Data Center Fabric Manager Professional User Manual v10.3.X (53-1001355-01, November 2009)

DCFM Professional User Manual 339

53-1001355-01

Creating a new encryption group

Key vault address changes

Before you add or change a key vault address, you must install the public key certificates for all

switches in the encryption group on the key vault. Use the Encryption Group Properties dialog box

to check a switch’s connection status to the new key vault and to obtain the switch’s public key

certificate.

If you remove a primary key vault IP address, and a backup key vault has been configured, you can

use the backup, but no new disk LUNs can be encrypted, no disk LUNs can be re-keyed, and no new

tape LUNs can be encrypted. New tapes in a tape pool that has an existing DEK can be encrypted.

Existing disk and tape LUNs can still be decrypted.

11. Click Next.

The Specify Public Key Certificate Filename panel displays.

FIGURE 121 Specify Public Key Certificate filename dialog box

12. Specify the name of the file where you want to store the public key certificate that is used to

authenticate connections to the key vault, and click Next.

The certificate stored in this file is the switch’s public key certificate. You will need to know this

path and file name to install the switch’s public key certificate on the key management

appliance.

13. Click Next.

If you chose LKM as the Key Vault Type, the Confirm Configuration panel displays (skip to

step 18).

For all other supported key vault types, the Specify Master Key File Name panel displays.