Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
11121314151617181920
2 Encryption Administrator’s Guide
53-1001201-04
Encryption configuration tasks
1
Encryption configuration tasks
Table 1 provides a high level overview and checklist of encryption configuration tasks. These tasks
must be done in the order presented in the table. If the tasks are done out of order, unexpected
errors may be encountered, and the results may be unpredictable. Some tasks can be done only at
the command line interface (CLI). Other tasks may be done at the CLI, or at the Data Center Fabric
Manager (DCFM) management program. Do not mix CLI and DCFM usage for these tasks. If you
use the CLI, stay with the CLI. If you use DCFM, stay with the DCFM.
TABLE 1 High-level encryption configuration checklist
Configuration task For more information
Initialize the switch “Initializing an encryption switch” on page 98
Configure the encryption group leader “Basic encryption group configuration” on page 103 (CLI)
Creating an encryption group
Group-wide policy configuration
Set up and configure key vaults and register the key
vaults with the encryption group leader.
“Key vault configuration” on page 107 (CLI)
Setting up an LKM key vault
Setting up an RKM key vault
Setting up an SKM key vault
Configuring a secondary key vault
Add in all encryption group members and configure
with key vaults if necessary.
Adding a member node to an encryption group” on page 104 (CLI)
Create all HA Clusters, the members of which should
span nodes.
“Master keys” on page 75
“High Availability (HA) cluster configuration” on page 129 (CLI)
Add in all CryptoTarget containers. “CryptoTarget container configuration” on page 136 (CLI)
Frame redirection
Create a host - initiator zone
Creating a CryptoTarget container
Removing an initiator from a CryptoTarget container
Deleting a CryptoTarget container
Moving a CryptoTarget container
Create tape pools, if necessary. Adding tape pools” on page 28 (DCFM)
“Tape pool configuration” on page 155 (CLI)
Configure all LUNs on all available paths “Crypto LUN configuration” on page 144 (CLI)
Discovering a LUN
Configuring a Crypto LUN
Removing a LUN from a CryptoTarget container
Crypto LUN parameters and policies
Modifying Crypto LUN parameters
Force-enabling a disabled LUN for encryption
LUN configuration considerations
Configuring a tape LUN