Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch
12345678910
vi Fabric OS Encryption Administrator’s Guide
53-1002159-03
Chapter 2 Encryption configuration
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Encryption Center features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Encryption user privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Registering authentication cards from a card reader . . . . . . . . 16
Registering authentication cards from the database . . . . . . . . 18
Deregistering an authentication card. . . . . . . . . . . . . . . . . . . . .19
Using authentication cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Enabling or disabling the system card requirement . . . . . . . . . 20
Registering system cards from a card reader . . . . . . . . . . . . . . 21
Deregistering a system card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Tracking smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Editing smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Encryption node initialization and certificate generation. . . . . . . . .25
Steps for connecting to an SKM or ESKM appliance . . . . . . . . . . . .26
Configuring a Brocade group on SKM or ESKM. . . . . . . . . . . . . 27
Registering the SKM or ESKM Brocade group user name
and password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Setting up the local Certificate Authority (CA) on SKM or
ESKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Downloading the local CA certificate from SKM or ESKM . . . .30
Creating and installing the SKM or ESKM server certificate . .30
Enabling SSL on the Key Management System (KMS)
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Creating an SKM or ESKM High Availability cluster. . . . . . . . . . 32
Copying the local CA certificate for a clustered SKM or
ESKM appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Adding SKM or ESKM appliances to the cluster . . . . . . . . . . . . 33
Signing the Brocade encryption node KAC certificates. . . . . . . 34
Importing a signed KAC certificate into a switch . . . . . . . . . . . . 35
SKM or ESKM key vault high availability deployment . . . . . . . .36
Steps for Migrating from SKM to ESKM. . . . . . . . . . . . . . . . . . . . . . .36
Steps required from the BES CLI . . . . . . . . . . . . . . . . . . . . . . . .36
Steps required using Brocade Management application . . . . . 37
Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Understanding configuration status results. . . . . . . . . . . . . . . .46
Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . . . 47
Replacing an encryption engine in an encryption group . . . . . . . . .53