ONTAP Hardware

PKI or Two-factor Authentication between management console and fabric


We have NetApp FAS 3220 storage controllers on a DoD network.  We are required to apply DISA STIG settings from Storage Area Network STIG :: Release: 2 Benchmark Date: 25 Oct 2013.  If you don't know what this is, this is basically the DoD required security settings for specific hardware/software.  The specific item we are looking for a solution to is V-6637 from the SAN STIG that states: Communications from the management console to the SAN fabric are not protected strong two-factor authentication. Using two-factor authentication between the SAN management console and the fabric enhances the security of the communications carrying privileged functions. It is harder for an unauthorized management console to take control of the SAN. The preferred solution for two-factor authentication is DoD PKI implemented on the CAC or Alternative (Alt) token.


Our technical team tells me that there is no capability to implement this requirement on NetApp or any other SAN for that matter.  Can anyone confirm that this is the case or suggest a solution?


Thank you.





and tr3649 tr3834... not too sure about cmode


hopefully helps