beautypg.com

Brocade Network Advisor SAN + IP User Manual v12.1.0 User Manual

Page 26

background image

xxvi

Brocade Network Advisor SAN + IP User Manual

53-1002949-01

ESKM/SKM key vault deregistration . . . . . . . . . . . . . . . . . . . .892

Steps for connecting to a TEKA appliance. . . . . . . . . . . . . . . . . . . .892

Setting up TEKA network connections . . . . . . . . . . . . . . . . . . .893
Creating a client on TEKA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894
Establishing TEKA key vault credentials on the switch . . . . . .895
Signing the encryption node KAC CSR on the
TEKA appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .896
Importing a signed KAC certificate into a switch . . . . . . . . . . .897

Steps for connecting to a TKLM appliance . . . . . . . . . . . . . . . . . . .897

Exporting the Fabric OS node self-signed KAC certificates. . .898
Converting the KAC certificate format . . . . . . . . . . . . . . . . . . .898
Establishing a default key store and device group
on TKLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898
Adding a device to the device group. . . . . . . . . . . . . . . . . . . . .899
Creating a self-signed certificate for TKLM . . . . . . . . . . . . . . .899
Importing the Fabric OS encryption node KAC certificates
to TKLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .899
Exporting the TKLM self-signed server certificate. . . . . . . . . .900
Importing the TKLM certificate into the group leader . . . . . . .901

Steps for connecting to a KMIP-compliant SafeNet KeySecure. . .901

Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .902
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .903
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . .904
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .909
Configuring a Brocade group on the KeySecure . . . . . . . . . . .910
Registering the KeySecure Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .911
Signing the encryption node KAC CSR on KMIP . . . . . . . . . . .912
Importing a signed KAC certificate into a switch . . . . . . . . . . .914
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . .915
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . .918

Steps for connecting to a KMIP-compliant keyAuthority. . . . . . . . .920

Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921

Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . .922

Configuring key vault settings for RSA Data
Protection Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . .927
Configuring key vault settings for NetApp Link
Key Manager (LKM/SSKM) . . . . . . . . . . . . . . . . . . . . . . . . . . . .932
Configuring key vault settings for HP Enterprise Secure
Key Manager (ESKM/SKM). . . . . . . . . . . . . . . . . . . . . . . . . . . .938
Configuring key vault settings for Thales e_Security
keyAuthority (TEKA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .943
Configuring key vault settings for IBM Tivoli Key
Lifetime Manager (TKLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .948
Configuring key vault settings for Key Management
Interoperability Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .952
Understanding configuration status results. . . . . . . . . . . . . . .959

Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . .959

See also other documents in the category Brocade Software: