Manualshelf

DCFM Enterprise User Manual (53-1001775-01, June 2010)

ManualsBrandsHP ManualsStorageHP 8/80 Base (48) Full Fabric Ports Enabled SAN Switch
541542543544545546547548549550
504 DCFM Enterprise User Manual
53-1001775-01
Supported encryption key manager appliances
20
Supported encryption key manager appliances
As stated under “Network connections”, a supported key management appliance must be
connected on the same LAN as the management port of the encryption switches or of the
Backbone Chassis Control Processors (CPs) in the case of the encryption blade.
Secure communication between encryption nodes in an encryption group, and between encryption
nodes and key manager appliances requires an exchange of certificates that are used for mutual
authentication. Each supported key manager appliance has unique requirements for setting up a
secure connection and exchanging certificates.
The following key manager appliance are supported:
The RSA Key Manager (RKM)
The NetApp Lifetime Key Manager (LKM)
The HP StorageWorks Secure Key Manager (SKM)
The Thales Encryption Manager for Storage (TEMS)
Refer to the following topics for specific information:
“Steps for connecting to an RKM appliance” on page 504.
“Steps for connecting to an LKM appliance” on page 507.
“Steps for connecting to an SKM appliance” on page 511.
“Steps for connecting to a TEMS appliance” on page 520.
Steps for connecting to an RKM appliance
All switches you plan to include in an encryption group must have a secure connection to the RSA
Key Manager (RKM). The following is a suggested order for the steps needed to create a secure
connection to RKM:
3. Export the KAC CSR to a location accessible to a Certificate Authority (CA) for signing.
4. Submit the KAC CSR for signing be a Certificate Authority (CA).
5. Import the signed certificate into the Brocade encryption node.
6. Upload the signed KAC and CA certificates onto the RKM appliance, and select the appropriate
key classes.
7. If dual RKM appliances are used for high availability, the RKM appliances must be clustered,
and must operate in maximum availability mode, as described in the RKM appliance user
documentation.
These steps are described in more detail in the following sections.