Smart card usage, Using authentication cards with a card reader – Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 748
696
Brocade Network Advisor SAN User Manual
53-1003154-01
Smart card usage
20
Smart card usage
Smart cards are credit card-sized cards that contain a CPU and persistent memory. Smart cards
can be used as security devices. You must have Storage Encryption Security user privileges to
activate, register, and configure smart cards.
Smart cards can be used to do the following:
•
Control user access to the Management application security administrator roles
•
Control activation of encryption engines
•
Securely store backup copies of master keys
Smart card readers provide a plug-and-play interface that allows you to read and write to a smart
card. The following smart card readers are supported:
•
GemPlus GemPC USB
http://www.gemalto.com/readers/index.html
•
Indentive
http://www.indentive-infrastructure.com
NOTE
Only the Brocade smart cards that are included with the encryption switches are supported.
Using authentication cards with a card reader
When authentication cards are used, one or more authentication cards must be read by a card
reader attached to a Management application workstation to enable certain security-sensitive
operations. These include the following:
•
Performing master key generation, backup, and restore operations.
•
Registering or deregistering and replacement of authentication cards.
•
Enabling and disabling the use of system cards.
•
Changing the quorum size for authentication cards.
Storage Encryption
Security
•
Launch the Encryption center dialog box.
•
View switch, group, or engine properties.
•
View Encryption Group Properties Security tab.
•
View LUN centric view.
•
View all rekey sessions.
•
View encryption targets, hosts, and LUNs.
•
Create a master key.
•
Backup a master key.
•
Edit smart card.
•
View and modify settings on the Encryption Group Properties Security tab (quorum size,
authentication cards list and system card requirement).
•
Establish link keys for LKM/SSKM key managers.
•
Show tape LUN statistics.
TABLE 66
Encryption privileges (Continued)
Privilege
Read/Write