Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12

121

122

123

124

125

126

127

128

129

130

Fabric OS Encryption Administrator’s Guide 107

53-1001864-01

Steps for connecting to an SKM appliance

ARE YOU SURE (yes, y, no, n): y

Operation succeeded.

7. Register the encryption engine by entering the cryptocfg --regEE command. Provide a slot

number if the encryption engine is a blade. This step registers the encryption engine with the

CP or chassis. Successful execution results in a certificate exchange between the encryption

engine and the CP through the FIPS boundary.

SecurityAdmin:switch>cryptocfg --regEE

Operation succeeded.

8. Repeat the above steps on every node that is expected to perform encryption.

Registering the SKM Brocade group user name and password

The Brocade group user name and password you created when configuring a Brocade group on

SKM must also be registered on each Brocade encryption node.

1. Log into the switch as Admin or SecurityAdmin.

2. Register the HP SKM Brocade group user password and user name by issuing the following

command.

SecurityAdmin:switch>cryptocfg --reg -KAClogin primary

NOTE

This command is must be used only for the primary key vault.

3. When prompted, enter the user name.

4. When prompted enter and confirm the password.

5. Repeat the procedure for each node.

Keep the following rules in mind when registering the Brocade user name and password:

- The user name and password must match the user name and password specified for the

Brocade group.

- The same user name and password must be configured on all nodes in an encryption

group. This is not enforced or validated by the encryption group members, so care must be

taken when configuring the user name and password to ensure they are the same on each

node.

- Different user names and passwords can never be used within the same encryption group,

but each encryption group may have its own user name and password.

- If you change the user name and password using the -KAClogin option, the keys created by

the previous user become inaccessible. The Brocade group user name and password must

also be changed to the same values on SKM to make the keys accessible.

- When storage is moved from one encryption group to another, and the new encryption

group uses different user name and password, the Brocade group user name and

password must also be changed to the same values on SKM to make the keys accessible.