Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
31323334353637383940
Encryption Administrator’s Guide 19
53-1001341-02
Smart card usage
2
Registering authentication cards from a card reader
When authentication cards are used, one or more authentication cards must be read by a card
reader attached to a Management application PC to enable certain security sensitive operations.
These include the following:
Master key generation, backup, and restore operations.
Replacement of authentication card certificates.
Enabling and disabling the use of system cards.
Changing the quorum size for authentication cards.
Establishing a trusted link with the NetApp LKM key manager.
Authentication requires a quorum of authentication cards. The authentication provided by the
quorum of authentication cards is given a lifespan of ten minutes, unless the authentication is
explicitly cancelled, or the switch is rebooted or power-cycled. This prevents indefinite open-ended
access to security sensitive operations after authentication. If the lifespan expires, and pending
operations are allowed to complete, but new operations will require re-authentication.
To register an authentication card or a set of authentication cards from a card reader, have the
cards physically available. Authentication cards can be registered during encryption group or
member configuration when running the configuration wizard, or they can be registered using the
following procedure.
1. Select Configure > Encryption from the menu bar.
The Encryption Center dialog box displays.
2. Select an encryption group, and select Security Settings.
3. Select the Quorum Size.
The quorum size is the minimum number of cards necessary to enable the card holders to
perform the security sensitive operations listed above. The maximum quorum size is five
cards. The actual number of authentication cards registered is always more than the quorum
size, so if you set the quorum size to five, for example, you will need to register at least six
cards in the subsequent steps.
NOTE
Ignore the System Cards setting. Refer to “Enabling or disabling the system card requirement”
on page 21 for information on its usage.
4. Click Next.
The Register Authentication Cards dialog is displayed. This dialog include a table that shows all
registered authentication cards.
5. Select Register from Card Reader to register a new card.
The Add Authentication Card dialog box is displayed.
6. Insert a smart card into the card reader. Be sure to wait for the card serial number to appear,
and then enter card assignment information, as directed.
7. Cl ic k OK.
8. Wait for the confirmation dialog box indicating initialization is done, and click OK.
The card is added to the Registered Authentication Cards table on the Authentication Cards
dialog box.