beautypg.com

Creating a brocade encryption group – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 159

background image

Fabric OS Encryption Administrator’s Guide (DPM)

139

53-1002922-01

Steps for connecting to a DPM appliance

3

i.

Repeat step a through step h for each key class.

j.

Click Finish.

Uploading the KAC certificate onto the DPM apliance (manual identity
enrollment)

NOTE

The Brocade Encryption Switch will not use the identity auto enrollment feature that is supported
with DPM 3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x
server with the Brocade Encryption Switch.

You need to install the switch public key certificate (KAC certificate). For each encryption node,
create an identity as follows:

1. Select the Identities tab.

2. Click Create.

3. Enter a label for the node in the Name field. This is a user-defined identifier.

4. Select the Hardware Retail Group in the Identity Groups field.

5. Select the Operational User role in the Authorization field.

6. Click Browse and select the imported certificate _kac_cert.pem> as the Identity

certificate.

7. Click Save.

NOTE

The CA certificate file referenced in the SSLCAcertificateFile field (see

step 4

) must be imported and

registered on the switch designated as an encryption group leader. Note this location before
proceeding to

“Setting heartbeat signaling values”

on page 142.

Creating a Brocade encryption group

An encryption group consists of one or more encryption engines. Encryption groups can provide
failover/failback capabilities by organizing encryption engines into Data Encryption Key (DEK)
clusters. An encryption group has the following properties:

It is identified by a user-defined name.

If an encryption group contains more than one node, the group must be managed from a
designated group leader.

If an encryption group consists of one node only, that node must be defined as an encryption
group leader.

All group members must share the same key manager.

The same master key is used for all encryption operations in the group.

In the case of FS8-18 blades:

-

All encryption engines in a chassis are part of the same encryption group.

-

An encryption group may contain up to four DCX Backbone nodes with a maximum of four
encryption engines per node, forming a total of 16 encryption engines.

See also other documents in the category Brocade Computer Accessories: