Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Page 924

Advertising
background image

872

Brocade Network Advisor SAN User Manual

53-1003154-01

Viewing and editing encryption group properties

20

Backup Key Vault Connection Status: The status of the backup key vault link. Options are:

-

Connected

-

Unknown/Busy

-

Not configured

-

Not responding

-

Failed authentication

High Availability Mode: (For KMIP key vault type.) Options are:

-

Opaque: Both the primary and secondary key vaults are registered on the switch. The
client archives the key to a single (primary) key vault. For disk operations, an
additional key hardening check is done on the secondary key vault before the key is
used for encryption.

-

Transparent: A single key vault should be registered on the switch. The client assumes
the entire HA is implemented on the key vault. Key archival and retrieval is done to the
KMIP without any additional key hardening checks.

-

No HA: Both the primary and secondary key vaults are registered on the switch. The
client archives keys to both key vaults and ensures that the archival is successful
before the key is used for encryption.

-

None: High availability is not configured.

-

Not Applicable: Displayed if your selected key vault type is not KMIP.

User Authentication: (For KMIP key vault type.) The methods used to authenticate a user.
Options are:

-

Username and Password: Activates the Primary and Backup Key Vault User Names
and password fields for completion.

-

Username: Activates the Primary and Backup Key Vault User Names for completion.

-

None: Deactivates Primary and Backup Key Vault User Names and password fields.

-

Not Applicable: Displayed if your selected key vault type is not KMIP.

Certificate Type: (For KMIP key vault type.) Displays the TLS certificate type used between
the BES and the key vault. Options are:

-

CA Signed: The BES KAC certificate is signed by a CA, imported back on the switch and
registered as a KAC certificate. The CA will be registered as a key vault certificate on
the switch.

-

Self Signed: The self-signed certificates are exchanged and registered on both ends.
The key vault certificate is registered on the BES and the BES KAC certificate is
registered on the key vault.

Vendor Name: (For KMIP key vault type) Displays the supported key vendor server. The
vendor name will display the connected key vault through KMIP.

Primary Key Vault Certificate table: Displays the details of the primary vault certificate; for
example, version and signature information. The Load from File button allows you to locate
and load a primary key vault certificate from a different location.

Backup Key Vault Certificate table: Displays the details of the backup vault certificate; for
example, version and signature information. The Load from File button allows you to locate
and load a backup key vault certificate from a different location.

Advertising
Popular Brands
Popular manuals