X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C76CCB.D86B9480@onstor-exch02.onstor.net>; Thu, 22 Mar 2007 14:48:36 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C76CCB.D86B9480"
Content-class: urn:content-classes:message
Subject: RE: root/admin login via fp-ports
Date: Thu, 22 Mar 2007 14:48:36 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E02F12BFB@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E02F12B6B@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: root/admin login via fp-ports
Thread-Index: AcdsxgQRMwTHQGNgQpK+6kdcdQp0zwAAbVrQ
From: "Charissa Willard" <charissa.willard@onstor.com>
To: "Steffen Thuemmel" <steffen.thuemmel@onstor.com>
Cc: "dl-se" <dl-se@onstor.com>,
	"dl-cstech" <dl-cstech@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C76CCB.D86B9480
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Steffen,

=20

We have some customers that have setup a direct connect cluster where =
two nodes are directly connected via their SSC ports. In this =
configuration there is no SSC port available to serve as the management =
port, so we created the capability to use an FP port to manage the =
cluster.=20

=20

We have a request in to add the capability for a customer to disable =
management via the FP ports for the web-ui (TED00018016). There is =
currently no request in to limit access using ssh. We may want to =
recommend that a customer only connect to a mgmt vsvr. For one reason =
the mgmt vsvr is not protected so it won't move.=20

=20

-Charissa

=20

________________________________

From: Steffen Thuemmel=20
Sent: Thursday, March 22, 2007 2:07 PM
To: dl-se; dl-cstech
Subject: root/admin login via fp-ports

=20

I found out today, it is possible to login as admin or root via a vsvr =
ip-address (configured on a fp port). The management ports and the fp =
port are on totally different ip segments.

Why don't we suppress this ?  Isn't that a security risk ? I was telling =
all my prospects that the sc and fp ports are totally separated.

=20

Thanks,

St.

=20

Steffen Thuemmel=20

Manager Systems Engineering CE

=20

telf.      +49 6102 884 84-0

mobil.     +49 173 673 3434

mail.       steffen.thuemmel@onstor.com

=20

ONStor GmbH

Schleussner Str. 42

D-63263 Neu-Isenburg

Germany

=20

HR-B: 42402 AG Offenbach am Main;=20

USt.-ID: DE 249 472 495

Gesch=E4ftsf=FChrer: Roland Voelskow

=20


------_=_NextPart_001_01C76CCB.D86B9480
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40"
xmlns:ns1=3D"http://schemas.microsoft.com/office/2004/12/omml">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--a:link
	{mso-style-priority:99;}
span.MSOHYPERLINK
	{mso-style-priority:99;}
a:visited
	{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
	{mso-style-priority:99;}

 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:Calibri;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:Calibri;}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:Calibri;
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Courier New";
	color:windowtext;
	font-weight:normal;
	font-style:normal;
	text-decoration:none none;}
@page Section1
	{size:8.5in 11.0in;
	margin:70.85pt 70.85pt 56.7pt 70.85pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'>Steffen,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'>We have some customers that have setup a =
direct
connect cluster where two nodes are directly connected via their SSC =
ports. In
this configuration there is no SSC port available to serve as the =
management
port, so we created the capability to use an FP port to manage the =
cluster. <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'>We have a request in to add the capability =
for a
customer to disable management via the FP ports for the web-ui =
(TED00018016).
There is currently no request in to limit access using ssh. We may want =
to recommend
that a customer only connect to a mgmt vsvr. For one reason the mgmt =
vsvr is
not protected so it won&#8217;t move. <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'>-Charissa<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3D"Courier New"><span =
style=3D'font-size:9.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;font-family:"Times New Roman"'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> =
<st1:PersonName
w:st=3D"on">Steffen Thuemmel</st1:PersonName> <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Thursday, March 22, =
2007
2:07 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> dl-se; dl-cstech<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> root/admin login =
via
fp-ports</span></font><font size=3D3 face=3D"Times New Roman"><span
style=3D'font-size:12.0pt;font-family:"Times New =
Roman"'><o:p></o:p></span></font></p>

