Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
31323334353637383940
Encryption Administrator’s Guide 13
53-1001341-02
Encryption switch initialization
1
Encryption switch initialization
Each encryption switch must be pre-initialized to be able to participate in a secure encryption
environment. Pre-initialization establishes critical security parameters, such as certificates, and
key pairs that are used to mutually authenticate each participating entity. Certificates and key pairs
are needed to enable the following:
Communication between the encryption engine and the switch control processor (CP).
Communication between group leaders and nodes in an encryption group.
Communication with key vaults.
Exporting, importing, and loading certificates
Certain certificates generated within an encryption switch or blade need to be exchanged with key
vaults to enable mutual authentication. Refer toAppendix D, “Supported Key Management
Systems” for information for each supported key vault.
Support for Virtual Fabrics
The Brocade encryption switch does not support the logical switch partitioning capability and can
not be partitioned, but the switch can be connected to any Logical Switch partition or Logical Fabric
using an E-Port.
The FS8-18 encryption blades are supported in only in a default switch partition All FS8-18 blades
must be placed in a default switch partition in DCX or DCX-4S. The encryption resource from default
switch partition/fabric can be shared with other logical switch partitions/fabrics or other fabrics
only through external device sharing using FCR or EX_Ports through a base switch/fabric. A
separate port blade must be used in the base switch/fabric for EX_Port connectivity from the
logical switch partition (default switch partition) of FS8-18 blades and host/target fabrics. The
EX_Port can be on any external FCR switch.
NOTE
Please refer to Fabric OS Administrator’s Guide for more details on how to configure the DCX and
DCX-4S in virtual fabrics environments including configuration of default switch partition and any
other logical switch partitions.