Encryption preparation, Creating a new encryption group, Encryption preparation 5 – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

Brocade Network Advisor SAN + IP User Manual

1045

53-1003155-01

Encryption preparation

25

Encryption preparation

Before you use the encryption setup wizard for the first time, you should have a detailed
configuration plan in place and available for reference. The encryption setup wizard assumes the
following:

•

You have a plan in place to organize encryption devices into encryption groups.

•

If you want redundancy and high availability in your implementation, you have a plan to create
high availability (HA) clusters of two encryption switches or blades to provide failover support.

•

All switches in the planned encryption group are interconnected on an I/O synch LAN.

•

The management ports on all encryption switches and 8-slot Backbone Chassis CPs that have
encryption blades installed, have a LAN connection to the SAN management program and are
available for discovery.

•

A supported key management appliance is connected on the same LAN as the encryption
switches, 8-slot Backbone Chassis CPs, and the SAN Management program.

•

An external host is available on the LAN to facilitate certificate exchange.

•

Switch KAC certificates have been signed by a CA and stored in a known location.

•

Key management system (key vault) certificates have been obtained and stored in a known
location.

Creating a new encryption group

The following steps describe how to start and run the encryption setup wizard and create a new
encryption group.

NOTE

When a new encryption group is created, any existing tape pools in the switch are removed.

1. Select Configure > Encryption from the menu task bar to display the Encryption Center

dialog box. (Refer to

Figure 423

.)

FIGURE 423

Encryption Center dialog box - No group defined