Secure communication

Overview

The XML API provides the following functions for secure communication between the OSS clients and the NFM-P:

Note: MD5-hashed passwords do not secure the communication channel.

Note: Nokia recommends enabling TLS for secure communication.

TLS is enabled by default on NFM-P server and client interfaces to provide secure communication between NFM-P components. TLS requires a security certificate that is shared among members of a network domain using TLS keystore and truststore files. The NFM-P supports using CA-supplied or self-signed certificates.

For backward compatibility, the NFM-P supports non-secure communication with OSS clients. To support non-secure clients, you must disable TLS on the XML API.

Note: Disabling TLS on the XML API disables TLS for all clients that use the XML API, and for all NFM-P GUI clients. Browser-based clients are unaffected, and must use HTTPS for application access.

See the NSP Installation and Upgrade Guide for information about configuring NFM-P TLS.

TLS communication

When establishing TLS communication from an OSS system, an NFM-P main server selects the highest security cipher that the OSS client presents. The specific set of supported security ciphers and algorithms may vary, depending on the OSS client and server software components and certificates.

You can use an NFM-P tool to specify which TLS versions and ciphers the NFM-P supports. See the procedure to update the supported NFM-P TLS versions and ciphers in the NSP System Administrator Guide for information about using the tool.