beautypg.com

Information not included in a download, Steps before configuration download – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 213

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

195

53-1002925-01

Configuration upload and download considerations

5

Information not included in a download

The following certificates will be not be present when the configuration is downloaded:

External certificates imported on the switch:

-

key vault certificate

-

peer node/switch certificate

-

authentication card certificate

Certificates generated internally:

-

KAC certificate

-

CP certificate

-

FIPS officer and user certificates

NOTE

The Authentication Quorum size is included in the configuration upload for read-only purposes, but
is not set by a configuration download.

Steps before configuration download

The configuration download does not have any certificates, public or private keys, master key, or
link keys included. Perform following steps prior to configuration download to generate and obtain
the necessary certificates and keys:

1. Use the following commands to initialize the encryption engine

cryptocfg --InitNode

cryptocfg --initEE

cryptocfg --regEE

Initializing the switch generates the following internal certificates:

-

KAC certificate

-

CP certificate

-

FIPS officer and user certificates

2. Import peer nodes/switches certificates onto the switch prior to configuration download.

3. Import key vault certificates onto switch prior to configuration download.

4. Create an encryption group with same name as in configuration upload information for the

encryption group leader node.

5. Import Authentication Card Certificates onto the switch prior to configuration download.

Configuration download at the encryption group leader node

The configuration download contains the encryption group-wide configuration information about
CryptoTargets, disk and tape LUNs, tape pools, HA clusters, security, and key vaults. The encryption
group leader first applies the encryption group-wide configuration information to the local
configuration database and then distributes the configuration to all members in the encryption
group. Also any layer-2 and switch specific configuration information is applied locally to the
encryption group leader.

See also other documents in the category Brocade Computer Accessories: