Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software

471

472

473

474

475

476

477

478

479

480

Brocade Network Advisor SAN User Manual 431

53-1002167-01

Smart card usage

Smart Cards are credit card-sized cards that contain a CPU and persistent memory. Smart cards

can be used as security devices. You must have Storage Encryption Security user privileges to

activate, register, and configure smart cards.

Smart cards can be used to do the following:

• Control user access to the Management application security administrator roles.

• Control activation of encryption engines.

• Securely store backup copies of master keys.

Smart card readers provide a plug-and-play interface that allows you to read and write to a smart

card. The following smart card readers are supported:

• GemPlus GemPC USB

http://www.gemalto.com/readers/index.html

• SCM MicrosystemsSCR331

http://www.scmmicro.com/security/view_product_en.php?PID=2

NOTE

Only the Brocade smart cards that are included with the encryption switches are supported.

See the following procedures for instructions about how to manage smart cards:

• “Registering authentication cards from a card reader” on page 431

• “Registering system cards from a card reader” on page 436

• “Tracking smart cards” on page 437

• “Saving a master key to a smart card set” on page 543

• “Restoring a master key from a smart card set” on page 547

Registering authentication cards from a card reader

When authentication cards are used, one or more authentication cards must be read by a card

reader attached to a Management application PC to enable certain security-sensitive operations.

These include the following:

• Master key generation, backup, and restore operations.

• Replacement of authentication card certificates.

• Enabling and disabling the use of system cards.

• Changing the quorum size for authentication cards.

• Establishing a trusted link with the NetApp LKM key manager.

• Decommissioning LUNs.

To register an authentication card or a set of authentication cards from a card reader, have the

cards physically available. Authentication cards can be registered during encryption group or

member configuration when running the configuration wizard, or they can be registered using the

following procedure.