Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
131132133134135136137138139140
Encryption Administrator’s Guide 119
53-1001201-04
Key vault configuration
3
Setting up an HP SKM key vault
Setting up an HP SKM key vault consists of the registering the encryption group leader and group
member nodes with the HP SKM key vault by exporting their KAC certificates, and taking steps on
the HP SKM appliance that allow the certificates to be signed by a local certificate authority (CA) on
the HP SKM appliance. These steps can be broken down into the following tasks.
Exporting the KAC certificate request
A KAC certificate request must be exported for each encryption node to an SCP-capable host.
1. Log into the group leader as Admin or SecurityAdmin.
2. Set the SKM key vault type by entering. the cryptocfg
--set -keyvault command with the SKM
option. Successful execution sets the key vault type for the entire encryption group.
SecurityAdmin:switch>cryptocfg --set -keyvault SKM
Set key vault status: Operation Succeeded.
3. On each node in the encryption group, perform the following steps.
a. Export the KAC certificate to an SCP-capable host.
SecurityAdmin:switch>cryptocfg --export -scp -KACcsr
192.168.38.245 mylogin /temp/certs/kac_skm.csr
NOTE
Record this location so you can easily find the KAC certificate for signing in the “Signing the KAC
certificate” procedure.
Setting up a Brocade user
1. Launch the SKM administration console in a web browser and log in with your user name and
password.
2. Select the Security tab.
3. Select Local Users & Groups under Users and Groups.
The User & Group Configuration page is displayed.
4. Select Add under Local Users.
5. Add a new user called brcduser1 under Username, and!Brocade@3 under Password.
6. Select both the User Administration Permission and Change Password Permission check
boxes for the new user.
7. Sel ec t Save to save this user data.
8. Select Add under Local Groups.
9. Add a new group called brocade under Group.
10. Select Save.
11. Select the new brocade group name, and then select Properties.
Local Group Properties and a User List are displayed.
12. In the User List section, select or type the Brocade user name brcduser1 under Username.