Brocade Network Advisor SAN User Manual v12.1.0 User Manual
Page 19
Brocade Network Advisor SAN User Manual
xix
53-1002948-01
Blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579
Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . .580
Encryption node initialization and certificate generation. . . . . . . .580
Setting encryption node initialization . . . . . . . . . . . . . . . . . . .581
Key Management Interoperability Protocol . . . . . . . . . . . . . . . . . . .581
Configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582
Key vault type and vendor . . . . . . . . . . . . . . . . . . . . . . . . . . . . .583
Supported encryption key manager appliances . . . . . . . . . . . . . . .584
Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . .585
Exporting the KAC certificate signing request (CSR) . . . . . . . .585
Submitting the CSR to a certificate authority . . . . . . . . . . . . .586
KAC certificate registration expiry. . . . . . . . . . . . . . . . . . . . . . .586
Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . .587
Uploading the CA certificate onto the DPM
appliance (and first-time configurations) . . . . . . . . . . . . . . . . .587
Uploading the KAC certificate onto the DPM
appliance (manual identity enrollment) . . . . . . . . . . . . . . . . . .589
DPM key vault high availability deployment . . . . . . . . . . . . . . .589
Loading the CA certificate onto the
encryption group leader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .589
Steps for connecting to an LKM/SSKM appliance . . . . . . . . . . . . .590
Launching the NetApp DataFort Management Console . . . . .591
Establishing the trusted link . . . . . . . . . . . . . . . . . . . . . . . . . . .591
Obtaining and importing the LKM/SSKM certificate. . . . . . . .592
Exporting and registering the switch KAC certificates
on LKM/SSKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593
LKM/SSKM key vault high availability deployment . . . . . . . . .593
Data Encryption Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594
Steps for connecting to an ESKM/SKM appliance . . . . . . . . . . . . .595
Configuring a Brocade group on ESKM/SKM . . . . . . . . . . . . .596
Registering the ESKM/SKM Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597
Setting up the local Certificate Authority (CA)
on ESKM/SKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .598
Downloading the local CA certificate from ESKM/SKM . . . . .599
Creating and installing the ESKM/SKM server certificate . . .599
Enabling SSL on the Key Management
System (KMS) Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601
Creating an ESKM/SKM High Availability cluster . . . . . . . . . .601
Copying the local CA certificate for a clustered
ESKM/SKM appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .602
Adding ESKM/SKM appliances to the cluster . . . . . . . . . . . . .602
Signing the encryption node KAC certificates . . . . . . . . . . . . .603
Importing a signed KAC certificate into a switch . . . . . . . . . . .604
ESKM/SKM key vault high availability deployment . . . . . . . . .604
Data Encryption Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .605
ESKM/SKM key vault deregistration . . . . . . . . . . . . . . . . . . . .606