The storage systems can use SSL encryption for all connection paths, as shown in the following figure and table. The encryption protocol used for SSL encryption is TLS version 1.2.
Note: The cipher suites for RSA key exchange used by SSL communication are set to enabled by default.
- A: Path between the management client and the storage system.
- B: Path between the SVP and the management client.
- C: Path between the SVP and the storage system.
- D: Path between the management client and the storage system.
Management model | Path | Description | Cipher suites |
---|---|---|---|
Using embedded interfaces | A | Between management PC and storage system |
For VSP E series:
For VSP G130, G/F350, G/F370, G/F700, G/F900 when the cipher suites for RSA key exchange are enabled:
If either of these two cipher suites is selected, you can use the following cipher suites:
If both of these two cipher suites are not selected, you can use the following cipher suites:
|
Using Device Manager - Storage Navigator | B | Between the SVP and client PC |
For VSP E series:
For VSP G130, G/F350, G/F370, G/F700, G/F900 when the cipher suites for RSA key exchange are enabled (default):
For VSP G130, G/F350, G/F370, G/F700, G/F900 when the cipher suites for RSA key exchange are disabled:
|
C | Between the SVP and the storage system |
For VSP E series:
For VSP G130, G/F350, G/F370, G/F700, G/F900 you can select the following cipher suites or select not to use both cipher suites in the maintenance utility:
You can specify the following cipher suites, regardless of the setting in Maintenance Utility:
|
|
D | Between the client PC and storage system |
For VSP E series:
For VSP G130, G/F350, G/F370, G/F700, G/F900:
|
Note: When the TLSv1.0/1.1 communication is disabled, pages might not appear properly depending on the TLS settings of browsers. Perform the following TLS settings of browsers:
- Using Internet Explorer: Click , go to the Advanced tab, and then select Use TLS 1.2.
- Using Firefox: Enter a about:config into the address bar, open the configuration editor (about: config page) and set the value of security.tls.version.max to 3.
- Using Google Chrome: Click , and then select Use TLS 1.2.
To prevent a man-in-the middle attack, the SSL encryption on path B (between the SVP and storage system) verifies the validity of the connection by using the certificate that was uploaded to the SVP in advance and by using the certificate of the storage system. The same certificate must be uploaded to the SVP and the storage system.
Note:
- If a certificate for the SVP or the storage system is changed, the SVP does not operate normally. Upload the certificate to the storage system before uploading the certificate to the SVP.
- Different certificates can be used to connect to the SVP and web server.
Certificate | Upload destination | Comments |
A signed certificate of SSL encryption between the SVP and client PC | SVP | N/A |
For connecting to the SVP | SVP and storage system | If a certificate for the SVP or the storage system was uploaded, the SVP will not operate normally. |
For connecting to the web server | SVP and storage system | If a certificate for the SVP or storage system was uploaded, the SVP will not operate normally. |