Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software

Brocade Network Advisor SAN User Manual xvii

53-1002167-01

Steps for connecting to an LKM appliance . . . . . . . . . . . . . . . . . . .448

Launching the NetApp DataFort Management Console . . . . .448

Establishing the trusted link . . . . . . . . . . . . . . . . . . . . . . . . . . .448

Obtaining and importing the LKM certificate. . . . . . . . . . . . . .449

Exporting and registering the switch KAC certificates on LKM450

LKM key vault high availability deployment . . . . . . . . . . . . . . .451

Disk keys and tape pool keys (Brocade native mode support)451

Tape LUN and DF -compatible tape pool support . . . . . . . . . .452

LKM Key Vault Deregistration . . . . . . . . . . . . . . . . . . . . . . . . . .452

Steps for connecting to an SKM appliance . . . . . . . . . . . . . . . . . . .453

Configuring a Brocade group on SKM . . . . . . . . . . . . . . . . . . .453

Registering the SKM Brocade group user name and password454

Setting up the local Certificate Authority (CA) on SKM . . . . . .455

Downloading the local CA certificate from SKM . . . . . . . . . . .457

Creating and installing the SKM server certificate . . . . . . . . .457

Enabling SSL on the Key Management System (KMS) Server458

Creating an SKM High Availability cluster . . . . . . . . . . . . . . . .459

Copying the local CA certificate for a clustered SKM appliance459

Adding SKM appliances to the cluster . . . . . . . . . . . . . . . . . . .460

Signing the Brocade encryption node KAC certificates. . . . . .461

Importing a signed KAC certificate into a switch . . . . . . . . . . .461

SKM key vault high availability deployment . . . . . . . . . . . . . . .462

Steps for connecting to a TEMS appliance . . . . . . . . . . . . . . . . . . .464

Setting up TEMS network connections. . . . . . . . . . . . . . . . . . .464

Creating a client on TEMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

Establishing TEMS key vault credentials on the switch . . . . .467

Signing the Brocade encryption node KAC CSR on TEMS. . . .467

Importing a signed KAC certificate into a switch . . . . . . . . . . .468

Steps for connecting to a TKLM appliance . . . . . . . . . . . . . . . . . . .469

Exporting the Fabric OS node self-signed KAC certificates. . .469

Converting the KAC certificate format . . . . . . . . . . . . . . . . . . .470

Establishing a default key store and device group on TKLM .470

Adding a device to the device group. . . . . . . . . . . . . . . . . . . . .470

Creating a self-signed certificate for TKLM . . . . . . . . . . . . . . . 471

Importing the Fabric OS encryption node KAC certificates to TKLM

471

Exporting the TKLM self-signed server certificate. . . . . . . . . . 471

Importing the TKLM certificate into the group leader . . . . . . .472

Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Configuring key vault settings for RSA Key Manager (RKM) . .477

Configuring key vault settings for NetApp Link Key Manager (LKM)

482

Configuring key vault settings for HP Secure Key Manager (SKM)487

Configuring key vault settings for Thales Key Manager (TEMS)492

Configuring key vault settings for IBM Tivoli Key Lifetime Manager

(TKLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497

Understanding configuration status results. . . . . . . . . . . . . . .503

Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . .504