Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 9
Fabric OS Encryption Administrator’s Guide (DPM)
vii
53-1002922-01
Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . 134
Initializing the Fabric OS encryption engines. . . . . . . . . . . . . 135
Exporting the KAC certificate signing request (CSR) . . . . . . . 136
Submitting the CSR to a CA. . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . 137
Uploading the CA certificate onto the DPM appliance
(and first-time configurations). . . . . . . . . . . . . . . . . . . . . . . . . 138
Uploading the KAC certificate onto the DPM apliance
(manual identity enrollment). . . . . . . . . . . . . . . . . . . . . . . . . . 139
Creating a Brocade encryption group. . . . . . . . . . . . . . . . . . . 139
Client registration for manual enrollment . . . . . . . . . . . . . . . 140
DPM key vault high availability deployment . . . . . . . . . . . . . . 141
Setting heartbeat signaling values . . . . . . . . . . . . . . . . . . . . . 142
Adding a member node to an encryption group . . . . . . . . . . . . . . 143
Generating and backing up the master key . . . . . . . . . . . . . . . . . 146
High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
HA cluster configuration rules. . . . . . . . . . . . . . . . . . . . . . . . . 148
Creating an HA cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Adding an encryption engine to an HA cluster. . . . . . . . . . . . 150
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . . 150
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . . 150
Failover/failback policy configuration. . . . . . . . . . . . . . . . . . . 151
Re-exporting a master key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Enabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Checking encryption engine status . . . . . . . . . . . . . . . . . . . . 156
Zoning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Setting default zoning to no access . . . . . . . . . . . . . . . . . . . . 157
Frame redirection zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Creating an initiator - target zone . . . . . . . . . . . . . . . . . . . . . . 158
CryptoTarget container configuration . . . . . . . . . . . . . . . . . . . . . . 160
LUN rebalancing when hosting both disk
and tape targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Gathering information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Creating a CryptoTarget container . . . . . . . . . . . . . . . . . . . . . 162
Removing an initiator from a CryptoTarget container . . . . . . 164
Deleting a CryptoTarget container . . . . . . . . . . . . . . . . . . . . . 165
Moving a CryptoTarget container . . . . . . . . . . . . . . . . . . . . . . 165
Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Discovering a LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Configuring a Crypto LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Crypto LUN parameters and policies . . . . . . . . . . . . . . . . . . . 169
Configuring a tape LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Removing a LUN from a CryptoTarget container . . . . . . . . . . 172
Modifying Crypto LUN parameters . . . . . . . . . . . . . . . . . . . . . 173
LUN modification considerations . . . . . . . . . . . . . . . . . . . . . . 174