beautypg.com

Creating a new master key, Security settings, Zeroizing an encryption engine – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

Page 1203: Security settings 1, Zeroizing an encryption engine 1, Creating a new, Master key

background image

Brocade Network Advisor SAN + IP User Manual

1131

53-1003155-01

Security settings

25

Creating a new master key

1. Select Configure > Encryption from the menu task bar to display the Encryption Center

dialog box. (Refer to

Figure 376

on page 976.)

2. Select a group from the Encryption Center Devices table, then select Group > Security from the

menu task bar.

The Encryption Group Properties dialog box displays with the Security tab selected.

3. Select Create a New Master Key from the list.

A warning displays.

4. Click Yes to proceed.

Security settings

Security settings help you identify if system cards are required to initialize an encryption engine
and also determine the number of authentication cards needed for a quorum.

1. Select Configure > Encryption from the menu task bar to display the Encryption Center

dialog box. (Refer to

Figure 376

on page 976.)

2. Select a group from the Encryption Center Devices table, then select Group > Security from the

menu task bar.

The Select Security Settings dialog box displays. The dialog box contains the following
information:

Quorum Cards: Select the number of authentication cards needed for a quorum. The
quorum is always set to one card less than the number of cards registered. For example, if
you register three cards, the quorum needed for authentication is two.

System Cards: Determine whether or not a system card is required to initialize the
encryption engine

NOTE

The Select Security Settings dialog box only sets a quorum number for authentication cards. To
register authentication cards, click Next to display the Authentication Cards dialog box.

Zeroizing an encryption engine

Zeroizing is the process of erasing all data encryption keys and other sensitive encryption
information in an encryption engine. You can zeroize an encryption engine manually to protect
encryption keys. No data is lost because the data encryption keys for the encryption targets are
stored in the key vault.

Zeroizing has the following effects:

All copies of data encryption keys (DEKs) kept in the encryption switch or blade are erased.

Internal public and private key pairs that identify the encryption engine are erased and the
encryption switch or blade is in the FAULTY state.

See also other documents in the category Brocade Software: