beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 6

background image

vi

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Viewing and editing encryption group properties . . . . . . . . . . . . . . . 97

General tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Members tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Consequences of removing an encryption switch . . . . . . . . . .102
Security tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
HA Clusters tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Link Keys tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Tape Pools tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Engine Operations tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110

Encryption-related acronyms in log messages . . . . . . . . . . . . . . . .111

Chapter 3

Configuring Encryption Using the CLI

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Command validation checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Command RBAC permissions and AD types . . . . . . . . . . . . . . . . . .115

Cryptocfg Help command output . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Management LAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Configuring cluster links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Special consideration for blades . . . . . . . . . . . . . . . . . . . . . . .119
IP Address change of a node within an encryption group. . . .120

Setting encryption node initialization . . . . . . . . . . . . . . . . . . . . . . .120

Steps for connecting to an LKM/SSKM appliance . . . . . . . . . . . . .121

Initializing the Fabric OS encryption engines. . . . . . . . . . . . . .122
Obtaining and importing the LKM/SSKM certificate. . . . . . . .123
Exporting and registering the switch KAC certificates. . . . . . .124
Registering LKM/SSKM on the encryption group leader . . . .125
Launching the NetApp DataFort Management Console . . . . .126
Establishing the trusted link . . . . . . . . . . . . . . . . . . . . . . . . . . .127
LKM/SSKM key vault high availability deployment . . . . . . . . .128
Creating Brocade encryption group leader . . . . . . . . . . . . . . .129
Adding a member node to an encryption group . . . . . . . . . . .130

High availability cluster configuration . . . . . . . . . . . . . . . . . . . . . . .132

HA cluster configuration rules. . . . . . . . . . . . . . . . . . . . . . . . . .132
Creating an HA cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Adding an encryption engine to an HA cluster. . . . . . . . . . . . .134
Failover/failback policy configuration. . . . . . . . . . . . . . . . . . . .134

Enabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Zoning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Setting default zoning to no access . . . . . . . . . . . . . . . . . . . . .136
Frame redirection zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Creating an initiator - target zone . . . . . . . . . . . . . . . . . . . . . . .137

See also other documents in the category Brocade Computer Accessories: