathematically related cryptographic keys consisting of a
private key and its associated public key.
■
Server certicate: A server certicate forms an association between an identity (in this
case, the SVP server) and a specic public key and private key. A server certicate is
used to identify the SVP server to a client, so that the server and client can
communicate using SSL. Certicates can be self-signed or issued by a certicate
authority (CA). Self-signed certicates are generated by you, and the subject of the
certicate is the same as the issuer of the certicate. A client PC and SVP on an
internal LAN behind a rewall might provide sucient security. Certicates issued by
the CA are signed and trusted server certicates, where a Certicate Signing Request
(CSR) is sent to and certied by a trusted CA such as VeriSign. Using a certicate from
a CA provides higher reliability than a self-signed certicate, but is also more
expensive and can include several requirements.
SSL encryption of the storage system
The storage system uses SSL encryption for three connection paths. These paths are
designated A to C in the following table and gure.
Chapter 11: Setting up SSL encryption
Service Processor Technical Reference 197
To Next Page
Loading...
