Adding a switch to an encryption group – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 79
Fabric OS Encryption Administrator’s Guide (KMIP)
61
53-1002747-02
Adding a switch to an encryption group
2
3. Register the key vault. BNA registers the key vault using the cryptocfg
--
reg keyvault
command.
4. Enable the encryption engines. BNA initializes an encryption switch using the cryptocfg
--
initEE [<slotnumber>] and cryptocfg
--
regEE [<slotnumber>] commands.
5. Create a new master key. (Opaque key vaults only). BNA checks for a new master key. New
master keys are generated from the Security tab located in the Encryption Group Properties
dialog box.
NOTE
A master key is not generated if the key vault type is LKM. LKM manages DEK exchanges
through a trusted link, and the LKM appliance uses its own master key to encrypt DEKs.
6. Save the switch’s public key certificate to a file. BNA saves the KAC certificate in the specified
file.
7. Back up the master key to a file. (Opaque key vaults only). BNA saves the master key in the
specified file.
Adding a switch to an encryption group
The setup wizard allows you to either create a new encryption group, or add an encryption switch to
an existing encryption group. Use the following procedure to add a switch to an encryption group:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box (Refer to
2. Select a switch to add from the Encryption Center Devices table, then select Switch >
Create/Add to Group from the menu task bar.
NOTE
The switch must not already be in an encryption group.
The Configure Switch Encryption wizard welcome screen displays (