Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch

241

242

243

244

245

246

247

248

249

250

224 Fabric OS Encryption Administrator’s Guide

53-1002159-03

Key vault diagnostics

If an encryption switch is part of an EG, the diagnostic testing is performed on that switch only and

not the entire group. If multiple nodes in an encryption group have different Fabric OS versions,

only those nodes running Fabric OS 7.0.0 and later can be configured for periodic key vault

diagnostic testing.

You can set the diagnostic tests to run at regular intervals. When incidents occur, the findings are

collected in log reports. The first instance of a failure and subsequent restoration of operation is

reported as a Remote Access Server (RAS) log. Subsequent findings for the same incident are not

logged to avoid redundant messages.

Key vault connectivity

Key vault connectivity is adiagnostics feature that allows you to periodically collect information

about the state of key vault connectivity from the Brocade Encryption Switch and possible version,

configuration, or cluster information of the key vault (KV).

This feature reports the following types of configuration information:

• Key Vault/Cluster scope:

• CA Certificate and its validity (for example, valid header and expiry date)

• Key Vault IP/Port

• KV firmware version

• Time of day on the KV

• Key class and format on the KV configured for the user group

• Client session timeout

• Encryption node scope

• Node KAC certificate and its validity (for example, valid header and expiry date)

• Username/password

• User group

• Time of day on the switch

• Key Vault client SDK version

• Timeout and retry policy for the client SDK

The key vault client SDK version, and timeout and retry policy for the client SDK could differ across

encryption nodes, depending on the firmware versions they are running.

This feature also reports the results of a vault connectivity check and the results of a validation

check on key operations. These results are specific to each encryption node. The operations done

as part of this are:

• Connects to the key vault and performs a connectivity check, reports any possible issues in

case of failure, for example, certificate issues, username or password issues, or connectivity

issues.

• Attempts to retrieve a key and indicates any possible issues in case of failure.

• Attempts to store a key on the vault and indicates any possible issues in case of failure.

• Verifies if a key written is synchronized across the vaults in a cluster.