User Manual v12.1.0 Instruction Manual

876 Brocade Network Advisor SAN + IP User Manual

53-1002949-01

Steps for connecting to an LKM/SSKM appliance

FIGURE 313 Encryption Group Properties with Key Vault Certificate

2. Select Load from File and browse to the location on your client PC that contains the

downloaded CA certificate in .pem format.

Steps for connecting to an LKM/SSKM appliance

The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network

appliance. The encryption engine and LKM appliance communicate over a trusted link. A trusted

link is a secure connection established between the switch or blade and the NetApp LKM/SSKM

appliance, using a shared secret called a link key.

The following configuration steps are performed from the NetApp DataFort Management Console

(DMC) and from the Management application:

• Install and launch the NetApp DataFort Management Console. Refer to “Launching the NetApp

DataFort Management Console” on page 877.

• Establish the trusted link. Refer to “Establishing the trusted link” on page 877.

• Obtain and import the LKM/SSKM certificate. Refer to “Obtaining and importing the

LKM/SSKM certificate” on page 878.

• Export and register encryption node certificates on LKM/SSKM. Refer to “Exporting and

registering the switch KAC certificates on LKM/SSKM” on page 879.

• If required, create an LKM/SSKM cluster for high availability. Refer to “LKM/SSKM key vault

high availability deployment” on page 879.

• Understanding Data Encryption Keys (DEKs). Refer to “Data Encryption Keys” on page 880.