Configuring the DS8000 Storage Management GUI and the DS Service GUI servers to enforce NIST SP 800-131A

NOTE: As of version 9.4 (TLS 1.3), the manageaccess command to enforce TLS security is no longer supported.

About this task

For NIST SP 800-131A security conformance, web browsers that are used to access the DS8000 Storage Management GUI and DS Service GUI must be enabled to support Transport Layer Security (TLS) and must have access to a NIST SP 800-131A compliant cryptographic library.

Procedure

  1. Upgrade web browsers to a version that supports TLS on all systems that access the DS8000 Storage Management GUI and the DS Service GUI.
    For information about supported web browsers, see web browser support.
  2. Configure all web browsers to enable TLS refer to your web browser documentation for instructions on enabling TLS.
    For example, in Internet Explorer, use the following steps:
    1. Click Tools > Internet Options
    2. On the Advanced tab, under Settings, select Use TLS.
    Attention: Ensure that all external web browsers that access the DS8000 Storage Management GUI are configured for TLS before you continue with the next step. Otherwise, connection to the DS8000 Storage Management GUI will be lost.
  3. In the DS CLI, use the manageaccess command to enforce TLS security for web browser access to the DS8000 Storage Management GUI.
    dscli> manageaccess -ctrl gui -action setsecurity -level 800131a
    For more information, see the manageaccess command.
  4. In the DS CLI, use the manageaccess command to enforce TLS security for web browser access to the DS Service GUI.
    dscli> manageaccess -ctrl wui -action setsecurity -level 800131a
    You must restart the server for this change to take effect. For more information, see the manageaccess command.