Setting network security
The Network Security page in the HCP System Management Console lets you allow or prevent these services on HCP nodes:
Ping
When you enable this service, you can use ping to check network connectivity to HCP nodes.
SSH login by authorized service and support representatives
Enabling SSH facilitates troubleshooting when you request support.
Node Status
When you enable this service, you can use enable node status commands to check the health of your nodes.
3DES Ciphers
Enabling this service allows the system to use the Triple-DES cipher algorithm for data encryption. The more secure option is disabling this service.
SSL renegotiation
When you enable this service, you can allow SSL renegotiation. The more secure option is disabling this service.
Restrict anonymous access with CIFS
Enabling this service prevents anonymous users from using CIFS to access namespaces on this system. Tenant-level administrators can override this setting for individual namespaces.
Prevent data access with SMBv1
When you enable this service, you can prevent users from using the SMBv1 protocol for data access with CIFS.
Minimum Security Protocol
This service allows you to set the minimum security protocol supported for front-end communications. The recommended minimum security protocol is TLSv1.2.
Displaying the Network Security page
Before you begin
Procedure
In the top-level menu in the System Management Console, mouse over Security to display a secondary menu.
In the secondary menu, click Network Security.
Enabling or disabling these services on HCP nodes
To enable or disable these services on HCP nodes:
- On the Network Security page:
- To allow HCP nodes to respond to ping requests, select the Enable ping option. To prevent HCP nodes from responding to ping requests, deselect this option.
- To allow authorized service and support representatives to use SSH to log into HCP nodes, select the Enable SSH option. To prevent the use of SSH for access to HCP nodes, deselect this option.
- To allow HCP nodes to respond to the node status requests, select the Enable Node Status option. To prevent HCP nodes from responding to Enable Node Status requests, deselect this option.
- To allow the system to use the Triple-DES cipher algorithm for data encryption, select the Enable 3DES Ciphers option. To prevent the use of Triple-DES ciphers, deselect this option.
- To allow SSL renegotiation, select the Enable SSL renegotiation option. To prevent SSL renegotiation, deselect this option.
- To prevent anonymous users from using CIFS to access namespaces on this system, select the Restrict anonymous access with CIFS option. To allow anonymous access with CIFS, deselect this option.
- To prevent users from using the SMBv1 protocol for data access with CIFS, select the Prevent data access with SMBv1 option. To allow the usage of the SMBv1 protocol for data access with CIFS, deselect this option. On HCP upgrades, this option is enabled by default. On new installations of HCP, this option is disabled by default.
- To set the minimum security protocol, click the Minimum Security Protocol drop down menu and select the minimum security protocol you want to use for front-end communications. Changing this setting causes the HCP system to restart and requires your confirmation.
- Click Update Settings.