Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 23
Brocade Network Advisor SAN User Manual
xxiii
53-1003154-01
Copying the local CA certificate for a clustered
ESKM/SKM appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .730
Adding ESKM/SKM appliances to the cluster . . . . . . . . . . . . .730
Signing the encryption node KAC certificates . . . . . . . . . . . . .731
Importing a signed KAC certificate into a switch . . . . . . . . . . .732
ESKM/SKM key vault high availability deployment . . . . . . . . .732
Data Encryption Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .733
ESKM/SKM key vault deregistration . . . . . . . . . . . . . . . . . . . .734
Steps for connecting to a TEKA appliance. . . . . . . . . . . . . . . . . . . .734
Setting up TEKA network connections . . . . . . . . . . . . . . . . . . .735
Creating a client on TEKA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .736
Establishing TEKA key vault credentials on the switch . . . . . .737
Signing the encryption node KAC CSR on the
TEKA appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738
Importing a signed KAC certificate into a switch . . . . . . . . . . .738
Steps for connecting to a TKLM appliance . . . . . . . . . . . . . . . . . . .739
Exporting the Fabric OS node self-signed KAC certificates. . . 740
Converting the KAC certificate format . . . . . . . . . . . . . . . . . . . 740
Establishing a default key store and device group on TKLM . 740
Adding a device to the device group. . . . . . . . . . . . . . . . . . . . . 740
Creating a self-signed certificate for TKLM . . . . . . . . . . . . . . . 741
Importing the Fabric OS encryption node KAC
certificates to TKLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741
Exporting the TKLM self-signed server certificate. . . . . . . . . . 742
Importing the TKLM certificate into the group leader . . . . . . . 742
Steps for connecting to a KMIP-compliant SafeNet KeySecure. . . 743
Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . 746
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .751
Configuring a Brocade group on the KeySecure . . . . . . . . . . .752
Registering the KeySecure Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .753
Signing the encryption node KAC CSR on KMIP . . . . . . . . . . .754
Importing a signed KAC certificate into a switch . . . . . . . . . . .756
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . .757
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . . .759
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . .760
Steps for connecting to a KMIP-compliant keyAuthority. . . . . . . . .762
Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .763
Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . .764
Configuring key vault settings for RSA Data Protection
Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .769
Configuring key vault settings for NetApp Link Key
Manager (LKM/SSKM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774
Configuring key vault settings for HP Enterprise Secure
Key Manager (ESKM/SKM). . . . . . . . . . . . . . . . . . . . . . . . . . . .780
Configuring key vault settings for Thales e_Security
keyAuthority (TEKA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784