Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
101102103104105106107108109110
Fabric OS Encryption Administrator’s Guide 91
53-1001864-01
Chapter
3
Configuring Brocade encryption using the CLI
In this chapter
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Command validation checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Command RBAC permissions and AD types . . . . . . . . . . . . . . . . . . . . . . . . . 93
Cryptocfg Help command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Management LAN configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring cluster links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Steps for connecting to an SKM appliance . . . . . . . . . . . . . . . . . . . . . . . . . 100
Generating and backing up the master key. . . . . . . . . . . . . . . . . . . . . . . . . 111
High Availability (HA) cluster configuration . . . . . . . . . . . . . . . . . . . . . . . . . 113
Enabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Zoning considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
CryptoTarget container configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Tape pool configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring a multi-path Crypto LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
First time encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Data re-keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Overview
This chapter explains how to use the command line interface (CLI) to configure a Brocade
Encryption Switch, or an FS8-18 Encryption blade in a DCX or DCX-4S to perform data encryption.
This chapter assumes that the basic setup and configuration of the Brocade Encryption Switch,
DCX, or DCX-4S has been done as part of the initial hardware installation, including setting the
management port IP address.
For command syntax and description of parameters, refer to the Fabric OS Command Reference
Manual.