Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual
Page 27
Brocade Network Advisor SAN + IP User Manual
xxvii
53-1003155-01
Importing the Fabric OS encryption node KAC
certificates to TKLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023
Exporting the TKLM self-signed server certificate. . . . . . . . .1024
Importing the TKLM certificate into the group leader . . . . . .1024
Steps for connecting to a KMIP-compliant SafeNet KeySecure. 1025
Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1027
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . 1028
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
Configuring a Brocade group on the KeySecure . . . . . . . . . 1034
Registering the KeySecure Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035
Signing the encryption node KAC CSR on KMIP . . . . . . . . . 1036
Importing a signed KAC certificate into a switch . . . . . . . . . 1038
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . 1039
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . .1041
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . 1042
Steps for connecting to a KMIP-compliant keyAuthority. . . . . . . 1044
Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045
Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . 1045
Configuring key vault settings for RSA Data Protection
Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1050
Configuring key vault settings for NetApp Link
Key Manager (LKM/SSKM) . . . . . . . . . . . . . . . . . . . . . . . . . . 1056
Configuring key vault settings for HP Enterprise
Secure Key Manager (ESKM/SKM) . . . . . . . . . . . . . . . . . . . 1062
Configuring key vault settings for Thales e_Security
keyAuthority (TEKA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1066
Configuring key vault settings for IBM Tivoli Key
Lifetime Manager (TKLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . .1071
Configuring key vault settings for Key Management
Interoperability Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1076
Understanding configuration status results. . . . . . . . . . . . . 1082
Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . 1083
Replacing an encryption engine in an encryption group . . . . . . 1088
High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1089
HA cluster configuration rules . . . . . . . . . . . . . . . . . . . . . . . 1089
Creating HA clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1090
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . .1091
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . 1092
Failback option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1092
Configuring encryption storage targets . . . . . . . . . . . . . . . . . . . . 1093
Adding an encryption target . . . . . . . . . . . . . . . . . . . . . . . . . 1093
Configuring hosts for encryption targets . . . . . . . . . . . . . . . . . . . .1101
Adding target disk LUNs for encryption . . . . . . . . . . . . . . . . . . . . 1103
Configuring storage arrays . . . . . . . . . . . . . . . . . . . . . . . . . . 1108
Remote replication LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1108
SRDF pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109