Chapter
11:
Setting up SSL encryption
You can set up a Secure Sockets Layer (SSL) connection between the storage system and
the SVP.
SSL encrypts the Hitachi Device Manager - Storage Navigator user ID and password
exchanged between the storage system and SVP.
About SSL
SSL is a protocol for transmitting data securely over the Internet. Two SSL-enabled peers
use their private key and public key to establish a secure communication session, with
each peer encrypting transmitted data with a randomly generated and agreed-upon
symmetric key.
The following terms are associated with SSL:
■
Keypair: A keypair is two mathematically related cryptographic keys consisting of a
private key and its associated public key.
■
Server certificate: A server certificate forms an association between an identity (in this
case, the SVP server) and a specific public key and private key. A server certificate is
used to identify the SVP server to a client, so that the server and client can
communicate using SSL. Certificates can be self-signed or issued by a certificate
authority (CA). Self-signed certificates are generated by you, and the subject of the
certificate is the same as the issuer of the certificate. A client PC and SVP on an
internal LAN behind a firewall might provide sufficient security. Certificates issued by
the CA are signed and trusted server certificates, where a Certificate Signing Request
(CSR) is sent to and certified by a trusted CA such as VeriSign. Using a certificate from
a CA provides higher reliability than a self-signed certificate, but is also more
expensive and can include several requirements.
SSL encryption of the storage system
The storage system uses SSL encryption for three connection paths. These paths are
designated A to C in the following table and figure.
Chapter 11: Setting up SSL encryption
Service Processor Technical Reference
197