Understanding configuration status results, Adding a switch to an encryption group, Understanding configuration status – Brocade Network Advisor SAN User Manual v12.1.0 User Manual
Page 721: Results
Brocade Network Advisor SAN User Manual
673
53-1002948-01
Adding a switch to an encryption group
20
Understanding configuration status results
After configuration of the encryption group is completed, the Management application sends API
commands to verify the switch configuration. The CLI commands are detailed in the encryption
administrator’s guide for your key vault management system.
1. Initialize the switch. If the switch is not already in the initiated state, the Management
application performs the cryptocfg
--
initnode command.
2. Create an encryption group on the switch. The Management application creates a new group
using the cryptocfg
--
create
-
encgroup command, and sets the key vault type using the
cryptocfg
--
set
-
keyvault command.
3. Register the key vault. The Management application registers the key vault using the
cryptocfg
--
reg keyvault command.
4. Enable the encryption engines. The Management application initializes an encryption switch
using the cryptocfg
--
initEE [<slotnumber>] and cryptocfg
--
regEE [<slotnumber>]
commands.
5. Create a new master key. (Opaque key vaults only). The Management application checks for a
new master key. New master keys are generated from the Security tab located in the
Encryption Group Properties dialog box.
NOTE
A master key is not generated if the key vault type is LKM/SSKM. LKM/SSKM manages DEK
exchanges through a trusted link, and the LKM/SSKM appliance uses its own master key to
encrypt DEKs.
6. Save the switch’s public key certificate to a file. The Management application saves the KAC
certificate in the specified file.
7. Back up the master key to a file. (Opaque key vaults only). The Management application saves
the master key in the specified file.
Adding a switch to an encryption group
The setup wizard allows you to either create a new encryption group, or add an encryption switch to
an existing encryption group. Use the following procedure to add a switch to an encryption group:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box. (Refer to
Figure 196
on page 566.)
2. Select a switch to add from the Encryption Center Devices table, then select Switch >
Create/Add to Group from the menu task bar.
NOTE
The switch must not already be in an encryption group.
The Configure Switch Encryption wizard welcome screen displays. (Refer to
Figure 288
.)