Setting encryption node initialization, Steps for connecting to an lkm/sskm appliance, Launching the netapp datafort management console – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 47
Fabric OS Encryption Administrator’s Guide (LKM/SSKM)
29
53-1002925-01
Steps for connecting to an LKM/SSKM appliance
2
Setting encryption node initialization
Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a
configuration. Encryption nodes may also be initialized from the Encryption Center dialog box.
1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from
the menu task bar.
2. Select Yes after reading the warning message to initialize the node.
Steps for connecting to an LKM/SSKM appliance
The NetApp Lifetime Key Manager (LKM/SSKM) resides on an FIPS 140-2 Level 3-compliant
network appliance. The encryption engine and LKM/SSKM appliance communicate over a trusted
link. A trusted link is a secure connection established between the Brocade Encryption Switch or
blade and the NetApp LKM/SSKM appliance, using a shared secret called a link key.
The following configuration steps are performed from the NetApp DataFort Management Console
(DMC) and from Brocade Network Advisor:
•
Install and launch the NetApp DataFort Management Console.
•
Establish the trusted link.
•
Obtain and import the LKM/SSKM certificate.
•
Export and register encryption node certificates on LKM/SSKM.
•
If required, create an LKM/SSKM cluster for high availability.
These steps are described in more detail in the following sections:
•
“Launching the NetApp DataFort Management Console”
•
“Establishing the trusted link”
•
“Obtaining and importing the LKM/SSKM certificate”
•
“Exporting and registering the switch KAC certificates on LKM/SSKM”
•
“LKM/SSKM key vault high availability deployment”
•
“Disk keys and tape pool keys (Brocade native mode support)”
•
“Tape LUN and DF -compatible tape pool support”
•
“LKM/SSKM key vault deregistration”
Launching the NetApp DataFort Management Console
The NetApp DataFort Management Console (DMC) must be installed on your PC or workstation to
complete certain procedures described in this chapter. Refer to the appropriate DMC product
documentation for DMC installation instructions. After you install the DMC, complete the following
steps:
1. Launch the DMC.
2. Click the Appliance tab on the top panel.
3. Add the NetApp LKM/SSKM appliance IP address or hostname.
4. Right-click the added IP address and log in to the NetApp LKM/SSKM key vault.