Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
Encryption Administrator’s Guide 91
53-1001341-02
Encryption switch initialization
3
NOTE
Node initialization overwrites any existing authentication data on the node.
SecurityAdmin:switch>cryptocfg --initnode
This will overwrite all identification and authentication data
ARE YOU SURE (yes, y, no, n): [no] y
Notify SPM of Node Cfg
Operation succeeded.
6. Initialize the encryption engine by entering the cryptocfg --initEE command. Provide a slot
number if the encryption engine is a blade. This step generates critical security parameters
(CSPs) and certificates in the CryptoModule’s security processor (SP). The CP and the SP
perform a certificate exchange to register respective authorization data.
SecurityAdmin:switch>cryptocfg --initEE
This will overwrite previously generated identification
and authentication data
ARE YOU SURE (yes, y, no, n): y
Operation succeeded.
7. Register the encryption engine by entering the cryptocfg --regEE command. Provide a slot
number if the encryption engine is a blade. This step registers the encryption engine with the
CP or chassis. Successful execution results in a certificate exchange between the encryption
engine and the CP through the FIPS boundary.
SecurityAdmin:switch>cryptocfg --regEE
Operation succeeded.
NOTE
You should complete the encryption group configuration and key vault registration before you
enable the Brocade Encryption Switch or the FS8-18 blade for encryption.
8. Enable the encryption engine by entering the cryptocfg
--enableEE command. Provide a slot
number if the encryption engine is a blade.
NOTE
Every time a Brocade Encryption Switch or DCX or DCX-4S chassis containing one or more
FS8-18 blade goes through power cycle event, or after issuing slotpoweroff <slot number>
followed by slotpoweron <slot number> for an FS8-18 blade in DCX or DCX-4S Chassis, the
encryption engine must be enabled manually by the Security Administrator. Hosts cannot
access the storage LUNs through the storage paths exposed on this Brocade Encryption Switch
or FS8-18 blade until the encryption engine is enabled. The encryption engine state can
viewed using the cryptocfg --show -localEE command, or by displaying switch or blade
properties from DFCM. An encryption engine that is not enabled indicates Waiting for Enable
EE.
SecurityAdmin:switch>cryptocfg --enableEE
Operation succeeded.