Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
12345678910
viii Fabric OS Encryption Administrator’s Guide
53-1002159-03
Viewing and editing group properties . . . . . . . . . . . . . . . . . . . . . . . .98
General tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Members tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Consequences of removing an encryption switch . . . . . . . . . .101
Security tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
HA Clusters tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Tape Pools tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Engine Operations tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Encryption-related acronyms in log messages . . . . . . . . . . . . . . . .109
Chapter 3 Configuring Brocade Encryption Using the CLI
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Command validation checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Command RBAC permissions and AD types . . . . . . . . . . . . . . . . . .113
Cryptocfg Help command output . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Management LAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .116
Configuring cluster links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
Special consideration for blades . . . . . . . . . . . . . . . . . . . . . . .117
IP Address change of a node within an encryption group. . . .117
Steps for connecting to an SKM or ESKM appliance . . . . . . . . . . .119
Configuring a Brocade group. . . . . . . . . . . . . . . . . . . . . . . . . . .119
Setting up the local Certificate Authority (CA) . . . . . . . . . . . . .120
Downloading the local CA certificate . . . . . . . . . . . . . . . . . . . .121
Creating and installing the SKM or ESKM server
certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Enabling SSL on the Key Management System (KMS)
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Creating an SKM or ESKM high availability cluster . . . . . . . . .124
Copying the local CA certificate. . . . . . . . . . . . . . . . . . . . . . . . .124
Adding SKM or ESKM appliances to the cluster . . . . . . . . . . .125
Initializing the Brocade encryption engines . . . . . . . . . . . . . . .126
Signing the Brocade encryption node KAC certificates. . . . . .127
Registering SKM or ESKM on a Brocade encryption group
leader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Registering the SKM or ESKM Brocade group user name
and password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
SKM or ESKM key vault high availability deployment . . . . . . .131
Adding a member node to an encryption group . . . . . . . . . . .132
Generating and backing up the master key . . . . . . . . . . . . . . . . . .135
High availability cluster configuration . . . . . . . . . . . . . . . . . . . . . . .137
HA cluster configuration rules. . . . . . . . . . . . . . . . . . . . . . . . . .137
Creating an HA cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Adding an encryption engine to an HA cluster . . . . . . . . . . . . .139
Failover/failback policy configuration. . . . . . . . . . . . . . . . . . . .139