Encryption preparation, Creating an encryption group – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 52
34
Fabric OS Encryption Administrator’s Guide (LKM/SSKM)
53-1002925-01
Encryption preparation
2
Encryption preparation
Before you use the encryption setup wizard for the first time, you should have a detailed
configuration plan in place and available for reference. The encryption setup wizard assumes the
following:
•
You have a plan in place to organize encryption devices into encryption groups.
•
If you want redundancy and high availability in your implementation, you have a plan to create
high availability (HA) clusters of two encryption switches or blades to provide failover support.
•
All switches in the planned encryption group are interconnected on an I/O synch LAN.
•
The management ports on all encryption switches and DCX Backbone Chassis CPs that have
encryption blades installed, have a LAN connection to the SAN management program and are
available for discovery.
•
A supported key management appliance is connected on the same LAN as the encryption
switches, DCX Backbone Chassis CPs, and the SAN Management program.
•
An external host is available on the LAN to facilitate certificate exchange.
•
Switch KAC certificates have been signed by a CA and stored in a known location.
•
Key management system (key vault) certificates have been obtained and stored in a known
location.
Creating an encryption group
The following steps describe how to start and run the encryption setup wizard and create a new
encryption group.
NOTE
When a new encryption group is created, any existing tape pools in the switch are removed.
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box. (Refer to
.)
FIGURE 16
Encryption Center dialog box - No group defined