Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP 1606 FCIP 4-pt Enabled 8Gb FC 2-pt Enabled 1GbE Base Switch
21222324252627282930
Fabric OS Encryption Administrator’s Guide 11
53-1001864-01
Key management systems
1
Key management systems
Key management systems are available from several vendors. This release supports the following
leading key management systems:
The NetApp LIfetime Key Manager (LKM) version 4.0 or later.
The RSA Key Manager (RKM) version 2.1.3 or later, available through EMC.
The HP Secure Key Manager (SKM) version 1.1 or later, available through Hewlett Packard.
The Thales Encryption Manager for Storage (TEMS).
Master key management
Communications with opaque key vaults are encrypted using a master key that is created by the
encryption engine on the encryption switch. Currently, this includes the key vaults of all supported
key management systems except NetApp LKM.
Master key generation
A master key must be generated by the group leader encryption engine. The master key can be
generated once by the group leader, and propagated to the other members of an encryption group.
Master key backup
It is essential to back up the master key immediately after it is generated. The master key may be
backed up to any of the following,
To a file as an encrypted key.
To the key management system as an encrypted key record.
To a set of recovery smart cards. This option is only available if the switch is managed by the
Data Center Fabric Manager (DFCM), and if a card reader is available for attachment to the
DCFM workstation.
The use of smart cards provides the highest level of security. When smart cards are used, the key is
split and written on up to five cards, and the cards may be kept and stored by up to five individuals,
and all are needed to restore the master key.