beautypg.com

Client registration for manual enrollment – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 160

background image

140

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Steps for connecting to a DPM appliance

3

To create a Brocade encryption group, complete the following steps:

1. Identify one node (a Brocade Encryption Switch or DCX Backbone chassis with an FS8-18

blade) as the designated group leader and log in as Admin or SecurityAdmin.

2. Enter the cryptocfg

--

create

-

encgroup command followed by a name of your choice. The

name can be up to 15 characters long, and can include any alphanumeric characters and
underscores. White space or other special characters are not permitted.

The following example creates the encryption group brocade.

SecurityAdmin:switch> cryptocfg --create -encgroup brocade

Encryption group create status: Operation Succeeded.

The switch on which you create the encryption group becomes the designated group leader. After
you have created an encryption group, all group-wide operations are performed on the group
leader.

Client registration for manual enrollment

When you migrate to Fabric OS 7.1.0 from an earlier Fabric OS version, client registration is
performed automatically and no user intervention is required during the upgrade process. For new
deployments, however, identity enrollment must be performed manually for the Brocade Encryption
Switch to connect with the DPM 3.x servers. Refer to

“Steps for connecting to a DPM appliance”

on

page 134.

Once completed, client registration occurs after key vault registration, when the Brocade
Encryption Switch attempts to connect to the DPM server for the first time.

During registration of the key vault on the Brocade Encryption Switch, the following configuration
files are created:

Init file: This file is created under /etc/fabos/certs/sw0/DpmInit.cfg. The init file contains
static configuration information. A sample init file is provided.

svcType=transportSvc

configName=https_cfg_1

clientCredentialFile=/etc/fabos/certs/sw0/kac.p12

clientTrustedRoots=/etc/fabos/certs/sw0/kv.pem

clientCredentialPassword=Password1

client.registrationfile=/etc/fabos/certs/sw0/DpmReg_10.37.39.33

address=https://10.37.39.33/KMS/rpc/emu

port=443

responseTimeout=10

connectRetries=0

connectTimeout=10

certHostnameVerification=false

FIPSMode=false

svcType=cacheSvc

configName=cache_cfg_1

nonPersistentCache=false

persistentCacheFile=

applicationId=B10_00_00_05_1e_53_89_eb

cachePassword=Password1

svcType=logSvc

configName=log_cfg_1

error=false

warning=false

audit=false

See also other documents in the category Brocade Computer Accessories: