Encryption preparation, Creating an encryption group – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Fabric OS Encryption Administrator’s Guide (DPM)

35

53-1002922-01

Encryption preparation

2

Encryption preparation

Before you use the encryption setup wizard for the first time, you should have a detailed
configuration plan in place and available for reference. The encryption setup wizard assumes the
following:

•

You have a plan in place to organize encryption devices into encryption groups.

•

If you want redundancy and high availability in your implementation, you have a plan to create
high availability (HA) clusters of two encryption switches or blades to provide failover support.

•

All switches in the planned encryption group are interconnected on an I/O synch LAN.

•

The management ports on all encryption switches and 8-slot Backbone Chassis CPs that have
encryption blades installed, have a LAN connection to the SAN management program and are
available for discovery.

•

A supported key management appliance is connected on the same LAN as the encryption
switches, 8-slot Backbone Chassis CPs, and the SAN Management program.

•

An external host is available on the LAN to facilitate certificate exchange.

•

Switch KAC certificates have been signed by a CA and stored in a known location.

•

Key management system (key vault) certificates have been obtained and stored in a known
location.

Creating an encryption group

The following steps describe how to start and run the encryption setup wizard and create a new
encryption group.

NOTE

When a new encryption group is created, any existing tape pools in the switch are removed.

1. Select Configure > Encryption from the menu task bar to display the Encryption Center

dialog box. (Refer to

Figure 17

.)

FIGURE 17

Encryption Center dialog box - No group defined