Brocade Communications Systems StoreFabric SN6500B Administrator's Manual page 164
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
3
Steps for connecting to an SKM or ESKM appliance
The switch on which you create the encryption group becomes the designated group leader. Once
you have created an encryption group, all group-wide configurations, including key vault
configuration, adding member nodes, configuring failover policy settings, and setting up storage
devices, as well as all encryption management operations, are performed on the group leader.
3. Set the key vault type for SKM/ESKM by entering the cryptocfg
4. Import the CA certificate from the download location used when
5. As the switches come up, enable the encryption engines.
6. Use the cryptocfg
146
Successful execution sets the key vault type for the entire encryption group. The following
example sets the key vault type to SKM, which is the selection also used for ESKM.
SecurityAdmin:switch> cryptocfg --set -keyvault SKM
Set key vault status: Operation Succeeded.
certificate"
on page 138, and register SKM as the key vault. The group leader automatically
shares this information with other group members.
SecurityAdmin:switch> cryptocfg --import -scp <CA certificate file>
<host IP> <host username> <host path>
SecurityAdmin:switch> cryptocfg --reg -keyvault <CA certificate file>
<SKM IP> primary
At this point, it may take around one minute to fully configure the switch with SKM/ESKM.
SecurityAdmin:switch> cryptocfg --enableEE
Operation succeeded.
show groupcfg command to verify that the key vault state is Connected.
--
Mace_127:admin> cryptocg --show groupcfg
rbash: cryptocg: command not found
Mace_127:admin> cryptocfg --show -groupcfg
Encryption Group Name:
Failback mode:
Auto
Replication mode:
Disabled
Heartbeat misses:
3
Heartbeat timeout:
2
Key Vault Type:
SKM
System Card:
Disabled
Primary Key Vault:
IP address:
10.32.53.55
Certificate ID:
Brocade
Certificate label:
skmcert
State:
Connected
Type:
SKM
Secondary Key Vault not configured
Additional Key Vault/Cluster Information:
Key Vault/CA Certificate Validity:
Port for Key Vault Connection:
Time of Day on Key Server:
Server SDK Version:
Encryption Node (Key Vault Client) Information:
Node KAC Certificate Validity:
mace127_mace129
Yes
9000
2010-03-17 17:51:31
4.8.1
Yes
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
set
keyvault command.
--
-
"Downloading the local CA
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Brocade Communications Systems StoreFabric SN6500B
Related Products for Brocade Communications Systems StoreFabric SN6500B
- Brocade Communications Systems SN3000B
- Brocade Communications Systems FastIron SX 800
- Brocade Communications Systems FastIron SX 1600
- Brocade SX 800
- Brocade SX 1600
- Brocade Communications Systems ServerIron ADX
- Brocade Communications Systems Slim Rail Rack Mount
- Brocade Communications Systems SilkWorm 2000
- Brocade Communications Systems SI1000
- Brocade Communications Systems SI1000F
- Brocade Communications Systems SI4000
- Brocade Communications Systems SI10000
- Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems Brocade BladeSystem 4/12
- Brocade Communications Systems Brocade BladeSystem 4/24