Security features

Contributors netapp-soumikd netapp-asubhas Download PDF of this page

SnapCenter employs strict security and authentication features to enable you to keep your data secure.

SnapCenter includes the following security features:

  • All communication to SnapCenter uses HTTP over SSL (HTTPS).

  • All credentials in SnapCenter are protected using Advanced Encryption Standard (AES) encryption.

  • SnapCenter uses security algorithms that are compliant with the Federal Information Processing Standard (FIPS).

  • SnapCenter supports using the authorized CA certificates provided by the customer.

  • SnapCenter 4.1.1 or later supports Transport Layer Security (TLS) 1.2 communication with ONTAP. You can also use TLS 1.2 communication between clients and servers.

  • SnapCenter is installed inside your company’s firewall to enable access to the SnapCenter Server and to enable communication between the SnapCenter Server and the plug-ins.

  • SnapCenter API and operation access uses tokens encrypted with AES encryption, which expire after 24 hours.

  • SnapCenter integrates with Windows Active Directory for login and role-based access control (RBAC) that govern access permissions.

  • SnapCenter PowerShell cmdlets are session secured.

  • After a default period of 15 minutes of inactivity, SnapCenter warns you that you will be logged out in 5 minutes. After 20 minutes of inactivity, SnapCenter logs you out, and you must log in again. You can modify the log out period.

  • Login is temporarily disabled after 5 or more incorrect login attempts.

CA Certificate Overview

The SnapCenter Server installer enables the Centralized SSL Certificate Support during installation. To enhance the secured communication between the server and the plug-in, SnapCenter supports using the authorized CA certificates provided by the customer.

You should deploy CA certificates after installing the SnapCenter Server and the respective plug-ins. For more information, see Generate CA Certificate CSR file.

You can also deploy CA certificate for SnapCenter plug-in for VMware vSphere. For more information, see Create and import certificates.