Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual
Page 1121
Brocade Network Advisor SAN + IP User Manual
1049
53-1003155-01
Creating a new encryption group
25
Using this dialog box, you can select a key vault for the encryption group that contains the
selected switch. Prior to selecting your Key Vault Type, the selection is shown as None. The
dialog box contains the following information:
•
Key Vault Type:
If an encryption group contains mixed firmware nodes, the Encryption Group Properties
Key Vault Type name is based on the firmware version of the Group Leader. Options are:
-
NetApp Lifetime Key Manager (LKM): The NetApp Key Vault Type name is shown as
NetApp Lifetime Key Manager (LKM) for both NetApp Lifetime Key Manager (LKM) and
SafeNet KeySecure for key management (SSKM) Key Vault Types.
-
RSA Data Protection Manager (DPM): If an encryption group contains mixed firmware
nodes, the Encryption Group Properties Key Vault Type name is based on the firmware
version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or
later, the Key Vault Type is displayed as “RSA Data Protection Manager (DPM).”If a
switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as
“RSA Key Manager (RKM)”.
-
HP Secure Key Manager (SKM): The HP Key Vault Type name is shown as HP Secure
Key Manager (SKM) for both SKM and Enterprise Secure Key Management (ESKM)
Key Vault Types.
-
Thales e-Security keyAuthority (TEKA): If an encryption group contains mixed firmware
nodes, the Encryption Group Properties Key Vault Type name is based on the firmware
version of the Group Leader. For example, If a switch is running Fabric OS 7.1.0 or
later, the Key Vault Type is displayed as “Thales e-Security keyAuthority (TEKA).”If a
switch is running a Fabric OS version prior to v7.1.0, Key Vault Type is displayed as
“Thales Key Manager (TEMS)”.
-
Tivoli Key Lifecycle Manager (TKLM)
-
Key Management Interoperability Protocol (KMIP): Any KMIP-compliant server can be
registered as a key vault on the Brocade Encryption Switchswitch after setting the key
vault type to KMIP.
If you are using a SafeNet KeySecure server, only SafeNet KeySecure for key
management (SSKM) native hosting LKM is supported from the Management
application; however, before selecting KMIP as the key vault type, all nodes in an
encryption group must be running Fabric OS 7.1.0 or later.
If you are using a TEKA KMIP-compliant server, only Thales e-Security keyAuthority
running version 4.0 is supported (from the CLI); however, all nodes in an encryption
group must be running Fabric OS 7.2.0 or later. For more information about supported
platforms and configuration instructions, refer to the Fabric OS Encryption
Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP)
Key-Compliant Environments.
•
Primary Key Vault: The primary key vault name, either an IPv4 address or Host name.
•
Primary Certificate File: The name of a file containing the key vault’s public key certificate.
This file can be generated from the key vault’s administrative console.
•
User Name: The key vault user name. This field is active for ESKM/SKM and TEKA key
vaults. For ESKM/SKM, it is needed only for the primary key vault. For TEKA, it is needed
only for the secondary key vault.