Steps for connecting to a dpm appliance – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 154
134
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Steps for connecting to a DPM appliance
3
Steps for connecting to a DPM appliance
All switches you plan to include in an encryption group must have a secure connection to the Data
Protection Manager (DPM). The following procedure is a suggested order of steps for creating a
secure connection to DPM.
NOTE
The Brocade Encryption Switch will not use the Identity Auto Enrollment feature supported with DPM
3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x server
with the Brocade Encryption Switch. Refer to
“Client registration for manual enrollment”
1. Initialize the encryption engines on every Fabric OS encryption node that is expected to
perform encryption within the fabric. The cryptocfg
--
initnode command generates a Key
Archive Client
Certificate Signing Request (KAC CSR) that must be present to enable
“Initializing the Fabric OS encryption engines”
2. Export the KAC CSR to a location accessible to a certificate authority (CA) for signing. Refer to
“Exporting the KAC certificate signing request (CSR)”
3. Submit the KAC CSR for signing by a CA. Refer to
4. Import the signed certificate into the Fabric OS encryption node. Refer to
5. Upload the CA certificate onto the DPM key vault. Refer to
“Uploading the CA certificate onto
the DPM appliance (and first-time configurations)”
6. Upload the KAC certificate onto the DPM appliance, then select the appropriate key classes.
Refer to
“Uploading the KAC certificate onto the DPM apliance (manual identity enrollment)”
7. If dual DPM appliances are used for high availability, the DPM appliances must be clustered
and must operate in maximum availability mode, as described in the DPM appliance user
documentation.
8. Create a Brocade encryption group. Refer to
“Creating a Brocade encryption group”
9. Register the DPM on the group leader by exporting the CA certificate for the CA that signed the
DPM certificate. Refer to
“Client registration for manual enrollment”
NOTE
DPM is formerly referred to as RKM. DPM 3.x servers are referred to as DPM. DPM is compatible
with Fabric OS 7.1.0 and later. RSA servers using the RKM 2.1.1 client are compatible with earlier
Fabric OS versions (for example, v7.0.1) are still referred to as RKM.