Manualshelf

Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software
661662663664665666667668669670
DCFM Enterprise User Manual 633
53-1001357-01
Thales Encryption Manager for Storage
A
Thales Encryption Manager for Storage
Communication with the Thales Encryption Manager for Storage (TEMS) is referred to as NCKA in
operational descriptions in this appendix. NCKA is secured by wrapping DEKs in a master key. The
encryption engine must generate its own master key, send DEKs to NCKA encrypted in the master
key, and decrypt DEKs received from NCKA using the same master key. The master key may
optionally be stored as a key record in the NCKA key vault as a backup, but NCKA does not assume
responsibility for the master key. The master key must be backed up and stored, and policies and
procedures for responding to theft or loss must be in place.
Adding a client
Communication must be over an SSL connection. This requires creation of a client certificate
signed by a Certificate Authority (CA) on the key vault. It is assumed that a CA has been created by
an officer at the keyvault, and a CA certificate has been generated. Also, a group must be created
for Brocade by an administrator. This group must exist and is the only supported group for the
Brocade encryption switch and blade. Details about how to set up a CA and a group can be found in
Thales documentation.
NOTE
Each Thales key vault has both a management IP address and a data IP address. Clients must
communicate with the key vaults using the data IP address.
1. Generate a user password and user name by issuing the following CLI command at the switch:
cryptocfg --reg -KAClogin
This command will print out the user name, and then prompt you to create a password. Save
the user name and password.
2. Invoke the Thales key vault web browser and log in as manager.
3. Click the Client tab.
4. Click the Add Client tab.
5. Enter the user name from step one in the Name field.
6. Enter the password from step one in the Password and Verify Password fields.
7. Select the group brocade from the group menu.
8. Click Add Client.
A client user is created. Verify the user just created is listed in the table.