Registering dpm on a, Fabric os encryption group leader – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 165
Fabric OS Encryption Administrator’s Guide (DPM)
145
53-1002922-01
Adding a member node to an encryption group
3
Encryption Group state:
CLUSTER_STATE_CONVERGED
Node Name:
10:00:00:05:1e:41:9a:7e (current node)
State:
DEF_NODE_STATE_DISCOVERED
Role:
GroupLeader
IP Address:
10.32.244.71
Certificate:
GL_cpcert.pem
Current Master Key State: Not configured
Current Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master Key State:Not configured
Alternate Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
EE Slot: 0
SP state:
Operational; Need Valid KEK
Current Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership
Node Name:
10:00:00:05:1e:39:14:00
State:
DEF_NODE_STATE_DISCOVERED
Role:
MemberNode
IP Address:
10.32.244.60
Certificate:
enc1_cpcert.pem
Current Master Key State: Not configured
Current Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master Key State:Not configured
Alternate Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
EE Slot:
0
SP state:
Unknown State
Current Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership
Registering DPM on a Fabric OS encryption group leader
You will need to know the download location for the CA certificate. The path to the file was entered
in the SSLCAcertificateFile field when
“Uploading the CA certificate onto the DPM appliance (and
on page 138. Also, if you are using an DPM cluster for high availability,
you will need the virtual IP address, as described in
“DPM key vault high availability deployment”
1. Log in as Admin or SecurityAdmin.
2. Set the key vault type to DPM by entering the cryptocfg
--
set -keyvault command. Successful
execution sets the key vault type for the entire encryption group. The following example sets
the keyvault type to DPM:
SecurityAdmin:switch> cryptocfg --set -keyvault DPM
Set key vault status: Operation Succeeded.
3. Import and register DPM on the group leader using the CA certificate for the CA that signed the
DPM key vault certificate. The group leader automatically shares this information with other
group members. It might take a minute to complete the operation.
SecurityAdmin:switch> cryptocfg --import -scp <CA certificate file>
<host IP> <host username> <host path>