Steps for connecting to an lkm/sskm appliance, Figure 276 – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

718

Brocade Network Advisor SAN User Manual

53-1003154-01

Steps for connecting to an LKM/SSKM appliance

20

.

FIGURE 276

Encryption Group Properties with Key Vault Certificate

2. Select Load from File and browse to the location on your client PC that contains the

downloaded CA certificate in .pem format.

Steps for connecting to an LKM/SSKM appliance

The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network
appliance. The encryption engine and LKM appliance communicate over a trusted link. A trusted
link is a secure connection established between the switch or blade and the NetApp LKM/SSKM
appliance, using a shared secret called a link key.

The following configuration steps are performed from the NetApp DataFort Management Console
(DMC) and from the Management application:

•

Install and launch the NetApp DataFort Management Console. Refer to

“Launching the NetApp

DataFort Management Console”

on page 719.

•

Establish the trusted link. Refer to

“Establishing the trusted link”

on page 719.

•

Obtain and import the LKM/SSKM certificate. Refer to

“Obtaining and importing the

LKM/SSKM certificate”

on page 720.

•

Export and register encryption node certificates on LKM/SSKM. Refer to

“Exporting and

registering the switch KAC certificates on LKM/SSKM”

on page 721.

•

If required, create an LKM/SSKM cluster for high availability. Refer to

“LKM/SSKM key vault

high availability deployment”

on page 721.

•

Understanding Data Encryption Keys (DEKs). Refer to

“Data Encryption Keys”

on page 722.