Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)
DCFM Enterprise User Manual 471
53-1001357-01
Registering authentication cards from a card reader
16
Registering authentication cards from a card reader
When authentication cards are used, one or more authentication cards must be read by a card
reader attached to a Management application PC to enable certain security sensitive operations.
These include the following:
• Master key generation, backup, and restore operations.
• Replacement of authentication card certificates.
• Enabling and disabling the use of system cards.
• Changing the quorum size for authentication cards.
• Establishing a trusted link with the NetApp LKM key manager.
To register an authentication card or a set of authentication cards from a card reader, have the
cards physically available. Authentication cards can be registered during encryption group or
member configuration when running the configuration wizard, or they can be registered using the
following procedure.
1. Select Configure > Encryption from the menu bar.
The Encryption Center dialog box displays.
2. Select an encryption group, and select Security Settings.
3. Select the Quorum Size.
The quorum size is the minimum number of cards necessary to enable the card holders to
perform the security sensitive operations listed above. The maximum quorum size is five cards.
The actual number of authentication cards registered is always more than the quorum size, so
if you set the quorum size to five, for example, you will need to register at least six cards in the
subsequent steps.
NOTE
Ignore the System Cards setting. Refer to “Enabling or disabling the system card requirement”
on page 474 for information on its usage.
4. Click Next.
The Register Authentication Cards dialog is displayed. This dialog include a table that shows all
registered authentication cards.
5. Select Register from Card Reader to register a new card.
The Add Authentication Card dialog box is displayed.
6. Insert a smart card into the card reader. Be sure to wait for the card serial number to appear,
and then enter card assignment information, as directed.
7. Click OK.
8. Wait for the confirmation dialog box indicating initialization is done, and click OK.
The card is added to the Registered Authentication Cards table on the Authentication Cards
dialog box.
9. Repeat steps 7 through 10 until you have registered all the cards, and they all display in the
Registered Authentication Cards table on the Authentication Cards dialog box. Remember that
you need to register the number selected as the quorum size plus one.