This document describes the supported encryption standards as of Avere OS 5.1.1.2. These standards apply to the following Microsoft Azure products:
Technology in the products above require the following standards for security. Any system connecting to the products for administrative or infrastructure purposes must meet these standards.
Client machines that mount the cache products do not need to meet all of these requirements, but you should use reasonable efforts to ensure their security.
TLS1.0 and TLS1.1 may be used for backward compatibility with private object stores, however it is better to upgrade your private storage to modern security standards. Contact Microsoft Customer Service and Support to learn more.
Microsoft security requirements permit the following TLS cipher suites to be negotiated:
The cluster administrative HTTPS interface (used for the Avere Control Panel web GUI and administrative RPC connections) supports only the above cipher suites and TLS1.2. No other protocols or cipher suites are supported when connecting to the administrative interface.
These standards apply to the SSH server that is embedded in these products.
The SSH server does not allow remote login as the superuser "root". If remote SSH access is required under the guidance of Microsoft Customer Service and Support, log in as the SSH “admin” user, which has a restricted shell.
The following SSH cipher suites are available on the cluster SSH server. Make sure that any client that uses SSH to connect to the cluster has up-to-date software that meets these standards.
| Type | Supported values |
| Ciphers | aes256-gcm@openssh.com aes128-gcm@openssh.com aes256-ctr aes128-ctr |
| MACs | hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 |
| KEX algorithms | ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group-exchange-sha256 |
© 2020 Microsoft Corporation. All rights reserved.
Avere Systems copyright and trademark information