Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch

161

162

163

164

165

166

167

168

169

170

Fabric OS Encryption Administrator’s Guide (DPM) 145

53-1002720-02

Adding a member node to an encryption group

Encryption Group state: CLUSTER_STATE_CONVERGED

Node Name: 10:00:00:05:1e:41:9a:7e (current node)

State: DEF_NODE_STATE_DISCOVERED

Role: GroupLeader

IP Address: 10.32.244.71

Certificate: GL_cpcert.pem

Current Master Key State: Not configured

Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Alternate Master Key State:Not configured

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot: 0

SP state: Operational; Need Valid KEK

Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

Node Name: 10:00:00:05:1e:39:14:00

State: DEF_NODE_STATE_DISCOVERED

Role: MemberNode

IP Address: 10.32.244.60

Certificate: enc1_cpcert.pem

Current Master Key State: Not configured

Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Alternate Master Key State:Not configured

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot: 0

SP state: Unknown State

Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

Registering DPM on a Fabric OS encryption group leader

You will need to know the download location for the CA certificate. The path to the file was entered

in the SSLCAcertificateFile field when “Uploading the CA certificate onto the DPM appliance (and

first-time configurations)” on page 138. Also, if you are using an DPM cluster for high availability,

you will need the virtual IP address, as described in “DPM key vault high availability deployment” on

page 141.

1. Log in as Admin or SecurityAdmin.

2. Set the key vault type to DPM by entering the cryptocfg

--set -keyvault command. Successful

execution sets the key vault type for the entire encryption group. The following example sets

the keyvault type to DPM:

SecurityAdmin:switch> cryptocfg --set -keyvault DPM

Set key vault status: Operation Succeeded.

3. Import and register DPM on the group leader using the CA certificate for the CA that signed the

DPM key vault certificate. The group leader automatically shares this information with other

group members. It might take a minute to complete the operation.

SecurityAdmin:switch> cryptocfg --import -scp <CA certificate file>