Steps Before Configuration Download; Configuration Download At The Encryption Group Leader; Configuration Download At An Encryption Group Member; Steps After Configuration Download - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
5
Configuration upload and download considerations
Steps before configuration download
The configuration download does not have any certificates, public or private keys, master key, or
link keys included. Perform following steps prior to configuration download to generate and obtain
the necessary certificates and keys:
1. Use the following commands to initialize the encryption engine
2. Import peer nodes/switches certificates onto the switch prior to configuration download.
3. Import key vault certificates onto switch prior to configuration download.
4. Create an encryption group with same name as in configuration upload information for the
5. Import Authentication Card Certificates onto the switch prior to configuration download.
Configuration download at the encryption group leader
The configuration download contains the encryption group-wide configuration information about
CryptoTargets, disk and tape LUNs, tape pools, HA clusters, security, and key vaults. The encryption
group leader first applies the encryption group-wide configuration information to the local
configuration database and then distributes the configuration to all members in the encryption
group. Also any layer-2 and switch specific configuration information is applied locally to the
encryption group leader.
Configuration download at an encryption group member
Switch specific configuration information pertaining to the member switch or blade is applied.
Information specific to the encryption group leader is filtered out.
Steps after configuration download
For all opaque key vaults, restore or generate and backup the master key. In a multiple node
encryption group, the master key is propagated from the group leader node.
1. Use the following command to enable the encryption engine.
2. Commit the configuration.
288
cryptocfg --InitNode
cryptocfg --initEE
cryptocfg --regEE
Initializing the switch generates the following internal certificates:
-
KAC certificate
-
CP certificate
-
FIPS officer and user certificates
encryption group leader node.
Admin:switch> cryptocfg --enableEE [slot num]
Admin:switch> cryptocfg --commit
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
