Setting Encryption Node Initialization; Key Management Interoperability Protocol - Brocade Communications Systems StoreFabric SN6500B User Manual

Setting encryption node initialization

Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a
configuration. Encryption nodes may also be initialized from the Encryption Center dialog box.
1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from
2. Select Yes after reading the warning message to initialize the node.

Key Management Interoperability Protocol

The Key Management Interoperability Protocol (KMIP) standardizes the communication between
an Enterprise key management system and a client, thus replacing the use of vendor-specific key
vault servers with KMIP-compatible servers. Currently, KMIP versions 1.0 and 1.1 are supported.
NOTE
Currently, only KMIP with SafeNet KeySecure 6.1 for key management (SSKM) native hosting LKM
is supported.
Any KMIP-compliant server can be registered as a key vault on the Fabric OS encryption switch
after setting the key vault type to KMIP. With the introduction of Fabric OS 7.1.0, TKLM key vaults
can be reregistered as KMIP key vaults without losing older keys that were created with earlier
versions of Fabric OS. For other supported key vaults, only new installations are allowed to use the
KMIP key vault type. KMIP will work for any key server supporting KMIP 1.0 and 1.1 protocols.
Currently, the following key vault types can be configured as KMIP servers on the Fabric OS
encryption switch:
•
•
•
•
Although KMIP support is available from multiple key vault types, each key vault implementation
differs in terms of HA clustering, certificate exchange, and authentication. The KMIP adapter
simplifies this implementation by providing a single client SDK that is interoperable with any
KMIP-compliant key server.
The KMIP KAC adapter provides configurable HA support.
NOTE
The KMIP client does not implement HA. Implementation is done either at the KAC adapter level, or
transparently on the server.
Brocade Network Advisor SAN User Manual
53-1002696-01
the menu task bar.
HP ESKM, which is allowed for new installations only. It is not backwards compatible with keys
created using Fabric OS versions prior to v7.1.0.
IBM TKLM, which is backwards compatible with keys created using earlier Fabric OS versions
(v6.41 - v7.0.1)
Thales TEKA, which is allowed for new installations only. It is not backwards compatible with
keys created using Fabric OS versions prior to v7.1.0.
RSA DPM, which is allowed for new installations only. It is not backwards compatible with keys
created using Fabric OS versions prior to v7.1.0.
Key Management Interoperability Protocol
20
541