Brocade Network Advisor SAN User Manual v12.0.0 (53-1002696-01, April 2013)
574 Brocade Network Advisor SAN User Manual
53-1002696-01
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
20
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP)
KeySecure Management Console can be used on the Fabric OS encryption switch. Any
KMIP-compliant server can be reregistered as a KMIP key vault.
NOTE
Currently, only KMIP with SafeNet KeySecure for Key Management (SSKM) native hosting LKM is
supported.
After installing the SafeNet KeySecure appliance (also referred to as KeySecure), you must
complete the following steps before the Fabric OS encryption switch can be configured with the
KeySecure. These steps must be performed only once.
NOTE
If you are configuring two Key Server nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.
The following is a suggested order of steps that must be completed to create a secure connection
to the SafeNet KeySecure.
1. Set FIPS compliance. Refer to “Setting FIPS compliance” on page 575.
2. Create a local CA. Refer to “Creating a local CA” on page 576.
3. Create a server certificate. Refer to “Creating a server certificate” on page 577.
4. Create a cluster. Refer to “Creating a cluster” on page 582.
5. Export and sign the encryption node certificate signing requests. Refer to “Signing the
encryption node KAC CSR on KMIP” on page 584.
6. Import the signed certificates into the encryption node. Refer to “Importing a signed KAC
certificate into a switch” on page 585.
7. Back up the certificates Refer to “Backing up the certificates” on page 586.
8. Configure the KMIP server. Refer to “Configuring the KMIP server” on page 588.
9. Add a secondary node to the cluster. Refer to “Adding a node to the cluster” on page 589.