Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)
484 DCFM Enterprise User Manual
53-1001357-01
Link Keys tab
16
Replacing an encryption engine
To replace an encryption engine in an encryption group with another encryption engine within a
DEK Cluster, complete the following steps.
1. Select Configure > Encryption.
The Encryption Center dialog box displays.
2. If groups are not visible in the Encryption Devices table, select View > Groups from the menu
bar.
The encryption groups display in the Encryption Devices table.
3. Select an encryption group from the tree, and select Group > Properties from the menu bar, or
right-click the encryption group and select Properties.
The Encryption Group Properties dialog box displays.
4. Click the Engine Operations tab.
5. Select the engine you want to replace in the Engine list.
6. Select the engine you want to use as the replacement in the Replacement list.
7. Click Replace.
All containers hosted by the current engine (Engine list) are replaced by the new engine
(Replacement list).
Link Keys tab
Connections between a switch and an NetApp LKM key vault require a shared link key. Link keys
are used only with LKM key vaults. They are used to protect data encryption keys in transit to and
from the key vault. There is a separate link key for each key vault for each switch. The link keys are
configured for a switch but are stored in the encryption engines, and all the encryption engines in a
group share the same link keys.
You must create link keys under the following circumstances:
• When a new encryption group is created.
• When a new switch is added to an encryption group.
• When a new key vault is added to an encryption group.
• After all encryption engines in a switch have been zeroized.
• When all of the encryption blades have been removed from a director and one or more new
encryption blades have been added.
The Link Keys tab displays a table that shows link key status for each switch in an encryption group.