跳转到主内容

为SVM DR集群启用FIPS的最佳实践是什么?

  1. 最后更新
  2. 另存为PDF
Views:
51
Visibility:
Public
Votes:
0
Category:
snapmirror
Specialty:
dp
Last Updated:

适用场景

  • SVMDR
  • ONTAP 9

问题解答

Vserver灾难恢复 要求在源站点和目标站点上启用FIPS、才能实现兼容性。
 
1.在集群上启用FIPS时发出警告、指出:
 
cluster1::*> security config modify -interface SSL -is-fips-enabled true
 
Warning: This command will enable FIPS compliance and can potentially cause
some non-compliant components to fail. MetroCluster and Vserver DR
require FIPS to be enabled on both sites in order to be compatible. An
SNMP users or SNMP traphosts that are non-compliant to FIPS will be
deleted automatically. An SNMPv1 user, SNMPv2c user or SNMPv3 user
(with none or MD5 as authentication protocol or none or DES as
encryption protocol or both) is non-compliant to FIPS. An SNMPv1
traphost or SNMPv3 traphost (configured with an SNMPv3 user
non-compliant to FIPS) is non-compliant to FIPS.
Do you want to continue? {y|n}:
 
2. 如果您运行的是ONTAP 9.8或更早版本、 则要实施FIPS、需要手动重新启动集群中的每个节点。
 
3.从ONTAP 9.9.1开始 、无需重新启动节点。
 
注:

  • 在重新启动系统之前、您必须确认所有SnapMirror关系均已静用。

  • 当SnapMirror关系处于静音状态时、它会在重新启动和故障转移后保持静音状态。

追加信息

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.