Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 142

124
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Viewing and editing switch encryption properties
2
•
Encryption Group: The name of the encryption group to which the switch belongs
•
Encryption Group Status: Status options are:
•
OK/Converged: the Group Leader can communicate with all members
•
Degraded: the Group Leader cannot communicate with one or more members. The
following operations are not allowed: key vault changes, master key operations,
enable/disable encryption engines, Failback mode changes, HA Cluster creation or
addition (removal is allowed), tape pool changes, and any configuration changes for
storage targets, hosts, and LUNs.
•
Unknown: The Group Leader is in an unmanaged fabric
•
Fabric: The name of the fabric to which the switch belongs
•
Domain ID: The domain ID of the selected switch
•
Firmware Version: The current encryption firmware on the switch.
•
Key Vault type: Options are:
•
Key Management Interoperability Protocol (KMIP). NOTE: Any KMIP-compliant server
can be registered as a key vault on the Brocade Encryption Switch after setting the key
vault type to KMIP.
Currently, only KMIP with SafeNet KeySecure for key management (SSKM) native
hosting LKM is supported.
•
Primary Key Vault Link Key Status/Backup Key Vault Link Key Status: (LKM/SSKM key
vault only.) Shown as Not Used.
•
Primary Key Vault Connection Status/Backup Key Vault Connection Status: Whether the
primary key vault link is connected. Options are:
•
Unknown/Busy
•
Key Vault Not Configured
•
No Response
•
Failed authentication
•
Connected
•
Key Vault User Name button: (TEKA key vault only.) Shown as inactive.
•
Public Key Certificate Request text box: The switch’s KAC certificate signing request, which
must be signed by a certificate authority (CA). The signed certificate must then be imported
onto the switch and onto the primary and backup key vaults.
•
Export button: Exports the public key certificate in CSR format to an external file for signing
by a certificate authority (CA).
•
Import button: Imports a signed public key certificate.
•
Encryption Engine Properties table: The properties for the encryption engine. There may be
0 to 4 slots, one for each encryption engine in the switch.
•
Current Status: The status of the encryption engine. Many possible values exist. Common
options are:
•
Not Available (the engine is not initialized)
•
Disabled
•
Operational
•
need master/link key