Understanding configuration status results – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 65
Fabric OS Encryption Administrator’s Guide (DPM)
45
53-1002922-01
Creating an encryption group
2
FIGURE 28
Next Steps dialog box
13. Review the post-configuration instructions, which you can copy to a clipboard or print for later,
then click Finish to exit the wizard.
Understanding configuration status results
After configuration of the encryption group is completed, Brocade Network Advisor sends API
commands to verify the switch configuration. The CLI commands are detailed in the encryption
administrator’s guide for your key vault management system.
1. Initialize the switch. If the switch is not already in the initiated state, Brocade Network Advisor
performs the cryptocfg
--
initnode command.
2. Create an encryption group on the switch. Brocade Network Advisor creates a new group using
the cryptocfg
--
create
-
encgroup command, and sets the key vault type using the cryptocfg
--
set
-
keyvault command.
3. Register the key vault. Brocade Network Advisor registers the key vault using the cryptocfg
--
reg keyvault command.
4. Enable the encryption engines. Brocade Network Advisor initializes an encryption switch using
the cryptocfg
--
initEE [<slotnumber>] and cryptocfg
--
regEE [<slotnumber>] commands.
5. Create a new master key. (Opaque key vaults only). Brocade Network Advisor checks for a new
master key. New master keys are generated from the Security tab located in the Encryption
Group Properties dialog box.
6. Save the switch’s public key certificate to a file. Brocade Network Advisor saves the KAC
certificate in the specified file.
7. Back up the master key to a file. (Opaque key vaults only). Brocade Network Advisor saves the
master key in the specified file.