Steps for connecting to a dpm appliance – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 154

Advertising
background image

134

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Steps for connecting to a DPM appliance

3

Steps for connecting to a DPM appliance

All switches you plan to include in an encryption group must have a secure connection to the Data
Protection Manager (DPM). The following procedure is a suggested order of steps for creating a
secure connection to DPM.

NOTE

The Brocade Encryption Switch will not use the Identity Auto Enrollment feature supported with DPM
3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x server
with the Brocade Encryption Switch. Refer to

“Client registration for manual enrollment”

on

page 140.

1. Initialize the encryption engines on every Fabric OS encryption node that is expected to

perform encryption within the fabric. The cryptocfg

--

initnode command generates a Key

Archive Client

Certificate Signing Request (KAC CSR) that must be present to enable

subsequent steps. Refer to

“Initializing the Fabric OS encryption engines”

on page 135.

2. Export the KAC CSR to a location accessible to a certificate authority (CA) for signing. Refer to

“Exporting the KAC certificate signing request (CSR)”

on page 136.

3. Submit the KAC CSR for signing by a CA. Refer to

“Submitting the CSR to a CA”

on page 136.

4. Import the signed certificate into the Fabric OS encryption node. Refer to

“Importing the signed

KAC certificate”

on page 137.

5. Upload the CA certificate onto the DPM key vault. Refer to

“Uploading the CA certificate onto

the DPM appliance (and first-time configurations)”

on page 138.

6. Upload the KAC certificate onto the DPM appliance, then select the appropriate key classes.

Refer to

“Uploading the KAC certificate onto the DPM apliance (manual identity enrollment)”

on

page 139.

7. If dual DPM appliances are used for high availability, the DPM appliances must be clustered

and must operate in maximum availability mode, as described in the DPM appliance user
documentation.

8. Create a Brocade encryption group. Refer to

“Creating a Brocade encryption group”

on

page 139.

9. Register the DPM on the group leader by exporting the CA certificate for the CA that signed the

DPM certificate. Refer to

“Client registration for manual enrollment”

on page 140.

NOTE

DPM is formerly referred to as RKM. DPM 3.x servers are referred to as DPM. DPM is compatible
with Fabric OS 7.1.0 and later. RSA servers using the RKM 2.1.1 client are compatible with earlier
Fabric OS versions (for example, v7.0.1) are still referred to as RKM.

Advertising
Popular Brands
Popular manuals