The storage systems can use SSL encryption for all connection paths, as shown in the following figure and table. The encryption protocol used for SSL encryption is TLS version 1.2.
Note: The cipher suites for RSA key exchange used by SSL communication are set to enabled by default.
- A: Path between the management client and the storage system.
- B: Path between the SVP and the management client.
- C: Path between the SVP and the storage system.
- D: Path between the management client and the storage system.
Management model | Path | Description | Cipher suites |
---|---|---|---|
Using embedded interfaces | A | Between management PC and storage system |
|
Using Device Manager - Storage Navigator | B | Between the SVP and client PC |
|
C | Between the SVP and the storage system |
|
|
D | Between the client PC and storage system |
|
Note: When the TLSv1.0/1.1 communication is disabled, pages might not appear properly depending on the TLS settings of browsers. Perform the following TLS settings of browsers:
- Using Internet Explorer: Click Tool > Internet Option, go to the Advanced tab, and then select Use TLS 1.2.
- Using Firefox: Enter a about:config into the address bar, open the configuration editor (about: config page), and set the value of security.tls.version.max to 3.
- Using Google Chrome: Click Chrome menu > Settings > Show advanced settings > Advanced settings, and then select Use TLS 1.2.
To prevent a man-in-the middle attack, the SSL encryption on path B (between the SVP and storage system) verifies the validity of the connection by using the certificate that was uploaded to the SVP in advance and by using the certificate of the storage system. The same certificate must be uploaded to the SVP and the storage system.
Note:
- If a certificate for the SVP or the storage system is changed, the SVP does not operate normally. Upload the certificate to the storage system before uploading the certificate to the SVP.
- Different certificates can be used to connect to the SVP and web server.
Certificate | Upload destination | Comments |
---|---|---|
A signed certificate of SSL encryption between the SVP and client PC | SVP | N/A |
For connecting to the SVP* | SVP and storage system | If a certificate for the SVP or the storage system was uploaded, the SVP will not operate normally. |
For connecting to the web server* | SVP and storage system | If a certificate for the SVP or storage system was uploaded, the SVP will not operate normally. |
* You can use the same certificate for connecting to the SVP and connecting to the web server. |