Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
31323334353637383940
16 Encryption Administrator’s Guide
53-1001201-04
Gathering information
2
Gathering information
Before you use the encryption setup wizard for the first time, gather the following information:
The type of key vault you are using — RSA Key Manager (RKM), NetApp Lifetime Key
Management appliance (LKM), or HP Secure Key Manager (SKM).
The IP address or host name for the primary key vault, and the name of the file holding the
primary key vault’s public key certificate.
If you are using a backup key vault, the IP address or host name for the backup key vault, and
the name of the file holding the backup key vault’s public key certificate.
The location and file name you want to use for storing the switch’s public key certificate.
You should also have a detailed configuration plan in place and available for reference. The
encryption setup wizard assumes that you have a plan in place to organize encryption devices into
encryption groups, and optionally have a plan for implementing high availability (HA) clusters to
provide failover support.
User privileges overview
The Data Center Fabric Manager (DCFM) provides the User Administrator with a high level of control
over what functions administrative users can see and use. This section describes the effect that
each user privilege has on the application when placed in one of the three available configurations:
no privilege, read-only, and read/write. User privilege is DCFM’s method of providing role-based
access control (RBAC) to the software’s User Administrator.
In DCFM, resource groups are assigned privileges, roles, and fabrics. Privileges are not directly
assigned to users; users get privileges because they belong to a role in a resource group. A user
can only belong to one resource group at a time.
The following table defines encryption privileges in DCFM and the behavior of the application if the
privilege is not given, read only, or read/write.
DCFM provides three pre-configured roles:
Storage encryption configuration
Storage encryption key operations
Storage encryption security
Table 2 lists features and the associated roles with read/write access and read-only access.