Brocade Network Advisor SAN User Manual v12.0.0 (53-1002696-01, April 2013)
Brocade Network Advisor SAN User Manual 549
53-1002696-01
Steps for connecting to an LKM/SSKM appliance
20
.
FIGURE 195 Encryption Group Properties with Key Vault Certificate
2. Select Load from File and browse to the location on your client PC that contains the
downloaded CA certificate in .pem format.
Steps for connecting to an LKM/SSKM appliance
The NetApp KeySecure Lifetime Key Manager (LKM) and Storage Secure Key Manager (SSKM)
reside on an FIPS 140-2 Level 3-compliant network appliance. The encryption engine and
LKM/SSKM appliance communicate over a trusted link. A trusted link is a secure connection
established between the Fabric OS encryption switch or blade and the NetApp LKM/SSKM
appliance, using a shared secret called a link key. One link key per encryption switch is established
with each LKM/SSKM appliance; only one link key is established with each LKM/SSKM appliance
and shared between the blades.
The following configuration steps are performed from the NetApp DataFort Management Console
(DMC) and from the Management application:
1. Obtain and import the LKM/SSKM certificate. Refer to “Obtaining and importing the
LKM/SSKM certificate” on page 550.
2. Export and register encryption node certificates on LKM/SSKM. Refer to “Exporting and
registering the switch KAC certificates on LKM/SSKM” on page 551.
3. Install and launch the NetApp DataFort Management Console. Refer to “Launching the NetApp
DataFort Management Console” on page 551.
4. Establish the trusted link. Refer to “Establishing the trusted link” on page 552.