Brocade Network Advisor SAN User Manual v12.0.0 (53-1002696-01, April 2013)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software

Brocade Network Advisor SAN User Manual xix

53-1002696-01

Importing the signed KAC certificate . . . . . . . . . . . . . . . . . . . .546

Uploading the CA certificate onto the DPM

appliance (and first-time configurations) . . . . . . . . . . . . . . . . .546

Uploading the KAC certificate onto the DPM

appliance (manual identity enrollment) . . . . . . . . . . . . . . . . . .548

DPM key vault high availability deployment . . . . . . . . . . . . . . .548

Loading the CA certificate onto the encryption

group leader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .548

Steps for connecting to an LKM/SSKM appliance . . . . . . . . . . . . .549

Obtaining and importing the LKM/SSKM certificate. . . . . . . .550

Exporting and registering the switch KAC certificates

on LKM/SSKM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551

Launching the NetApp DataFort Management Console . . . . .551

Establishing the trusted link . . . . . . . . . . . . . . . . . . . . . . . . . . .552

LKM/SSKM key vault high availability deployment . . . . . . . . .552

Disk keys and tape pool keys (Brocade native mode support)553

Tape LUN and DF -compatible tape pool support . . . . . . . . . .553

LKM/SSKM key vault deregistration . . . . . . . . . . . . . . . . . . . .554

Steps for connecting to an ESKM/SKM appliance . . . . . . . . . . . . .554

Configuring a Brocade group on ESKM/SKM . . . . . . . . . . . . .555

Registering the ESKM/SKM Brocade group user name

and password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556

Setting up the local Certificate Authority (CA) on ESKM/SKM557

Downloading the local CA certificate from ESKM/SKM . . . . .558

Creating and installing the ESKM/SKM server certificate . . .559

Enabling SSL on the Key Management System (KMS) Server560

Creating an ESKM/SKM High Availability cluster . . . . . . . . . .560

Copying the local CA certificate for a clustered

ESKM/SKM appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .561

Adding ESKM/SKM appliances to the cluster . . . . . . . . . . . . .561

Signing the encryption node KAC CSR on ESKM/SKM . . . . . .562

Importing a signed KAC certificate into a switch . . . . . . . . . . .563

ESKM/SKM key vault high availability deployment . . . . . . . . .563

Steps for connecting to a TEKA appliance. . . . . . . . . . . . . . . . . . . .565

Setting up TEKA network connections . . . . . . . . . . . . . . . . . . .565

Creating a client on TEKA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567

Establishing TEKA key vault credentials on the switch . . . . . .568

Signing the encryption node KAC CSR on TEKA . . . . . . . . . . .569

Importing a signed KAC certificate into a switch . . . . . . . . . . .569

Steps for connecting to a TKLM appliance . . . . . . . . . . . . . . . . . . .570

Exporting the Fabric OS node self-signed KAC certificates. . . 571

Converting the KAC certificate format . . . . . . . . . . . . . . . . . . . 571

Establishing a default key store and device group on TKLM . 571

Adding a device to the device group. . . . . . . . . . . . . . . . . . . . . 571

Creating a self-signed certificate for TKLM . . . . . . . . . . . . . . .572

Importing the Fabric OS encryption node KAC certificates

to TKLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572

Exporting the TKLM self-signed server certificate. . . . . . . . . .572

Importing the TKLM certificate into the group leader . . . . . . .573