Brocade Network Advisor SAN User Manual v12.1.0 User Manual

Page 20

Advertising

background image

xx

Brocade Network Advisor SAN User Manual

53-1002948-01

Steps for connecting to a TEKA appliance. . . . . . . . . . . . . . . . . . . .606

Setting up TEKA network connections . . . . . . . . . . . . . . . . . . .607
Creating a client on TEKA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .608
Establishing TEKA key vault credentials on the switch . . . . . .609
Signing the encryption node KAC CSR on the
TEKA appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .610
Importing a signed KAC certificate into a switch . . . . . . . . . . .611

Steps for connecting to a TKLM appliance . . . . . . . . . . . . . . . . . . .611

Exporting the Fabric OS node self-signed KAC certificates. . .612
Converting the KAC certificate format . . . . . . . . . . . . . . . . . . .612
Establishing a default key store and device group on TKLM .612
Adding a device to the device group. . . . . . . . . . . . . . . . . . . . .613
Creating a self-signed certificate for TKLM . . . . . . . . . . . . . . .613
Importing the Fabric OS encryption node KAC
certificates to TKLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613
Exporting the TKLM self-signed server certificate. . . . . . . . . .614
Importing the TKLM certificate into the group leader . . . . . . .615

Steps for connecting to a KMIP-compliant SafeNet KeySecure. . .615

Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . .618
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .623
Configuring a Brocade group on the KeySecure . . . . . . . . . . .624
Registering the KeySecure Brocade group user name
and password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .625
Signing the encryption node KAC CSR on KMIP . . . . . . . . . . .626
Importing a signed KAC certificate into a switch . . . . . . . . . . .628
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . .629
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . . .631
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . .632

Steps for connecting to a KMIP-compliant keyAuthority. . . . . . . . .634

Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .635

Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . .636

Configuring key vault settings for RSA Data Protection
Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641
Configuring key vault settings for NetApp Link Key
Manager (LKM/SSKM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646
Configuring key vault settings for HP Enterprise Secure
Key Manager (ESKM/SKM). . . . . . . . . . . . . . . . . . . . . . . . . . . .652
Configuring key vault settings for Thales e_Security
keyAuthority (TEKA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657
Configuring key vault settings for IBM Tivoli Key Lifetime
Manager (TKLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .662
Configuring key vault settings for Key Management
Interoperability Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666
Understanding configuration status results. . . . . . . . . . . . . . .673

Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . .673

Replacing an encryption engine in an encryption group . . . . . . . .679

Advertising

Popular Brands

Popular manuals