Steps for connecting to an eskm/skm appliance, Steps, For connecting to an eskm/skm appliance – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Brocade Network Advisor SAN User Manual

723

53-1003154-01

Steps for connecting to an ESKM/SKM appliance

20

LKM/SSKM key vault deregistration

Deregistration of either the primary or secondary LKM/SSKM key vault from an encryption switch
or blade is allowed independently.

•

Deregistration of Primary LKM/SSKM: You can deregister the Primary LKM/SSKM from an
encryption switch or blade without deregistering the backup or secondary LKM/SSKM for
maintenance or replacement purposes. However, when the primary LKM/SSKM is
deregistered, key creation operations will fail until either the primary LKM/SSKM is
reregistered, or the secondary LKM/SSKM is deregistered and reregistered as the primary
LKM/SSKM.

When the primary LKM/SSKM is replaced with a different LKM/SSKM, you must first
synchronize the DEKs from the secondary LKM/SSKM before reregistering the primary
LKM/SSKM.

•

Deregistration of Secondary LKM/SSKM: You can deregister the secondary LKM/SSKM
independently. Future key operations will use only the primary LKM/SSKM until the secondary
LKM/SSKM is reregistered on the encryption switch or blade.

When the secondary LKM/SSKM is replaced with a different LKM/SSKM, you must first
synchronize the DEKs from the primary LKM/SSKM before reregistering the secondary
LKM/SSKM.

Steps for connecting to an ESKM/SKM appliance

The ESKM/SKM management web console can be accessed from any web browser with Internet
access to the ESKM/SKM appliance. The URL for the appliance is as follows:

https://<appliance hostname>:<appliance port number>

Where:

-

<appliance hostname>

is the hostname or IP address when installing the ESKM/SKM

appliance.

-

<appliance port number>

is 9443 by default. If a different port number was specified

when installing the ESKM/SKM appliance, use that port number.

The following configuration steps are performed from the ESKM/SKM management web console
and from the Management application:

•

Configure a Brocade group on the ESKM/SKM. Refer to

“Configuring a Brocade group on

ESKM/SKM”

on page 724.

•

Register the Brocade group user name and password on the encryption node. Refer to

“Registering the ESKM/SKM Brocade group user name and password”

on page 725.

•

Set up a local CA on the ESKM/SKM. Refer to

“Setting up the local Certificate Authority (CA) on

ESKM/SKM”

on page 726.

•

Download the CA certificate. Refer to

“Downloading the local CA certificate from ESKM/SKM”

on page 727.

•

Create and install an ESKM/SKM server certificate. Refer to

“Creating and installing the

ESKM/SKM server certificate”

on page 727.