beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 6

background image

iv

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Support for virtual fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Cisco Fabric Connectivity support . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 2

Configuring Encryption Using the Management Application

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Encryption Center features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Encryption user privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Using authentication cards with a card reader . . . . . . . . . . . . 16
Registering authentication cards from a card reader . . . . . . . 17
Registering authentication cards from the database . . . . . . . 19
Deregistering an authentication card. . . . . . . . . . . . . . . . . . . . 20
Setting a quorum for authentication cards . . . . . . . . . . . . . . . 20
Using system cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Enabling or disabling the system card requirement . . . . . . . . 22
Registering systems card from a card reader . . . . . . . . . . . . . 22
Deregistering system cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Tracking smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Editing smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . . 28

Encryption node initialization and certificate generation. . . . . . . . 28

Setting encryption node initialization . . . . . . . . . . . . . . . . . . . . 29

Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . . 29

Exporting the KAC certificate signing request (CSR) . . . . . . . . 30
Submitting the CSR to a certificate authority . . . . . . . . . . . . . 30
KAC certificate registration expiry. . . . . . . . . . . . . . . . . . . . . . . 31
Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . . 31
Uploading the CA certificate onto the DPM appliance
(and first-time configurations). . . . . . . . . . . . . . . . . . . . . . . . . . 32
Uploading the KAC certificate onto the DPM appliance
(manual identity enrollment). . . . . . . . . . . . . . . . . . . . . . . . . . . 33
DPM key vault high availability deployment . . . . . . . . . . . . . . . 33
Loading the CA certificate onto the encryption group
leader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Creating an encryption group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Configuring key vault settings for RSA Data Protection
Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Understanding configuration status results. . . . . . . . . . . . . . . 45

Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . . 46

Replacing an encryption engine in an encryption group . . . . . . . . 50

See also other documents in the category Brocade Computer Accessories: