Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Brocade Network Advisor SAN User Manual

865

53-1003154-01

Viewing and editing switch encryption properties

20

•

Encryption Group: The name of the encryption group to which the switch belongs

•

Encryption Group Status: Status options are:

-

OK/Converged: the Group Leader can communicate with all members

-

Degraded: the Group Leader cannot communicate with one or more members. The
following operations are not allowed: key vault changes, master key operations,
enable/disable encryption engines, Failback mode changes, HA Cluster creation or
addition (removal is allowed), tape pool changes, and any configuration changes for
storage targets, hosts, and LUNs.

-

Unknown: The Group Leader is in an unmanaged fabric

•

Fabric: The name of the fabric to which the switch belongs

•

Domain ID: The domain ID of the selected switch

•

Firmware Version: The current encryption firmware on the switch.

•

Key Vault type: Options are:

-

RSA Data Protection Manager (DPM): If an encryption group contains mixed firmware
nodes, the Encryption Group Properties Key Vault Type name is based on the firmware
version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or
later, the Key Vault Type is displayed as “RSA Data Protection Manager (DPM).”If a
switch is running Fabric OS prior to v7.1.0, Key Vault Type is displayed as “RSA Key
Manager (RKM)”.

-

NetApp Lifetime Key Manager (LKM): The NetApp Key Vault Type name is shown as
NetApp Lifetime Key Manager (LKM) for both NetApp Lifetime Key Manager (LKM) and
SafeNet KeySecure for key management (SSKM) Key Vault Types

-

HP Secure Key Manager (SKM): The HP Key Vault Type name is shown as HP Secure
Key Manager (SKM) for both SKM and Enterprise Secure Key Management (ESKM)
Key Vault Types.

-

Thales e-Security keyAuthority (TEKA): If an encryption group contains mixed firmware
nodes, the Encryption Group Properties Key Vault Type name is based on the firmware
version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or
later, the Key Vault Type is displayed as “Thales e-Security keyAuthority (TEKA).”If a
switch is running Fabric OS prior to v7.1.0, Key Vault Type is displayed as “Thales Key
Manager (TEMS)”.

-

Tivoli Key Lifetime Manager (TKLM): No other key vault reference is used.

-

Key Management Interoperability Protocol (KMIP): Any KMIP-compliant server can be
registered as a key vault on the switch after setting the key vault type to KMIP.

With the introduction of Fabric OS 7.1.0, KMIP with SafeNet KeySecure for key
management (SSKM) native hosting LKM is supported.

With the introduction of Fabric OS 7.2.0, KMIP with TEKA 4.0 is also supported (using
the CLI only). For more information about supported platforms and configuration
instructions, refer to the Fabric OS Encryption Administrator’s Guide Supporting Key
Management Interoperability Protocol (KMIP) Key-Compliant Environments.