Launching the netapp datafort management console, Establishing the trusted link, Launching the netapp – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Brocade Network Advisor SAN User Manual

719

53-1003154-01

Steps for connecting to an LKM/SSKM appliance

20

Launching the NetApp DataFort Management Console

The NetApp DataFort Management Console (DMC) must be installed on your PC or workstation to
complete certain procedures described in this chapter. Refer to the appropriate DMC product
documentation for DMC installation instructions. After you install the DMC, complete the following
steps:

1. Launch the DMC.

2. Click the Appliance tab on the top panel.

3. Add the NetApp LKM/SSKM appliance IP address or hostname.

4. Right-click the added IP address and log in to the NetApp LKM/SSKM key vault.

Establishing the trusted link

You must generate the trusted link establishment package (TEP) on all nodes to obtain a trusted
acceptance package (TAP) before you can establish a trusted link between each node and the
NetApp LKM/SSKM appliance.

1. Select Configure > Encryption from the menu task bar to display the Encryption Center

dialog box. (Refer to

Figure 266

on page 694.)

2. Select an LKM/SSKM group from the Encryption Center Devices table, then select Group >

Link Keys from the menu task bar.

The switch name displays in the link status table under Switch, with a Link Key Status of
Link Key requested, waiting for LKM approval.

3. Select the switch, then click Establish.

This sends a Trust Establishment Package (TEP) message to the LKM/SSKM, which is needed
to establish the trusted link between the switch and the LKM/SSKM appliance.

4. Launch the NetApp DataFort Management Console (DMC) and click the View Unapproved

Trustees tab.

The switch is listed as openkey_trustee_<ip address>, where the IP address is the switch
IP address.

5. Select the switch, then click Approve and Create TAP.

The Approve TEP dialog box displays. The TEP must be approved before a TAP can be created.

6. Provide a label in the dialog box, then click Approve to approve the TEP.

A list of recovery cards and recovery officers is displayed. TEP approval is done by a quorum of
recovery officers, using assigned recovery cards. Each recovery officer must individually insert
one of the listed recovery cards into a card reader attached to the PC or workstation, then
enter the password for that card and click Start. The procedure is repeated until a quorum of
recovery officers has approved the TEP.

7. Save the TAP to a file (location does not matter).

8. Select the Link Keys tab from the Encryption Group Properties dialog box.

9. Select the switch in the link key status table, then click Accept to retrieve the TAP from the

LKM/SSKM appliance.

10. Repeat the above steps for each of the remaining member nodes.