Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch Power Pack
12345678910
vi Fabric OS Encryption Administrator’s Guide
53-1001864-01
Chapter 2 Encryption configuration using the Management application
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Encryption Center features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Encryption user privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Smart card usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Registering authentication cards from a card reader . . . . . . . . 16
Registering authentication cards from the database . . . . . . . . 17
De-registering an authentication card . . . . . . . . . . . . . . . . . . . .18
Using authentication cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Enabling or disabling the system card requirement . . . . . . . . .19
Registering system cards from a card reader . . . . . . . . . . . . . .19
De-registering a system card. . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Tracking smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Editing smart cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Configuring blade processor links . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Encryption node initialization and certificate generation. . . . . . . . .23
Steps for connecting to an SKM appliance . . . . . . . . . . . . . . . . . . . . 24
Configuring a Brocade group on SKM . . . . . . . . . . . . . . . . . . . .25
Registering the SKM Brocade group
user name and password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Setting up the local Certificate Authority (CA) on SKM . . . . . . . 27
Downloading the local CA certificate from SKM . . . . . . . . . . . .28
Creating and installing the SKM server certificate . . . . . . . . . .28
Enabling SSL on the Key Management System
(KMS) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Creating an SKM High Availability cluster . . . . . . . . . . . . . . . . .30
Copying the local CA certificate for a
clustered SKM appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Adding SKM appliances to the cluster . . . . . . . . . . . . . . . . . . . . 31
Signing the Brocade encryption node KAC certificates. . . . . . .32
Importing a signed KAC certificate into a switch . . . . . . . . . . . .32
Gathering information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . . . 41
Replacing an encryption engine in an encryption group . . . . . . . . .45
Creating high availability (HA) clusters . . . . . . . . . . . . . . . . . . . . . . .46
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . . . . 47
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . . . .48
Failback option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Invoking failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Adding encryption targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Configuring hosts for encryption targets . . . . . . . . . . . . . . . . . . . . . .56
Adding target disk LUNs for encryption . . . . . . . . . . . . . . . . . . . . . . . 57