Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)
446 Brocade Network Advisor SAN User Manual
53-1002167-01
Steps for connecting to an RKM appliance
18
The CA certificate file referenced in the SSLCAcertificateFile field (see step 4) must be imported
and registered on the switch designated as an encryption group leader. You may want to note this
location before proceeding to “Loading the CA certificate onto the encryption group leader” on
page 446.
RKM key vault high availability deployment
When dual RKM appliances are used for high availability, the RKM appliances must be clustered
and must operate in maximum availability mode, as described in the RKM appliance user
documentation.
When dual RKM appliances are clustered, they are accessed using an IP load balancer. For a
complete high availability deployment, the multiple IP load balancers are clustered, and the IP load
balancer cluster exposes a virtual IP address called a floating IP address. The floating IP address
must be registered on the Brocade encryption group leader.
Neither the secondary RKM appliance nor individual RKM appliance IP addresses should be
registered.
Loading the CA certificate onto the encryption group leader
The certificate for the CA that signed the switch KAC CSRs must be loaded onto the encryption
group leader. The group leader can then distribute the CA certificate to the encryption group
members.
1. From the Encryption Center, select a group from the Encryption Center Devices table, then
select Group > Properties from the menu task bar, or right-click the group and select
Properties. (If groups are not visible in the Encryption Devices table, select View > Groups from
the menu bar first).
The Encryption Group Properties dialog box displays with the General tab selected
(Figure 164).