Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 4
iv
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Support for virtual fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Cisco Fabric Connectivity support . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Configuring Encryption Using the Management Application
Encryption Center features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Encryption user privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Using authentication cards with a card reader . . . . . . . . . . . . . 16
Registering authentication cards from a card reader . . . . . . . . 17
Registering authentication cards from the database . . . . . . . . 19
Deregistering an authentication card. . . . . . . . . . . . . . . . . . . . .20
Setting a quorum for authentication cards . . . . . . . . . . . . . . . .20
Using system cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Enabling or disabling the system card requirement . . . . . . . . .22
Registering systems card from a card reader . . . . . . . . . . . . . .22
Deregistering system cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Using smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Tracking smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Editing smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . . . 27
Encryption node initialization and certificate generation. . . . . . . . .28
Setting encryption node initialization . . . . . . . . . . . . . . . . . . . . .28
Key Management Interoperability Protocol . . . . . . . . . . . . . . . . . . . .29
Steps for connecting to a KMIP appliance (SafeNet KeySecure). . .29
Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Configuring a Brocade group on the KeySecure appliance . . .40
Registering the KeySecure Brocade group user name and
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Signing the encryption node KAC CSR on KMIP . . . . . . . . . . . .42
Importing a signed KAC certificate into a switch . . . . . . . . . . . .43
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Creating an encryption group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Configuring key vault settings for Key Management
Interoperability Protocol (KMIP) . . . . . . . . . . . . . . . . . . . . . . . . .55
Understanding configuration status results. . . . . . . . . . . . . . . .60
Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . . . 61
Replacing an encryption engine in an encryption group . . . . . . . . .67