Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)
450 Brocade Network Advisor SAN User Manual
53-1002167-01
Steps for connecting to an LKM appliance
18
2. Add the group leader to the LKM key sharing group. Enter lkmserver add --type third-party
--key-sharing-group "/" followed by the group leader IP address.
lkm-1>lkmserver add --type third-party --key-sharing-group \
"/" 10.32.244.71
NOTICE: LKM Server third-party 10.32.244.71 added.
Cleartext connections not allowed.
3. On the NetApp LKM appliance terminal, enter sys cert getcert-v2 to display the LKM certificate
content.
lkm-1> sys cert getcert-v2
-----BEGIN CERTIFICATE-----
[content removed]
-----END CERTIFICATE-----
4. Copy and paste the LKM certificate content from the NetApp LKM appliance terminal into an
editor buffer. Save the file as lkmcert.pem on the SCP-capable host. Save the entire certificate,
including the lines
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
5. If you are using the Management application, the path to the file must be specified on the
Select Key Vault dialog box when creating a group leader. If the proper path is entered, the file
is imported.
Exporting and registering the switch KAC certificates on LKM
The encryption switch signed KAC certificates must be exported and registered on the LKM
appliance.
1. Select Configure > Encryption from the menu task bar.
2. The Encryption Center dialog box displays.
3. Select a switch from the Encryption Center Devices table, then select Switch > Export
Certificate from the menu task bar, or right-click a switch and select Export Certificate.
The Export Switch Certificate dialog box displays (Figure 165).
FIGURE 165 Export switch certificate dialog box
4. Select Signed switch certificate (X.509), then click OK.
You are prompted to save the CSR, which can be saved to your SAN Management Program
client PC, or an external host of your choosing.
5. Register the signed KAC certificate you exported from the member node with the NetApp
LKM appliance.