beautypg.com

Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

Page 27

background image

Brocade Network Advisor SAN + IP User Manual

xxvii

53-1003155-01

Importing the Fabric OS encryption node KAC
certificates to TKLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023
Exporting the TKLM self-signed server certificate. . . . . . . . .1024
Importing the TKLM certificate into the group leader . . . . . .1024

Steps for connecting to a KMIP-compliant SafeNet KeySecure. 1025

Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1027
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . 1028
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
Configuring a Brocade group on the KeySecure . . . . . . . . . 1034
Registering the KeySecure Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035
Signing the encryption node KAC CSR on KMIP . . . . . . . . . 1036
Importing a signed KAC certificate into a switch . . . . . . . . . 1038
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . 1039
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . .1041
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . 1042

Steps for connecting to a KMIP-compliant keyAuthority. . . . . . . 1044

Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045

Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . 1045

Configuring key vault settings for RSA Data Protection
Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1050
Configuring key vault settings for NetApp Link
Key Manager (LKM/SSKM) . . . . . . . . . . . . . . . . . . . . . . . . . . 1056
Configuring key vault settings for HP Enterprise
Secure Key Manager (ESKM/SKM) . . . . . . . . . . . . . . . . . . . 1062
Configuring key vault settings for Thales e_Security
keyAuthority (TEKA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1066
Configuring key vault settings for IBM Tivoli Key
Lifetime Manager (TKLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . .1071
Configuring key vault settings for Key Management
Interoperability Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1076
Understanding configuration status results. . . . . . . . . . . . . 1082

Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . 1083

Replacing an encryption engine in an encryption group . . . . . . 1088

High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1089

HA cluster configuration rules . . . . . . . . . . . . . . . . . . . . . . . 1089
Creating HA clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1090
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . .1091
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . 1092
Failback option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1092

Configuring encryption storage targets . . . . . . . . . . . . . . . . . . . . 1093

Adding an encryption target . . . . . . . . . . . . . . . . . . . . . . . . . 1093

Configuring hosts for encryption targets . . . . . . . . . . . . . . . . . . . .1101

Adding target disk LUNs for encryption . . . . . . . . . . . . . . . . . . . . 1103

Configuring storage arrays . . . . . . . . . . . . . . . . . . . . . . . . . . 1108
Remote replication LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1108
SRDF pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109

See also other documents in the category Brocade Software: