No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage 8.0.0 Block Storage Security Configuration Guide 06

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview

Overview

When the storage system communicates with an external entity using the TLS protocol, the storage system acts as a server or client, with support for certificate import. In addition, the storage system obtains the certificate before establishing a TLS connection to complete certificate authentication of the client and server. Table 4-5 describes the TLS communication scenarios.

Table 4-5 Application scenarios

Scenario

Description

How to Obtain a Certificate

Syslog Security Certificate

Refers to a scenario where the storage system communicates with a Syslog server when the Syslog notification function is used. In this scenario, the storage system acts as a client, and the Syslog server acts as a server.

In this scenario, a CA certificate must be imported, but a service certificate is optional.

NOTE:

In this scenario, neither a default service certificate nor a default CA certificate exists.

Purchase a service certificate, CA certificate, and private key file from a third-party organization.

NTP Security Certificate

Refers to a scenario where the storage system communicates with an NTP server when the NTP time synchronization function is used. In this scenario, the storage system acts as a client, and the NTP server acts as a server (NTP synchronization clock source).

In this scenario, a CA certificate must be imported.

NOTE:

In this scenario, neither a default service certificate nor a default CA certificate exists.

Purchase a CA certificate from a third-party organization.

Call Home Security Certificate

Refers to a scenario where the storage system communicates with the technical support center when the Call Home function is used. In this scenario, the storage system acts as a client, and the technical support center acts as a server.

In this scenario, a CA certificate must be imported, but a service certificate is optional.

NOTE:

In this scenario, a default CA certificate exists but a default service certificate does not exist.

Purchase a service certificate, CA certificate, and private key file from a third-party organization.

DeviceManager Security Certificate

Refers to a scenario where an external client communicates with DeviceManager of the storage system. In this scenario, DeviceManager of the storage system acts as a server, and the external browser or third-party system acts as a client.

In this scenario, a service certificate and server CA certificate must be imported, but a client CA certificate is optional.

NOTE:

In this scenario, a default service certificate exists but a default CA certificate does not exist.

Purchase a service certificate, CA certificate, and private key file from a third-party organization.

HyperMetro Arbitration Certificate

Refers to a scenario where the storage system communicates with the quorum server. In this scenario, the storage system acts as a client, and the quorum server acts as a server.

In this scenario, a service certificate and CA certificate must be imported.

NOTE:

In this scenario, a default service certificate and default CA certificate exist.

Purchase a service certificate, CA certificate, and private key file from a third-party organization.

Internal System Service Security Certificate

Refers to a scenario where internal components of the storage system communicate with each other.

In this scenario, a service certificate, private key, and CA certificate must be imported.

NOTE:

In this scenario, a default service certificate and default CA certificate exist.

Purchase a service certificate, CA certificate, and private key file from a third-party organization.

Translation
Download
Updated: 2019-11-14

Document ID: EDOC1100081422

Views: 1531

Downloads: 3

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next