Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch

151

152

153

154

155

156

157

158

159

160

134 Fabric OS Encryption Administrator’s Guide (DPM)

53-1002720-02

Steps for connecting to a DPM appliance

All switches you plan to include in an encryption group must have a secure connection to the Data

Protection Manager (DPM). The following procedure is a suggested order of steps for creating a

secure connection to DPM.

NOTE

The Brocade Encryption Switch will not use the Identity Auto Enrollment feature supported with DPM

3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x server

with the Brocade Encryption Switch. Refer to “Client registration for manual enrollment” on

page 140.

1. Initialize the encryption engines on every Fabric OS encryption node that is expected to

perform encryption within the fabric. The cryptocfg

--initnode command generates a Key

Archive Client

Certificate Signing Request (KAC CSR) that must be present to enable

subsequent steps. Refer to “Initializing the Fabric OS encryption engines” on page 135.

2. Export the KAC CSR to a location accessible to a certificate authority (CA) for signing. Refer to

“Exporting the KAC certificate signing request (CSR)” on page 136.

3. Submit the KAC CSR for signing by a CA. Refer to “Submitting the CSR to a CA” on page 136.

4. Import the signed certificate into the Fabric OS encryption node. Refer to “Importing the signed

KAC certificate” on page 137.

5. Upload the CA certificate onto the DPM key vault. Refer to “Uploading the CA certificate onto

the DPM appliance (and first-time configurations)” on page 138.

6. Upload the KAC certificate onto the DPM appliance, then select the appropriate key classes.

Refer to “Uploading the KAC certificate onto the DPM apliance (manual identity enrollment)” on

page 139.

7. If dual DPM appliances are used for high availability, the DPM appliances must be clustered

and must operate in maximum availability mode, as described in the DPM appliance user

documentation.

8. Create a Brocade encryption group. Refer to “Creating a Brocade encryption group” on

page 139.

9. Register the DPM on the group leader by exporting the CA certificate for the CA that signed the

DPM certificate. Refer to “Client registration for manual enrollment” on page 140.

NOTE

DPM is formerly referred to as RKM. DPM 3.x servers are referred to as DPM. DPM is compatible

with Fabric OS 7.1.0 and later. RSA servers using the RKM 2.1.1 client are compatible with earlier

Fabric OS versions (for example, v7.0.1) are still referred to as RKM.