In releases prior to ClearPath Forward 4.0, when you commissioned a partition image, the setting for ClearPath Forward Management LAN (FM LAN) access was enabled by default. As of the ClearPath Forward 4.0 release, when you commission a partition image, the setting for FM LAN access is disabled by default. Unisys added this new feature to the Fabric Manager user interface to optimize the security of your partition images.

As an administrator of the ClearPath Forward fabric, it is important that you understand the security risks associated with the use of the FM LAN. It is possible for an FM LAN Ethernet switch monitored by the Fabric Manager to have an access vulnerability. For example, in a redundant FM LAN Ethernet switch configuration, the FM LAN “protected” and “unprotected” port mechanism is used to ensure that only proper access is achieved on the various ports. However, due to the presence of the necessary cross-over cable that connects the redundant FM LAN Ethernet switches and the necessary “unprotected” designation of the ports, it is possible for a user of the FM LAN to gain unintended access to the other FM LAN Ethernet switch. Although the FM LAN user is intended to be a trusted maintenance personnel, Unisys recommends that you keep the FM LAN disabled when it is not in use. Unisys also recommends that you reevaluate the setting for FM LAN access on all existing partition images.

As of the ClearPath Forward 4.0 release, Unisys added the dynamic enable and disable capability of the FM LAN to provide clients additional security for their partitions. For example, when you commission a partition, the default state of the FM LAN is disabled. You now have the capability to disable the FM LAN if you want to make its resources available to other partition images but do not want to permanently delete the partition image.