Dpm key vault high availability deployment – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 53

Advertising
background image

Fabric OS Encryption Administrator’s Guide (DPM)

33

53-1002922-01

Steps for connecting to a DPM appliance

2

h. Click Next.

i.

Repeat

step a

through

step h

for each key class.

j.

Click Finish.

Uploading the KAC certificate onto the DPM appliance (manual identity
enrollment)

NOTE

The Brocade Encryption Switch will not use the Identity Auto Enrollment feature supported with
DPM 3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x
server with the Brocade Encryption Switch as described in this section.

You need to install the switch public key certificate (KAC certificate). For each encryption node,
manually create an identity as follows:

1. Select the Identities tab.

2. Click Create.

3. Enter a label for the node in the Name field. This is a user-defined identifier.

4. Select the Hardware Retail Group in the Identity Groups field.

5. Select the Operational User role in the Authorization field.

6. Click Browse and select the imported certificate as the Identity certificate.

7. Click Save.

The CA certificate file referenced in the SSLCAcertificateFile field (see

step 4

) must be imported

and registered on the switch designated as an encryption group leader. You might want to note this
location before proceeding to

“Loading the CA certificate onto the encryption group leader”

on

page 34.

DPM key vault high availability deployment

When dual DPM appliances are used for high availability, the DPM appliances must be clustered
and must operate in maximum availability mode, as described in the DPM appliance user
documentation.

When dual DPM appliances are clustered, they are accessed using an IP load balancer. For a
complete high availability deployment, the multiple IP load balancers are clustered, and the IP load
balancer cluster exposes a virtual IP address called a floating IP address. The floating IP address
must be registered on the encryption group leader.

Neither the secondary DPM appliance nor individual DPM appliance IP addresses should be
registered.

Advertising
Popular Brands
Popular manuals