Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

231

53-1002925-01

Key vault diagnostics

6

This feature reports the following types of configuration information:

•

Key Vault/Cluster scope:

-

CA Certificate and its validity (for example, valid header and expiry date)

-

Key Vault IP/Port

-

KV firmware version

-

Time of day on the KV

-

Key class and format on the KV configured for the user group

-

Client session timeout

•

Encryption node scope

-

Node KAC certificate and its validity (for example, valid header and expiry date)

-

Username/password

-

User group

-

Time of day on the switch

-

Key Vault client SDK version

-

Timeout and retry policy for the client SDK

The key vault client SDK version, and timeout and retry policy for the client SDK could differ across
encryption nodes, depending on the firmware versions they are running.

This feature also reports the results of a vault connectivity check and the results of a validation
check on key operations. These results are specific to each encryption node. The operations done
as part of this are:

•

Connects to the key vault and performs a connectivity check, reports any possible issues in
case of failure, for example, certificate issues, username or password issues, or connectivity
issues.

•

Attempts to retrieve a key and indicates any possible issues in case of failure.

•

Attempts to store a key on the vault and indicates any possible issues in case of failure.

•

Verifies if a key written is synchronized across the vaults in a cluster.

This check indicates only the synchronization capability at a given point of time, and does not
mean all keys on the vault are synchronized. The need for manual synchronization of keys
depends on the point of key vault connectivity failure or user-initiated operations (for example,
reboot) and is not identified by the KV diagnostics report. However if such a failure occurs
when diagnostics tests are run, failures will be identified and indicated.

•

Displays any errors returned from the key vault and indicates the possible issue with
configuration or setup that needs manual intervention, such as synchronization of keys or
reissuing certificates.

•

In a situation whereby a key cannot be created on the vault, (for example, an error message
shows “key exists,” “not enough permissions,” or “key creation failure”), verifies the failure and
provides additional information. The information shown will vary based on the key vault type.

For additional command information, refer to the Fabris OS Command Reference v7.0.0.