</div>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'>I
found out today, it is possible to login as admin or root via a vsvr =
ip-address
(configured on a fp port). The management ports and the fp port are on =
totally
different ip segments.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'>Why
don&#8217;t we suppress this ? &nbsp;Isn&#8217;t that a security risk ? =
I was
telling all my prospects that the sc and fp ports are totally =
separated.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'>Thanks,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'>St.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><st1:PersonName w:st=3D"on"><b><font size=3D2 =
face=3DCalibri><span
 style=3D'font-size:10.0pt;font-weight:bold'>Steffen =
Thuemmel</span></font></b></st1:PersonName><b><font
size=3D2><span style=3D'font-size:10.0pt;font-weight:bold'> =
</span></font></b><b><font
size=3D2 face=3D"Times New Roman"><span =
style=3D'font-size:10.0pt;font-family:"Times New Roman";
font-weight:bold'><o:p></o:p></span></font></b></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:10.0pt'>Manager
Systems Engineering CE</span></font><font size=3D3><span =
style=3D'font-size:12.0pt'><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><b><font size=3D1 face=3DTahoma><span =
style=3D'font-size:8.0pt;
font-family:Tahoma;font-weight:bold'>telf.</span></font></b><b><font =
size=3D2
face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma;font-weight:bold'>&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;
</span></font></b><b><font size=3D1 face=3DTahoma><span =
style=3D'font-size:7.5pt;
font-family:Tahoma;font-weight:bold'>+49 6102 884 =
84-0</span></font></b><b><font
size=3D1 face=3DTahoma><span =
style=3D'font-size:8.0pt;font-family:Tahoma;font-weight:
bold'><o:p></o:p></span></font></b></p>

<p class=3DMsoNormal><b><font size=3D1 face=3DTahoma><span =
style=3D'font-size:8.0pt;
font-family:Tahoma;font-weight:bold'>mobil. &nbsp;&nbsp;&nbsp; =
</span></font></b><b><font
size=3D1 face=3DTahoma><span =
style=3D'font-size:7.5pt;font-family:Tahoma;font-weight:
bold'>+49 173 673 3434<o:p></o:p></span></font></b></p>

<p class=3DMsoNormal><b><font size=3D1 face=3DTahoma><span lang=3DFR =
style=3D'font-size:
8.0pt;font-family:Tahoma;font-weight:bold'>mail.&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;
<a =
href=3D"mailto:steffen.thuemmel@onstor.com">steffen.thuemmel@onstor.com</=
a></span></font></b><font
size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;font-family:"Times New =
Roman"'><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span =
style=3D'font-size:11.0pt'>&nbsp;</span></font><b><font
size=3D1 face=3DTahoma><span lang=3DFR =
style=3D'font-size:8.0pt;font-family:Tahoma;
font-weight:bold'><o:p></o:p></span></font></b></p>

<p class=3DMsoNormal><b><font size=3D1 color=3D"#1f497d" =
face=3DTahoma><span lang=3DDE
style=3D'font-size:8.0pt;font-family:Tahoma;color:#1F497D;font-weight:bol=
d'>ONStor
GmbH<o:p></o:p></span></font></b></p>

<p class=3DMsoNormal><font size=3D1 face=3DTahoma><span lang=3DDE =
style=3D'font-size:
8.0pt;font-family:Tahoma'>Schleussner Str. =
42<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3DTahoma><span lang=3DDE =
style=3D'font-size:
8.0pt;font-family:Tahoma'>D-63263 =
Neu-Isenburg<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3DTahoma><span lang=3DDE =
style=3D'font-size:
8.0pt;font-family:Tahoma'>Germany</span></font><font size=3D3
face=3D"Times New Roman"><span lang=3DDE =
style=3D'font-size:12.0pt;font-family:"Times New =
Roman"'><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span lang=3DDE =
style=3D'font-size:
11.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3DArial><span lang=3DDE =
style=3D'font-size:7.5pt;
font-family:Arial'>HR-B: 42402 AG Offenbach am Main; =
<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3DArial><span lang=3DDE =
style=3D'font-size:7.5pt;
font-family:Arial'>USt.-ID: DE 249 472 495<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D1 face=3DArial><span lang=3DDE =
style=3D'font-size:7.5pt;
font-family:Arial'>Gesch=E4ftsf=FChrer: Roland =
Voelskow</span></font><font size=3D3
face=3D"Times New Roman"><span lang=3DDE =
style=3D'font-size:12.0pt;font-family:"Times New =
Roman"'><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DCalibri><span lang=3DDE =
style=3D'font-size:
11.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C76CCB.D86B9480--
