Administrator's Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

ManualsBrandsBrocade ManualsComputer AccessoriesFabric OS Encryption

111

112

113

114

115

116

117

118

119

120

Fabric OS Encryption Administrator’s Guide (LKM/SSKM) 95

53-1002925-01

Viewing and editing switch encryption properties

• Group Member

• Leader-Member Comm

• Error

• Discovering

• Not a member

- Encryption Group: The name of the encryption group to which the switch belongs

- Encryption Group Status: Status options are:

• OK/Converged: The group leader can communicate with all members

• Degraded: The group leader cannot communicate with one or more members. The

following operations are not allowed: key vault changes, master key operations,

enable/disable encryption engines, Failback mode changes, HA Cluster creation or

addition (removal is allowed), tape pool changes, and any configuration changes for

storage targets, hosts, and LUNs.

• Unknown: The group leader is in an unmanaged fabric

- Fabric: The name of the fabric to which the switch belongs

- Domain ID: The domain ID of the selected switch

- Firmware Version: The current encryption firmware on the switch.

- Key Vault type: Primary Key Vault Link Key Status/Backup Key Vault Link Key Status:

Status options are:

• No Link Keys, ready to establish: No access request has been sent to an LKM, or a

previous request was not accepted.

• Link key requested, waiting for LKM approval: A request has been sent to LKM and is

waiting for the LKM administrator’s approval.

• Created, not validated: An interim state until first used Link Key valid, online: (LKM

only) a shared link key exists and has been successfully used.

- Primary Key Vault Connection Status/Backup Key Vault Connection Status: Whether the

primary key vault link is connected. Options are:

• Unknown/Busy

• Key Vault Not Configured

• No Response

• Failed authentication

• Connected.

• Key Vault User Name button: (TEKA key vault only.) Shown as inactive.

• Public Key Certificate Request text box: The switch’s KAC certificate signing request, which

must be signed by a certificate authority (CA). The signed certificate must then be imported

onto the switch and onto the primary and backup key vaults.

- Export button: Exports the public key certificate in CSR format to an external file for signing

by a certificate authority (CA).

- Import button: Imports a signed public key certificate.

• Encryption Engine Properties table: The properties for the encryption engine. There may be

0 to 4 slots, one for each encryption engine in the switch.

- Current Status: The status of the encryption engine. Many possible values exist. Common

options are: