Brocade Network Advisor SAN User Manual v12.0.0 (53-1002696-01, April 2013)
xx Brocade Network Advisor SAN User Manual
53-1002696-01
Steps for connecting to a KMIP appliance (SafeNet KeySecure). . 574
Setting FIPS compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575
Creating a local CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Creating a server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . .577
Creating a cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582
Signing the encryption node KAC CSR on KMIP . . . . . . . . . . .584
Importing a signed KAC certificate into a switch . . . . . . . . . . .585
Backing up the certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . .586
Configuring the KMIP server . . . . . . . . . . . . . . . . . . . . . . . . . . .588
Adding a node to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . .589
Encryption preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591
Creating a new encryption group . . . . . . . . . . . . . . . . . . . . . . . . . . .592
Configuring key vault settings for RSA Data Protection
Manager (DPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597
Configuring key vault settings for NetApp Link Key
Manager (LKM/SSKM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .604
Configuring key vault settings for HP Enterprise Secure
Key Manager (ESKM/SKM). . . . . . . . . . . . . . . . . . . . . . . . . . . .609
Configuring key vault settings for Thales e_Security
keyAuthority (TEKA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613
Configuring key vault settings for IBM Tivoli Key
Lifetime Manager (TKLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .619
Configuring key vault settings for Key Management
Interoperability Protocol (KMIP) . . . . . . . . . . . . . . . . . . . . . . . .623
Understanding configuration status results. . . . . . . . . . . . . . .629
Adding a switch to an encryption group. . . . . . . . . . . . . . . . . . . . . .630
Replacing an encryption engine in an encryption group . . . . . . . .636
High availability (HA) clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .637
Creating High availability (HA) clusters. . . . . . . . . . . . . . . . . . .637
Removing engines from an HA cluster . . . . . . . . . . . . . . . . . . .638
Swapping engines in an HA cluster . . . . . . . . . . . . . . . . . . . . .639
Failback option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639
Invoking failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639
Configuring encryption storage targets . . . . . . . . . . . . . . . . . . . . . .640
Adding an encryption target . . . . . . . . . . . . . . . . . . . . . . . . . . .640
Configuring hosts for encryption targets . . . . . . . . . . . . . . . . . . . . .648
Adding target disk LUNs for encryption . . . . . . . . . . . . . . . . . . . . . .650
Configuring Storage Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . .655
Remote replication LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .656
SRDF pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .656
Metadata requirements and remote replication . . . . . . . . . . .657
Adding target tape LUNs for encryption. . . . . . . . . . . . . . . . . . . . . .658
Moving Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661
Configuring encrypted tape storage in a
multi-path environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661
Tape LUN write early and read ahead . . . . . . . . . . . . . . . . . . . . . . .662