Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
218 Encryption Administrator’s Guide
53-1001341-02
The HP Secure Key Manager
D
The HP Secure Key Manager
The HP StorageWorks Secure Key Manager (SKM) is a security appliance providing centralized key
management operations. SKM runs on a stand-alone FIPS 140-2 level 2 compliant hardware
platform that is isolated from the other applications, and runs a hardened operating system. SKM
offers high availability, clustering and failover options.
After the required certificate file is loaded on the encryption switch, and the SKM IP addresses are
configured on the encryption switch, the encryption switch automatically establishes a secure
connection with SKM. Communication with SKM is secured by wrapping DEKs in a master key. The
encryption engine must generate its own master key, send DEKs to SKM encrypted in the master
key, and decrypt DEKs received from SKM using the same master key.
Setting up an HP SKM key vault consists of registering the encryption group leader and group
member nodes with the HP SKM key vault by exporting their KAC certificates, creating a Brocade
group on the SKM key vault, and taking steps on the HP SKM appliance that allow the certificates
to be signed by a local certificate authority (CA) on the HP SKM appliance.