Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual
Page 1225

Brocade Network Advisor SAN + IP User Manual
Viewing and editing encryption group properties
Backup Key Vault Connection Status: The status of the backup key vault link. Options are:
Not configured
Not responding
Failed authentication
High Availability Mode: (For KMIP key vault type.) Options are:
Opaque: Both the primary and secondary key vaults are registered on the Brocade
Encryption Switchswitch. The client archives the key to a single (primary) key vault. For
disk operations, an additional key hardening check is done on the secondary key vault
before the key is used for encryption.
Transparent: A single key vault should be registered on the Brocade Encryption
Switchswitch. The client assumes the entire HA is implemented on the key vault. Key
archival and retrieval is done to the KMIP without any additional key hardening
No HA: Both the primary and secondary key vaults are registered on the Brocade
Encryption Switchswitch. The client archives keys to both key vaults and ensures that
the archival is successful before the key is used for encryption.
None: High availability is not configured.
Not Applicable: Displayed if your selected key vault type is not KMIP.
User Authentication: (For KMIP key vault type.) The methods used to authenticate a user.
Options are:
Username and Password: Activates the Primary and Backup Key Vault User Names
and password fields for completion.
Username: Activates the Primary and Backup Key Vault User Names for completion.
None: Deactivates Primary and Backup Key Vault User Names and password fields.
Not Applicable: Displayed if your selected key vault type is not KMIP.
Certificate Type: (For KMIP key vault type.) Displays the TLS certificate type used between
the BES and the key vault. Options are:
CA Signed: The BES KAC certificate is signed by a CA, imported back on the Brocade
Encryption Switchswitch and registered as a KAC certificate. The CA will be registered
as a key vault certificate on the Brocade Encryption Switchswitch.
Self Signed: The self-signed certificates are exchanged and registered on both ends.
The key vault certificate is registered on the BES and the BES KAC certificate is
registered on the key vault.
Vendor Name: (For KMIP key vault type) Displays the supported key vendor server. The
vendor name will display the connected key vault through KMIP.
Primary Key Vault Certificate table: Displays the details of the primary vault certificate; for
example, version and signature information. The Load from File button allows you to locate
and load a primary key vault certificate from a different location.
Backup Key Vault Certificate table: Displays the details of the backup vault certificate; for
example, version and signature information. The Load from File button allows you to locate
and load a backup key vault certificate from a different location.