Brocade Network Advisor SAN User Manual v12.0.0 (53-1002696-01, April 2013)
624 Brocade Network Advisor SAN User Manual
53-1002696-01
Creating a new encryption group
20
Figure 268 shows the key vault selection dialog box for KMIP.
FIGURE 268 Select Key Vault dialog box for KMIP
1. Select the High Availability mode. Options are:
• Opaque: Both the primary and secondary key vaults are registered on the Fabric OS
encryption switch. The client archives the key to a single (primary) key vault. For disk
operations, an additional hardening check is done on the secondary key vault before the
key is used for encryption.
• Transparent: A single key vault should be registered on the Fabric OS encryption switch.
The client assumes the entire HA is implemented on the key vault. Key archival and
retrieval is done to the KMIP without any additional hardening checks.
• No HA: Both the primary and secondary key vaults are registered on the Fabric OS
encryption switch. The client archives keys to both key vaults and ensures that the archival
is successful before the key is used for encryption.
2. Enter the Primary Key Vault IP address or hostname, and port number.
3. Enter the Primary Certificate file name, or browse to the file location.
4. (Optional) Enter a Backup Key Vault IP address or hostname, and port number, and Backup
Certificate File, or browse to the desired location.
5. Select the method for user authentication. Options are:
• Username and Password: Activates the Primary and Backup Key Vault User Names and
password fields for completion.
• Username: Activates the Primary and Backup Key Vault User Names for completion.
• None: Deactivates Primary and Backup Key Vault User Names and password fields.