Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 73
Fabric OS Encryption Administrator’s Guide (KMIP)
55
53-1002747-02
Creating an encryption group
2
Configuring key vault settings for Key Management Interoperability
Protocol (KMIP)
The following procedure assumes you have already configured the initial steps in the Configure
Switch Encryption wizard. If you have not already done so, go to
“Creating an encryption group”
NOTE
Before selecting KMIP as the key vault type, ensure that all nodes in an encryption group are running
Fabric OS 7.1.0 or later.
shows the key vault selection dialog box for KMIP.
FIGURE 46
Select Key Vault dialog box for KMIP
1. Select the High Availability mode. Options are:
•
Opaque: Both the primary and secondary key vaults are registered on the Brocade
Encryption Switch. The client archives the key to a single (primary) key vault. For disk
operations, an additional key hardening check is done on the secondary key vault before
the key is used for encryption.
•
Transparent: A single key vault should be registered on the Brocade Encryption Switch. The
client assumes the entire HA is implemented on the key vault. Key archival and retrieval is
done to the KMIP without any additional key hardening checks.
•
No HA: Both the primary and secondary key vaults are registered on the Brocade
Encryption Switch. The client archives keys to both key vaults and ensures that the archival
is successful before the key is used for encryption.
2. Enter the Primary Key Vault IP address or hostname, and port number.
3. Enter the Primary Certificate file name, or browse to the file location.