beautypg.com

Link keys tab – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 124

background image

106

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Viewing and editing encryption group properties

2

Right and left arrow buttons: You can select an encryption engine in the Non-HA Encryption
Engines table and click the right arrow button to add the encryption engine to the
High-Availability Clusters. (If you are creating a new HA cluster, a dialog box displays requesting
a name for the new HA cluster.)

Similarly, you can select an encryption engine in the High-Availability Clusters table and click
the left arrow button to remove it from a cluster. The encryption engine is removed from the
table and shown as available.

Dual arrow button: After selecting an encryption engine in both the Non-HA Encryption Engines
table and the High-Availability Clusters table, clicking the dual arrow button swaps the cluster
members.

NOTE

Swapping engines using the dual arrow button is not the same as removing one engine and
adding another. When swapping engines, all configured targets are moved from the former
HA cluster member to the new HA cluster member. Swapping engines is useful when replacing
hardware.

Configure Blade Processor Link button: When active, clicking the button displays the Configure
Blade Processor Link dialog box. Blade processor links must be configured and functioning to
enable the failover/failback capabilities of a high availability cluster. For more information,
refer to

“Configuring blade processor links”

on page 28.

Failback button: After selecting an online encryption engine in the High-Availability Clusters
table, you can click Failback to manually invoke failback. For more information, refer to

“Invoking failback”

on page 53.

Link Keys tab

NOTE

The Link Keys tab displays only if the key vault type is NetApp LKM.

Connections between a switch and an NetApp LKM key vault require a shared link key. Link keys
are used only with LKM key vaults. Link keys are used to protect data encryption keys in transit to
and from the key vault. There is a separate link key for each key vault for each switch. The link keys
are configured for a switch but are stored in the encryption engines, and all of the encryption
engines in a group share the same link keys. You must create link keys under the following
circumstances:

When a new encryption group is created.

When a new switch is added to an encryption group.

When a new key vault is added to an encryption group.

After all encryption engines in a switch have been zeroized.

When all of the encryption blades have been removed from a director and one or more new
encryption blades have been added.

The Link Keys tab is viewed from the Encryption Group Properties dialog box. (Refer to

Figure 79

.)

To access the Link Keys tab, select an LKM group from the Encryption Center Devices table, then
select Group > Link Keys from the menu task bar. The Properties dialog box displays with the
Link Keys tab selected.

See also other documents in the category Brocade Computer Accessories: