PowerVC

 View Only

Brocade Fabrics registration via ssh-keys

By Jagdish Choudhary posted Fri June 24, 2022 02:41 AM

  

Client Scenario/Problem statement

Ben, an administrator, had been worried about tightening the security of all his resources as and when they are registered. With the SAN fabrics in his environment being registered with username/password added more to his existing security concerns. He has been looking for a perfect solution for a while now.

SSH-Keys as a solution

PowerVC 2.0.3 brings you a new feature that allows you to register Brocade switch via SSH key in addition to the conventional username/password technique. This feature ensures that the security aspect of ‘no-man-in-the-middle’ or any other attacks that can lead to SAN fabrics getting compromised.

Adding keys on Brocade switch

Generate keys on any machine and copy public keys to Brocade admin account.

 Here is an example.

c387f14u40:FID128:admin> sshutil importpubkey

Enter user name for whom key is imported:admin

Enter IP address:1.2.3.4

Enter remote directory:/root/.ssh

Enter public key name(must have .pub suffix):id_rsa.pub

Enter login name:root

root@1.2.3.4's password:

public key is imported successfully.

c387f14u40:FID128:admin>


Registration on PowerVC

After logging in to PowerVC, navigate to ‘Storages’ and click Fabrics.

  1. Click Add fabric. The rest of the parameters remain the same as earlier.
  • Display name: Post registration of fabric, we can see fabric with this name in PowerVC GUI
  • User ID: Fabric username which is usually ‘admin’.
  • Fabric Type: Brocade
  • Zoning Policy: Select any one of them listed, they are discussed in earlier blogs

 

We will see a new option SSH key under Authentication type.

Provide private keys for registration.

 

Registration via REST API

This section provides details about the procedure for Brocade registration via REST API.

Method- POST

REST API - https://<PowerVC VIP>/powervc/openstack/volume/v3/<tenant id>/san-fabrics

Request Body :

{
    "fabric": {
        "registration": {
            "access_ip": "Fabric IP",
            "user_id": "admin",
            "private_key": “provide Private keys",
            "fabric_display_name": "Display name",
            "fabric_type": "brocade",
            "zoning_policy": "initiator"
        }
    }
}

Limitations

Registration of Brocade Virtual Fabric is not allowed using SSH private key.

Conclusion

As you have seen, PowerVC 2.0.3 provides you a simple way to register Brocade SAN switch via ssh-keys; thereby, ensuring that the security aspect of ‘no-man-in-the-middle’ is in place preventing any other attacks that can lead to SAN fabrics getting compromised.


Do comment your queries, if any, in the comments section.
Keep watching our social outlets for more interesting information about PowerVC! Please find us on FacebookLinkedInTwitter, and YouTube.

Blog author:
Jagdish Choudhary

0 comments
100 views

Permalink