Manualshelf

DCFM Professional Plus User Manual (53-1001774-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
11121314151617181920
DCFM Professional Plus User Manual xix
53-1001774-01
Contents
Steps for connecting to an LKM appliance . . . . . . . . . . . . . . . . . . .467
The NetApp DataFort Management Console . . . . . . . . . . . . . 467
Establishing the trusted link . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Obtaining and importing the LKM certificate. . . . . . . . . . . . . 469
Exporting and registering the switch KAC certificates on LKM 470
LKM key vault high availability deployment . . . . . . . . . . . . . . 470
Disk keys and tape pool keys (Brocade native mode support) 470
Tape LUN and DF -compatible tape pool support . . . . . . . . . 471
LKM Key Vault Deregistration . . . . . . . . . . . . . . . . . . . . . . . . . 471
Steps for connecting to an SKM appliance . . . . . . . . . . . . . . . . . . .472
Configuring a Brocade group on SKM . . . . . . . . . . . . . . . . . . 473
Registering the SKM Brocade group user name and password 474
Setting up the local Certificate Authority (CA) on SKM . . . . . 475
Downloading the local CA certificate from SKM . . . . . . . . . . 476
Creating and installing the SKM server certificate . . . . . . . . 476
Enabling SSL on the Key Management System (KMS) Server 477
Creating an SKM High Availability cluster . . . . . . . . . . . . . . . 478
Copying the local CA certificate for a clustered SKM appliance 478
Adding SKM appliances to the cluster . . . . . . . . . . . . . . . . . . 479
Signing the Brocade encryption node KAC certificates. . . . . 480
Importing a signed KAC certificate into a switch . . . . . . . . . . 480
Steps for connecting to a TEMS appliance . . . . . . . . . . . . . . . . . . .481
Setting up TEMS network connections. . . . . . . . . . . . . . . . . . 481
Creating a client on TEMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Establishing TEMS key vault credentials on the switch . . . . 484
Importing a signed KAC certificate into a switch . . . . . . . . . . 484
Gathering information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485
Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . .486
Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . .499
Replacing an encryption engine in an encryption group . . . . . . . .502
Creating high availability (HA) clusters . . . . . . . . . . . . . . . . . . . . . .503
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . . 504
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . . 505
Failback option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
Invoking failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
Adding encryption targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506
Configuring hosts for encryption targets . . . . . . . . . . . . . . . . . . . . .513
Adding target disk LUNs for encryption . . . . . . . . . . . . . . . . . . . . . .514
Remote replication LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
SRDF pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Metadata requirements and remote replication . . . . . . . . . . 517
Adding Target Tape LUNs for encryption . . . . . . . . . . . . . . . . . . . . .519
Configuring encrypted tape storage in a multi-path environment 520
Re-balancing the encryption engine . . . . . . . . . . . . . . . . . . . . . . . .521