Adding a switch to an encryption group – Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 853
Brocade Network Advisor SAN User Manual
801
53-1003154-01
Adding a switch to an encryption group
20
3. Register the key vault. The Management application registers the key vault using the
cryptocfg
--
reg keyvault command.
4. Enable the encryption engines. The Management application initializes an encryption switch
using the cryptocfg
--
initEE [
--
regEE [
commands.
5. Create a new master key. (Opaque key vaults only). The Management application checks for a
new master key. New master keys are generated from the Security tab located in the
Encryption Group Properties dialog box.
NOTE
A master key is not generated if the key vault type is LKM/SSKM. LKM/SSKM manages DEK
exchanges through a trusted link, and the LKM/SSKM appliance uses its own master key to
encrypt DEKs.
6. Save the switch’s public key certificate to a file. The Management application saves the KAC
certificate in the specified file.
7. Back up the master key to a file. (Opaque key vaults only). The Management application saves
the master key in the specified file.
Adding a switch to an encryption group
The setup wizard allows you to either create a new encryption group, or add an encryption switch to
an existing encryption group. Use the following procedure to add a switch to an encryption group:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box. (Refer to
2. Select a switch to add from the Encryption Center Devices table, then select Switch >
Create/Add to Group from the menu task bar.
NOTE
The switch must not already be in an encryption group.
The Configure Switch Encryption wizard welcome screen displays. (Refer to
.)