beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 9

background image

Fabric OS Encryption Administrator’s Guide (DPM)

vii

53-1002922-01

Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . 134

Initializing the Fabric OS encryption engines. . . . . . . . . . . . . 135
Exporting the KAC certificate signing request (CSR) . . . . . . . 136
Submitting the CSR to a CA. . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . 137
Uploading the CA certificate onto the DPM appliance
(and first-time configurations). . . . . . . . . . . . . . . . . . . . . . . . . 138
Uploading the KAC certificate onto the DPM apliance
(manual identity enrollment). . . . . . . . . . . . . . . . . . . . . . . . . . 139
Creating a Brocade encryption group. . . . . . . . . . . . . . . . . . . 139
Client registration for manual enrollment . . . . . . . . . . . . . . . 140
DPM key vault high availability deployment . . . . . . . . . . . . . . 141
Setting heartbeat signaling values . . . . . . . . . . . . . . . . . . . . . 142

Adding a member node to an encryption group . . . . . . . . . . . . . . 143

Registering DPM on a Fabric OS encryption
group leader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Generating and backing up the master key . . . . . . . . . . . . . . . . . 146

High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

HA cluster configuration rules. . . . . . . . . . . . . . . . . . . . . . . . . 148
Creating an HA cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Adding an encryption engine to an HA cluster. . . . . . . . . . . . 150
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . . 150
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . . 150
Failover/failback policy configuration. . . . . . . . . . . . . . . . . . . 151

Re-exporting a master key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Exporting an additional key ID . . . . . . . . . . . . . . . . . . . . . . . . 154
Viewing the master key IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Enabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Checking encryption engine status . . . . . . . . . . . . . . . . . . . . 156

Zoning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Setting default zoning to no access . . . . . . . . . . . . . . . . . . . . 157
Frame redirection zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Creating an initiator - target zone . . . . . . . . . . . . . . . . . . . . . . 158

CryptoTarget container configuration . . . . . . . . . . . . . . . . . . . . . . 160

LUN rebalancing when hosting both disk
and tape targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Gathering information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Creating a CryptoTarget container . . . . . . . . . . . . . . . . . . . . . 162
Removing an initiator from a CryptoTarget container . . . . . . 164
Deleting a CryptoTarget container . . . . . . . . . . . . . . . . . . . . . 165
Moving a CryptoTarget container . . . . . . . . . . . . . . . . . . . . . . 165

Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Discovering a LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Configuring a Crypto LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Crypto LUN parameters and policies . . . . . . . . . . . . . . . . . . . 169
Configuring a tape LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Removing a LUN from a CryptoTarget container . . . . . . . . . . 172
Modifying Crypto LUN parameters . . . . . . . . . . . . . . . . . . . . . 173
LUN modification considerations . . . . . . . . . . . . . . . . . . . . . . 174