Configuring For Encryption (Optional) - IBM SAN768B-2 User Manual

Configuring for encryption (optional)

Summary of procedure
The optional FS8-18 encryption blade requires configuration to enable the
configuration functions. This section provides a brief overview of those
configuration steps. Refer to the Fabric OS Encryption Administrator's Guide (TKLM
Key Management) for the detailed procedures to configure the encryption functions.
Note:
If the encryption blade (FS8-18) is being configured for the first time for encryption
services, you will need to perform several pre-initialization tasks related to
configuring the encryption node (switch), including:
v Generating the Critical Security Parameters (CSPs) and certificates
v Loading and setting up the certificates
v Establishing a trusted link (LKM Appliance)
v Configuring the global parameters and policies of the encryption group
v Generating and backing up the master key in RSA environments
v Handling key-vault high-availability
v Configuring cluster interconnect
After completing the pre-initialization tasks, you may need to perform several
tasks related to configuring the encryption group. Figure 14 summarizes the flow
of the encryption-configuration tasks.
Figure 14. Encryption configuration
Encryption Configuration
Pre-initialization setup
Generate critical security parameters
and certificates
Load and set up certificates
Establish Trusted Link (LKM
appliance)
Node (switch)
Configure global parameters and
level
policies of encryption group
Generate and back-up master key in
RSA environments
Key Vault high availability handling
Configure cluster interconnect
Encryption group configuration
Crypto target container configuration
Encryption
group level Crypto LUN (disk) configuration
Crypto tape configuration
Other configuration
Chapter 3. Starting and configuring the SAN768B-2
49