Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
51525354555657585960
38 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Encryption preparation
2
c. Click Download, and save the certificate file on your local system.
d. Rename the downloaded file, changing the .cert extension to a .pem extension.
5. From the Encryption Group Properties dialog box, click Load from File to upload the new ESKM
certificate to the switch, then click OK.
The switch is now ready to connect securely to the key vault. The encryption dialog takes a few
minutes to update the connected status.
NOTE
ESKM is referred to as SKM in the Brocade Management application.
Encryption preparation
Before you use the encryption setup wizard for the first time, you should have a detailed
configuration plan in place and available for reference. The encryption setup wizard assumes the
following:
You have a plan in place to organize encryption devices into encryption groups.
If you want redundancy and high availability in your implementation, you have a plan to create
high availability (HA) clusters of two encryption switches or blades to provide failover support.
All switches in the planned encryption group are interconnected on an I/O synch LAN.
The management ports on all encryption switches and 384-port Backbone Chassis CPs that
have encryption blades installed, have a LAN connection to the SAN management program and
are available for discovery.
A supported key management appliance is connected on the same LAN as the encryption
switches, 384-port Backbone Chassis CPs, and the SAN Management program.
An external host is available on the LAN to facilitate certificate exchange.
Switch KAC certificates have been signed by a CA and stored in a known location.
Key management system (key vault) certificates have been obtained and stored in a known
location.
Creating a new encryption group
The following steps describe how to start and run the encryption setup wizard, and create a new
encryption group.
NOTE
When a new encryption group is created, any existing tape pools in the switch are removed.
1. Select Configure > Encryption from the menu task bar.
The Encryption Center dialog box displays.