Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
121122123124125126127128129130
108 Encryption Administrator’s Guide
53-1001201-04
Key vault configuration
3
4. Log into the NetApp LKM appliance from the DMC as follows:
a. Launch the DMC.
b. Click the Appliance tab on the top panel.
c. Add the NetApp LKM appliance IP address or hostname.
d. Right-click the added IP address and log into the NetApp LKM key vault.
5. Exchange certificates between the member node and the NetApp LKM appliance. This
exchange is performed for each member node in the encryption group. Begin with the group
leader.
a. Export the KAC certificate from the group leader to an SCP-capable external host as
kac_lkm_cert.pem. Specify the host IP address and the full path, including the file name,
to where the certificate should be exported.
SecurityAdmin:switch>cryptocfg --export -scp -KACcsr \
192.168.38.245 mylogin /temp/certs/kac_lkm_cert.pem
Password:
Operation succeeded.
b. Open an SSH connection to the NetApp LKM appliance and log in.
host$ssh admin@10.33.54.231
admin@10.33.54.231's password:
Copyright (c) 2001-2008 NetApp, Inc.
All rights reserved
+--------------------------------+
| NetApp Appliance Management CLI |
| Authorized use only! |
+--------------------------------+
Cannot read termcapdatabase;
using dumb terminal settings.
Checking system tamper status:
No physical intrusion detected.
c. Add the group leader to the LKM key sharing group. Enter lkmserver add --type third-party
--key-sharing-group "/" followed by the group leader IP address.
lkm-1>lkmserver add --type third-party --key-sharing-group \
"/" 10.32.244.71
NOTICE: LKM Server third-party 10.32.244.71 added.
Cleartext connections not allowed.
d. On the NetApp LKM appliance terminal, enter sys cert getcert-v2 to display the LKM
certificate content:
lkm-1> sys cert getcert-v2
-----BEGIN CERTIFICATE-----
[content removed]
-----END CERTIFICATE-----
e. Copy and paste the LKM certificate content from the NetApp LKM appliance terminal into
an editor buffer. Save the file as lkmcert.pem on the SCP-capable host. Save the entire
certificate, including the lines
-----BEGIN CERTIFICATE----- and -----END
CERTIFICATE-----.