Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
11121314151617181920
2 Encryption Administrator’s Guide
53-1001341-02
Encryption configuration tasks
1
Encryption configuration tasks
Table 1 provides a high level overview and checklist of encryption configuration tasks. These tasks
must be done in the order presented in the table. If the tasks are done out of order, unexpected
errors may be encountered, and the results may be unpredictable. Some tasks can be done only at
the command line interface (CLI). Other tasks may be done at the CLI, or at the Data Center Fabric
Manager (DCFM) management program.
TABLE 1 High-level encryption configuration checklist
Configuration task For more information
Initialize the switch “Initializing an encryption switch” on page 90
Configure the encryption group leader “Basic encryption group configuration” on page 95 (CLI)
Creating an encryption group
Group-wide policy configuration
Set up and configure key vaults and register the key
vaults with the encryption group leader.
Appendix D, “Supported Key Management Systems
The NetApp Lifetime Key Manager (LKM)
The RSA Key Manager (RKM)
The HP Secure Key Manager (SKM)
The Thales Encryption Manager for Storage (TEMS, a.k.a., NCKA)
Add in all encryption group members and configure
with key vaults if necessary.
Adding a member node to an encryption group” on page 96 (CLI)
Create all HA Clusters, the members of which should
span nodes.
“Master keys” on page 67
“High Availability (HA) cluster configuration” on page 100 (CLI)
Add in all CryptoTarget containers. “CryptoTarget container configuration” on page 102 (CLI)
Frame redirection
Create a host - initiator zone
Creating a CryptoTarget container
Removing an initiator from a CryptoTarget container
Deleting a CryptoTarget container
Moving a CryptoTarget container
Create tape pools, if necessary. Adding tape pools” on page 33 (DCFM)
“Tape pool configuration” on page 120 (CLI)
Configure all LUNs on all available paths “Crypto LUN configuration” on page 109 (CLI)
Discovering a LUN
Configuring a Crypto LUN
Removing a LUN from a CryptoTarget container
Crypto LUN parameters and policies
Modifying Crypto LUN parameters
Force-enabling a disabled LUN for encryption
LUN configuration considerations
Configuring a tape LUN