Steps for connecting to a dpm appliance – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Page 765

Advertising
background image

Brocade Network Advisor SAN User Manual

713

53-1003154-01

Steps for connecting to a DPM appliance

20

Steps for connecting to a DPM appliance

All switches that you plan to include in an encryption group must have a secure connection to the
RSA Data Protection Manager (DPM). The following is a suggested order of steps needed to create
a secure connection to the DPM.

NOTE

The switch uses the manual enrollment of identities with client registration to connect with DPM 3.x
servers. Client registration is done automatically when you upgrade to Fabric OS 7.1.0 from an
earlier version and no additional user interaction is needed during the upgrade scenario.

Once completed, client registration occurs after key vault registration, when the switch attempts to
connect to the DPM server for the first time.

1. Export the Key Authentication Center (KAC) CSR to a location accessible to a CA for signing.

Refer to

“Exporting the KAC certificate signing request (CSR)”

on page 713.

2. Submit the KAC CSR for signing by a CA. Refer to

“Submitting the CSR to a certificate authority”

on page 714.

3. Set the KAC certificate registration expiry. Refer to

“KAC certificate registration expiry”

on

page 714.

4. Import the signed certificate into the Fabric OS encryption node. Refer to

“Importing the signed

KAC certificate”

on page 715.

5. Upload the signed KAC and CA certificates onto the DPM appliance and select the appropriate

key classes. Refer to the following:

“Uploading the CA certificate onto the DPM appliance (and first-time configurations)”

on

page 715.

“Uploading the KAC certificate onto the DPM appliance (manual identity enrollment)”

on

page 717.

6. If dual DPM appliances are used for high availability, the DPM appliances must be clustered,

and must operate in maximum availability mode, as described in the DPM appliance user
documentation. Refer to

“DPM key vault high availability deployment”

on page 717.

Exporting the KAC certificate signing request (CSR)

1. Export the Key Authentication Center (KAC) CSR to a temporary location prior to submitting the

KAC CSR to a CA for signing.

2. Synchronize the time on the switch and the key manager appliance. Time settings should be

within one minute of each other. Differences in time can invalidate certificates and cause key
vault operations to fail.

3. Select a switch from the Encryption Center Devices table, then select Switch > Properties from

the menu task bar to display the Properties dialog box.

NOTE

You can also select a switch from the Encryption Center Devices table, then click the
Properties icon.

Advertising
Popular Brands
Popular manuals