Skip to main content
Outside service Partner
Hitachi Vantara Knowledge

Setting network security


The Network Security page in the HCP System Management Console lets you allow or prevent these services on HCP nodes:

Ping — When you enable this service, you can use ping to check network connectivity to HCP nodes.

SSH login by authorized service and support representatives — Enabling SSH facilitates troubleshooting when you request support.

Node Status — When you enable this service, you can use enable node status commands to check the health of your nodes.

3DES Ciphers — Enabling this service allows the system to use the Triple-DES cipher algorithm for data encryption. The more secure option is disabling this service.

SSL renegotiation — When you enable this service, you can allow SSL renegotiation. The more secure option is disabling this service.

Restrict anonymous access with CIFS — Enabling this service prevents anonymous users from using CIFS to access namespaces on this system. Tenant-level administrators can override this setting for individual namespaces.

Prevent data access with SMBv1 — When you enable this service, you can prevent users from using the SMBv1 protocol for data access with CIFS.

Minimum Security Protocol — This service allows you to set the minimum security protocol supported for front-end communications. The recommended minimum security protocol is TLSv1.2.

To display the Network Security page:

1.In the top-level menu in the System Management Console, mouse over Security to display a secondary menu.

2.In the secondary menu, click on Network Security.

RoleWebHelp.png

Roles: To view the Network Security page, you need the monitor or administrator role. To change network security settings, you need the administrator role.

To enable or disable these services on HCP nodes:

1.On the Network Security page:

oTo allow HCP nodes to respond to ping requests, select the Enable ping option. To prevent HCP nodes from responding to ping requests, deselect this option.

oTo allow authorized service and support representatives to use SSH to log into HCP nodes, select the Enable SSH option. To prevent the use of SSH for access to HCP nodes, deselect this option.

o To allow HCP nodes to respond to the node status requests, select the Enable Node Status option. To prevent HCP nodes from responding to Enable Node Status requests, deselect this option.

oTo allow the system to use the Triple-DES cipher algorithm for data encryption, select the Enable 3DES Ciphers option. To prevent the use of Triple-DES ciphers, deselect this option.

oTo allow SSL renegotiation, select the Enable SSL renegotiation option. To prevent SSL renegotiation, deselect this option.

oTo prevent anonymous users from using CIFS to access namespaces on this system, select the Restrict anonymous access with CIFS option. To allow anonymous access with CIFS, deselect this option.

oTo prevent users from using the SMBv1 protocol for data access with CIFS, select the Prevent data access with SMBv1 option. To allow the usage of the SMBv1 protocol for data access with CIFS, deselect this option. On HCP upgrades, this option is enabled by default. On new installations of HCP, this option is disabled by default.

oTo set the minimum security protocol, click on the Minimum Security Protocol drop down menu and select the minimum security protocol you want to use for front-end communications. Changing this setting causes the HCP system to restart and requires your confirmation.

2.Click on the Update Settings button.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.