Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software

641

642

643

644

645

646

647

648

649

650

614 DCFM Enterprise User Manual

53-1001357-01

Registering the certificates

The switch’s KAC certificate must be registered on the LKM appliance, and the LKM certificate

must be registered on the switch.

1. From the external host, register the KAC certificate you exported from the group leader with the

NetApp LKM appliance.

host$echo lkmserver certificate set 10.32.244.71 \

‘cat kac_lkm_cert.pem‘ | ssh -l admin 10.33.54.231

Pseudo-terminal will not be allocated because stdinis not a terminal.

admin@10.33.54.231's password:

Checking system tamper status:

No physical intrusion detected.

NOTICE: LKM Peer '10.32.244.71' certificate is set

2. On the group leader, register the NetApp LKM appliance as the primary key vault LKM1.

SecurityAdmin:switch>cryptocfg --reg -keyvault LKM1 lkmcert.pem \

10.33.54.231 primary

lkm-1

3. Display the registered key vault on the group leader. The LKM key vault is shown as connected.

SecurityAdmin:switch>cryptocfg --show -groupcfg

Encryption Group Name: brocade

Failback mode: Manual

Heartbeat misses: 3

Heartbeat timeout: 2

Key Vault Type: LKM

Primary Key Vault:

IP address: 10.33.54.231

Certificate ID: lkm-1

Certificate label: LKM1

State: Connected

Type: LKM

Secondary Key Vault not configured

NODE LIST

Total Number of defined nodes: 2

Group Leader Node Name: 10:00:00:05:1e:41:7e

Encryption Group state: CLUSTER_STATE_CONVERGED

Node Name IP address Role

10:00:00:05:1e:41:9a:7e 10.32.244.71 GroupLeader(current node)

10:00:00:05:1e:39:14:00 10.32.244.60 MemberNode

4. Display the registered key vault on the member node. The LKM key vault is shown as not

responding because certificates have not been exchanged.

SecurityAdmin:enc1_switch>cryptocfg --show -groupcfg