Supported encryption standards for cache products

This document describes the supported encryption standards as of Avere OS These standards apply to the following Microsoft Azure products:

Technology in the products above require the following standards for security. Any system connecting to the products for administrative or infrastructure purposes must meet these standards.

Client machines that mount the cache products do not need to meet all of these requirements, but you should use reasonable efforts to ensure their security.

TLS standard

TLS1.0 and TLS1.1 may be used for backward compatibility with private object stores, however it is better to upgrade your private storage to modern security standards. Contact Microsoft Customer Service and Support to learn more.

Permitted cipher suites

Microsoft security requirements permit the following TLS cipher suites to be negotiated:

The cluster administrative HTTPS interface (used for the Avere Control Panel web GUI and administrative RPC connections) supports only the above cipher suites and TLS1.2. No other protocols or cipher suites are supported when connecting to the administrative interface.

SSH server access

These standards apply to the SSH server that is embedded in these products.

The SSH server does not allow remote login as the superuser "root". If remote SSH access is required under the guidance of Microsoft Customer Service and Support, log in as the SSH “admin” user, which has a restricted shell.

The following SSH cipher suites are available on the cluster SSH server. Make sure that any client that uses SSH to connect to the cluster has up-to-date software that meets these standards.

SSH encryption standards

Type Supported values
KEX algorithms ecdh-sha2-nistp521

© 2020 Microsoft Corporation. All rights reserved.
Avere Systems copyright and trademark information