Adding a switch to an encryption group, Adding a switch to an encryption group 3 – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual
Page 1155
Brocade Network Advisor SAN + IP User Manual
1083
53-1003155-01
Adding a switch to an encryption group
25
3. Register the key vault. BNAThe Management application registers the key vault using the
cryptocfg
--
reg keyvault command.
4. Enable the encryption engines. BNAThe Management application initializes an encryption
switch using the cryptocfg
--
initEE [
--
regEE [
commands.
5. Create a new master key. (Opaque key vaults only). BNAThe Management application checks
for a new master key. New master keys are generated from the Security tab located in the
Encryption Group Properties dialog box.
NOTE
A master key is not generated if the key vault type is LKM/SSKM. LKM/SSKM manages DEK
exchanges through a trusted link, and the LKM/SSKM appliance uses its own master key to
encrypt DEKs.
6. Save the switch’s public key certificate to a file. BNAThe Management application saves the
KAC certificate in the specified file.
7. Back up the master key to a file. (Opaque key vaults only). BNAThe Management application
saves the master key in the specified file.
Adding a switch to an encryption group
The setup wizard allows you to either create a new encryption group, or add an encryption switch to
an existing encryption group. Use the following procedure to add a switch to an encryption group:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box. (Refer to
Figure 376
on page 976.)
2. Select a switch to add from the Encryption Center Devices table, then select Switch >
Create/Add to Group from the menu task bar.
NOTE
The switch must not already be in an encryption group.
The Configure Switch Encryption wizard welcome screen displays. (Refer to
Figure 468
.)