Adding a member node to an encryption group – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 178

Advertising
background image

160

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Adding a member node to an encryption group

3

Server SDK Version: 4.8.1

Encryption Node (Key Vault Client) Information:
Node KAC Certificate Validity: Yes
Time of Day on the Switch: 2010-03-17 17:22:05
Client SDK Version: 4.8.2.000017
Client Username: brcduser1
Client Usergroup: brocade
Connection Timeout: 10 seconds
Response Timeout: 10 seconds
Connection Idle Timeout: N/A

Key Vault configuration and connectivity checks successful, ready for key
operations.

Authentication Quorum Size: 0
Authentication Cards:
Certificate ID / label : qc.4250420d02048578 /
sumita:gorla:qc.4250420d02048578
Certificate ID / label : qc.4250420d02047881 /
sumita:gorla:qc.4250420d02047881

NODE LIST
Total Number of defined nodes: 2
Group Leader Node Name: 10:00:00:05:1e:53:8a:67
Encryption Group state: CLUSTER_STATE_CONVERGED

Node Name IP address Role
10:00:00:05:1e:53:8a:83 10.32.71.127 MemberNode (current node)
EE Slot: 0
SP state: Online
10:00:00:05:1e:53:8a:67 10.32.71.129 GroupLeader
EE Slot: 0
SP state: Online

Adding a member node to an encryption group

During the initialization phase a set of key pairs and certificates are generated on every node.
These certificates are used for mutual identification and authentication with other group members
and with KMIP. Every device must have a certificate in order to participate in a deployment of
encryption services. Some devices must have each other’s certificates in order to communicate.

Before adding a member node to an encryption group, ensure that the node has been properly
initialized and that all encryption engines are in an enabled state. See

“Initializing the Brocade

encryption engines”

on page 157.

After adding the member node to the encryption group, the following operations can still be
performed on the member node if necessary. Initially, these commands should not be necessary if
the initialization procedure was followed:

cryptocfg

--

initEE

cryptocfg

--

regEE

cryptocfg

--

enableEE

Advertising
Popular Brands
Popular manuals