Skip to main content
Hitachi Vantara Knowledge

Setting network security

The Network Security page in the HCP System Management Console lets you allow or prevent these services on HCP nodes:

  • Ping

    When you enable this service, you can use ping to check network connectivity to HCP nodes.

  • SSH login by authorized service and support representatives

    Enabling SSH facilitates troubleshooting when you request support.

  • Node Status

    When you enable this service, you can use enable node status commands to check the health of your nodes.

  • 3DES Ciphers

    Enabling this service allows the system to use the Triple-DES cipher algorithm for data encryption. The more secure option is disabling this service.

  • SSL renegotiation

    When you enable this service, you can allow SSL renegotiation. The more secure option is disabling this service.

  • Restrict anonymous access with CIFS

    Enabling this service prevents anonymous users from using CIFS to access namespaces on this system. Tenant-level administrators can override this setting for individual namespaces.

  • Prevent data access with SMBv1

    When you enable this service, you can prevent users from using the SMBv1 protocol for data access with CIFS.

  • Minimum Security Protocol

    This service allows you to set the minimum security protocol supported for front-end communications. The recommended minimum security protocol is TLSv1.2.

Displaying the Network Security page

Before you begin

To view the Network Security page, you need the monitor or administrator role. To change network security settings, you need the administrator role.

Procedure

  1. In the top-level menu in the System Management Console, mouse over Security to display a secondary menu.

  2. In the secondary menu, click Network Security.

Enabling or disabling these services on HCP nodes

To enable or disable these services on HCP nodes:

  1. On the Network Security page:
    • To allow HCP nodes to respond to ping requests, select the Enable ping option. To prevent HCP nodes from responding to ping requests, deselect this option.
    • To allow authorized service and support representatives to use SSH to log into HCP nodes, select the Enable SSH option. To prevent the use of SSH for access to HCP nodes, deselect this option.
    • To allow HCP nodes to respond to the node status requests, select the Enable Node Status option. To prevent HCP nodes from responding to Enable Node Status requests, deselect this option.
    • To allow the system to use the Triple-DES cipher algorithm for data encryption, select the Enable 3DES Ciphers option. To prevent the use of Triple-DES ciphers, deselect this option.
    • To allow SSL renegotiation, select the Enable SSL renegotiation option. To prevent SSL renegotiation, deselect this option.
    • To prevent anonymous users from using CIFS to access namespaces on this system, select the Restrict anonymous access with CIFS option. To allow anonymous access with CIFS, deselect this option.
    • To prevent users from using the SMBv1 protocol for data access with CIFS, select the Prevent data access with SMBv1 option. To allow the usage of the SMBv1 protocol for data access with CIFS, deselect this option. On HCP upgrades, this option is enabled by default. On new installations of HCP, this option is disabled by default.
    • To set the minimum security protocol, click the Minimum Security Protocol drop down menu and select the minimum security protocol you want to use for front-end communications. Changing this setting causes the HCP system to restart and requires your confirmation.
  2. Click Update Settings.

 

  • Was this article helpful?