Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 22
xxii
Brocade Network Advisor SAN User Manual
53-1003154-01
Deregistering an authentication card . . . . . . . . . . . . . . . . . . .700
Setting a quorum for authentication cards . . . . . . . . . . . . . . .700
Using system cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .701
Enabling or disabling the system card requirement . . . . . . . .702
Registering system cards from a card reader . . . . . . . . . . . . .702
Deregistering system cards . . . . . . . . . . . . . . . . . . . . . . . . . . .703
Using smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .703
Tracking smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .703
Editing smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .706
Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .707
Blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .707
Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . .708
Encryption node initialization and certificate generation. . . . . . . .708
Setting encryption node initialization . . . . . . . . . . . . . . . . . . .709
Key Management Interoperability Protocol . . . . . . . . . . . . . . . . . . .709
Configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Key vault type and vendor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
Supported encryption key manager appliances . . . . . . . . . . . . . . .712
Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . .713
Exporting the KAC certificate signing request (CSR) . . . . . . . . 713
Submitting the CSR to a certificate authority . . . . . . . . . . . . . 714
KAC certificate registration expiry. . . . . . . . . . . . . . . . . . . . . . . 714
Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . . 715
Uploading the CA certificate onto the DPM appliance (and first-time
configurations) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
Uploading the KAC certificate onto the DPM appliance (manual
identity enrollment) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
DPM key vault high availability deployment . . . . . . . . . . . . . . . 717
Loading the CA certificate onto the encryption group leader . 717
Steps for connecting to an LKM/SSKM appliance . . . . . . . . . . . . .718
Launching the NetApp DataFort Management Console . . . . . 719
Establishing the trusted link . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
Obtaining and importing the LKM/SSKM certificate. . . . . . . .720
Exporting and registering the switch KAC certificates
on LKM/SSKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .721
LKM/SSKM key vault high availability deployment . . . . . . . . .721
Data Encryption Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722
Steps for connecting to an ESKM/SKM appliance . . . . . . . . . . . . .723
Configuring a Brocade group on ESKM/SKM . . . . . . . . . . . . .724
Registering the ESKM/SKM Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725
Setting up the local Certificate Authority (CA)
on ESKM/SKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .726
Downloading the local CA certificate from ESKM/SKM . . . . .727
Creating and installing the ESKM/SKM server certificate . . .727
Enabling SSL on the Key Management
System (KMS) Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729
Creating an ESKM/SKM High Availability cluster . . . . . . . . . .729