beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 6

background image

iv

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

Chapter 2

Configuring Encryption Using the Management Application

Encryption Center features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Encryption user privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Using authentication cards with a card reader . . . . . . . . . . . . . 16
Registering authentication cards from a card reader . . . . . . . . 17
Registering authentication cards from the database . . . . . . . . 19
Deregistering an authentication card. . . . . . . . . . . . . . . . . . . . .20
Setting a quorum for authentication cards . . . . . . . . . . . . . . . .20
Using system cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Enabling or disabling the system card requirement . . . . . . . . .22
Registering system cards from a card reader . . . . . . . . . . . . . .22
Deregistering system cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Using smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Tracking smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Editing smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . . .28

Encryption node initialization and certificate generation. . . . . . . . .28

Setting encryption node initialization . . . . . . . . . . . . . . . . . . . . .29

Steps for connecting to an ESKM/SKM appliance . . . . . . . . . . . . . .29

Configuring a Brocade group on ESKM/SKM . . . . . . . . . . . . . .30
Registering the ESKM/SKM Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Setting up the local Certificate Authority (CA)
on ESKM/SKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Downloading the local CA certificate from ESKM/SKM . . . . . .33
Creating and installing the ESKM/SKM server certificate . . . .33
Enabling SSL on the Key Management System
(KMS) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Creating an ESKM/SKM high availability cluster. . . . . . . . . . . .35
Copying the local CA certificate for a clustered
ESKM/SKM appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Adding ESKM/SKM appliances to the cluster . . . . . . . . . . . . . .36
Signing the encryption node KAC certificates . . . . . . . . . . . . . . 37
Importing a signed KAC certificate into a switch . . . . . . . . . . . .38
ESKM/SKM key vault high availability deployment . . . . . . . . . .38
Data Encryption Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Creating an encryption group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Configuring key vault settings for HP Enterprise Secure
Key Manager (ESKM/SKM). . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Understanding configuration status results. . . . . . . . . . . . . . . .50

Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . . . 51

Replacing an encryption engine in an encryption group . . . . . . . . .56

See also other documents in the category Brocade Computer Accessories: