Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 820
768
Brocade Network Advisor SAN User Manual
53-1003154-01
Creating a new encryption group
20
-
Thales e-Security keyAuthority (TEKA): If an encryption group contains mixed firmware
nodes, the Encryption Group Properties Key Vault Type name is based on the firmware
version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or
later, the Key Vault Type is displayed as “Thales e-Security keyAuthority (TEKA).”If a
switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as
“Thales Key Manager (TEMS)”.
-
Tivoli Key Lifecycle Manager (TKLM)
-
Key Management Interoperability Protocol (KMIP): Any KMIP-compliant server can be
registered as a key vault on the switch after setting the key vault type to KMIP.
If you are using a SafeNet KeySecure server, only SafeNet KeySecure for key
management (SSKM) native hosting LKM is supported from the Management
application; however, before selecting KMIP as the key vault type, all nodes in an
encryption group must be running Fabric OS 7.1.0 or later.
If you are using a TEKA KMIP-compliant server, only Thales e-Security keyAuthority
running version 4.0 is supported (from the CLI); however, all nodes in an encryption
group must be running Fabric OS 7.2.0 or later. For more information about supported
platforms and configuration instructions, refer to the Fabric OS Encryption
Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP)
Key-Compliant Environments.
•
Primary Key Vault: The primary key vault name, either an IPv4 address or Host name.
•
Primary Certificate File: The name of a file containing the key vault’s public key certificate.
This file can be generated from the key vault’s administrative console.
•
User Name: The key vault user name. This field is active for ESKM/SKM and TEKA key
vaults. For ESKM/SKM, it is needed only for the primary key vault. For TEKA, it is needed
only for the secondary key vault.
•
Password: The key vault password. This field is active for ESKM/SKM and TEKA key vaults.
For ESKM/SKM, it is needed only for the primary key vault. For TEKA, it is needed for both
the primary and secondary key vaults.
•
Re-type Password: Re-enter the password for verification.
•
Backup Key Vault: (Optional.) The secondary key vault, either an IPv4 address or Host
name. The backup address can be left blank.
•
Backup Certificate File: (Optional.) If a backup key vault is entered, the backup certificate
file must also be entered. Navigate to and select the secondary public key certificate from
your desktop, if applicable.
•
Serial Number: (TKLM only.) Serial number of the switch, which is required for registering
the switch on the key vault.
•
Device Group: (TKLM only.) The name of the device group of which the switch is a member.
This information is required for registering the switch on the key vault.