NetApp Firewall Service HTTPS. How can I start using NetApp Firewall Service HTTPS?
NetApp Firewall Service (NFS) provides secure access to virtual machines running VMware vSphere or Microsoft Hyper-V from external networks. NFS supports both public key infrastructure (PKI) and certificate authority (CA) authentication methods.
NetApp Firewall Service supports both SSL and TLS protocols. The certificates used with NetApp Firewall Service are either self-signed or issued by a trusted certificate authority (CA).
Features of NetApp Firewall Service HTTPS:
Start-to-end encryption:
NetApp Firewall Service uses the HTTPS protocol between NetApp FAS and the VMware ESXi or Microsoft Hyper-V hosts. Encryption and decryption are by NetApp FAS. In addition, you can use third-party products to provide encryption for the traffic passing through NetApp FAS.
NetApp FAS is responsible for maintaining the certificate trust chain. One of the following methods must authenticate client devices before they can connect to NetApp Firewall Service:
CA-signed certificates:
A CA-signed certificate is on all NetApp FAS servers that are running NetApp Firewall Service. If a client device is using a CA-signed certificate, it must be in the list of trusted root certificates on all NetApp FAS servers.
NetApp recommends using CA-signed certificates.
PKI signed certificates:
A PKI-signed certificate is on all vSphere or Hyper-V hosts that are managed by NetApp Firewall Service. If a client device is using a PKI-signed certificate, it must be in the list of trusted root certificates on all vSphere or Hyper-V hosts managed by NetApp Firewall Service.
NetApp recommends using CA-signed certificates.
How is NetApp Firewall Service beneficial?
Starting from the beginning of the article, we have seen that NetApp Firewall Service is a great solution for connecting to vSphere and Hyper-V from the cloud.
What are SSL and TLS protocols?
SSL and TLS are the two most common cryptographic protocols for securing Internet communication. Both protocols use the same cryptographic algorithms and share a common cypher suite. SSL and TLS differ in terms of purpose and application layer details.
SSL was to protect the privacy of information transmitted over the Internet. TLS is a successor of SSL, but its primary goal is to provide authenticity of transmission as well as privacy protection.
TLS was to work in concert with certificate authorities (CA) and public key infrastructure (PKI). CA-signed certificates are to authenticate servers and browsers, while encryption keys are provided by servers and verified by clients using trusted third-party CAs.
TLS provides strong protection against eavesdropping, message tampering, and certificate forgery. TLS encryption is built into all modern web browsers. Hence, making it possible to implement relatively secure HTTPS connections between web browsers and web servers.
Comparison between SSL/TLS
The following figure shows a comparison between SSL/TLS and IPsec security protocols:
There are many similarities between SSL and TLS. Both use the same symmetric encryption algorithm (AES), the same hash function (SHA-1), the same MAC function (HMAC), and the same cypher suite.
The main difference between TLS and SSL is that TLS does not need certificate authorities, while SSL does. TLS is more secure than SSL because it uses signed certificates. Hence, trusted by clients because there is no certificate authority to verify their authenticity. Because of this, it is recommended to use TLS instead of SSL for securing Internet communication.