Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 847
Brocade Network Advisor SAN User Manual
795
53-1003154-01
Creating a new encryption group
20
•
With the introduction of Fabric OS 7.2.0, KMIP with TEKA 4.0 is also supported, but must be
configured using the CLI. All nodes in a keyAuthority encryption group must be running Fabric
OS 7.2.0 or later. For configuration instructions, refer to the Fabric OS Encryption
Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP)
Key-Compliant Environments.
shows the key vault selection dialog box for KMIP.
FIGURE 351
Select Key Vault dialog box for KMIP
1. Select the High Availability mode. Options are:
•
Opaque: Both the primary and secondary key vaults are registered on the BES. The client
archives the key to a single (primary) key vault. For disk operations, an additional
hardening check is done on the secondary key vault before the key is used for encryption.
•
Transparent: A single key vault should be registered on the BES. The client assumes the
entire HA is implemented on the key vault. Key archival and retrieval is done to the KMIP
without any additional hardening checks.
•
No HA: Both the primary and secondary key vaults are registered on the BES. The client
archives keys to both key vaults and ensures that the archival is successful before the key
is used for encryption.
2. Enter the Primary Key Vault IP address or hostname, and port number.
3. Enter the Primary Certificate file name, or browse to the file location.
4. (Optional) Enter a Backup Key Vault IP address or hostname, and port number, and Backup
Certificate File, or browse to the desired location.
5. Select the method for user authentication. Options are:
•
Username and Password: Activates the Primary and Backup Key Vault User Names and
password fields for completion.