Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
61626364656667686970
Fabric OS Encryption Administrator’s Guide (DPM) 45
53-1002720-02
Creating an encryption group
2
FIGURE 28 Next Steps dialog box
13. Review the post-configuration instructions, which you can copy to a clipboard or print for later,
then click Finish to exit the wizard.
Understanding configuration status results
After configuration of the encryption group is completed, BNA sends API commands to verify the
switch configuration. The CLI commands are detailed in the encryption administrator’s guide for
your key vault management system.
1. Initialize the switch. If the switch is not already in the initiated state, BNA performs the
cryptocfg
--initnode command.
2. Create an encryption group on the switch. BNA creates a new group using the cryptocfg
--create -encgroup command, and sets the key vault type using the cryptocfg --set -keyvault
command.
3. Register the key vault. BNA registers the key vault using the cryptocfg
--reg keyvault
command.
4. Enable the encryption engines. BNA initializes an encryption switch using the cryptocfg
--
initEE [<slotnumber>] and cryptocfg --regEE [<slotnumber>] commands.
5. Create a new master key. (Opaque key vaults only). BNA checks for a new master key. New
master keys are generated from the Security tab located in the Encryption Group Properties
dialog box.
6. Save the switch’s public key certificate to a file. BNA saves the KAC certificate in the specified
file.
7. Back up the master key to a file. (Opaque key vaults only). BNA saves the master key in the
specified file.