Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)
Fabric OS Encryption Administrator’s Guide 91
53-1001864-01
Chapter
3
Configuring Brocade encryption using the CLI
In this chapter
•Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
•Command validation checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
•Command RBAC permissions and AD types . . . . . . . . . . . . . . . . . . . . . . . . . 93
•Cryptocfg Help command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
•Management LAN configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
•Configuring cluster links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
•Steps for connecting to an SKM appliance . . . . . . . . . . . . . . . . . . . . . . . . . 100
•Generating and backing up the master key. . . . . . . . . . . . . . . . . . . . . . . . . 111
•High Availability (HA) cluster configuration . . . . . . . . . . . . . . . . . . . . . . . . . 113
•Enabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
•Zoning considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
•CryptoTarget container configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
•Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
•Tape pool configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
•Configuring a multi-path Crypto LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
•First time encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
•Data re-keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Overview
This chapter explains how to use the command line interface (CLI) to configure a Brocade
Encryption Switch, or an FS8-18 Encryption blade in a DCX or DCX-4S to perform data encryption.
This chapter assumes that the basic setup and configuration of the Brocade Encryption Switch,
DCX, or DCX-4S has been done as part of the initial hardware installation, including setting the
management port IP address.
For command syntax and description of parameters, refer to the Fabric OS Command Reference
Manual.