Leader - Brocade Communications Systems Brocade 8/12c Administrator's Manual
Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1132 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
3
Steps for connecting to an SKM or ESKM appliance
13. Download the signed certificate to your local system as signed_kac_skm_cert.pem.
14. Import the signed certificate from its location, or from a USB storage device.
15. Register the KAC certificate.
16. Repeat this procedure for every encryption node that is expected to perform encryption within
Registering SKM or ESKM on a Brocade encryption group leader
An encryption group consists of one or more encryption engines. Encryption groups can provide
failover/failback capabilities by organizing encryption engines into Data Encryption Key (DEK)
clusters. An encryption group has the following properties:
•
•
•
•
•
You will need to know the download location for the CA certificate used when
local CA certificate"
1. Identify one node (a Brocade Encryption Switch or a Brocade DCX or Brocade DCX-4S with an
2. Enter the cryptocfg
128
Upon success, you are presented with the option of downloading the signed certificate.
SecurityAdmin:switch>cryptocfg --import -scp signed_kac_skm_cert.pem \
192.168.38.245 mylogin /tmp/certs/kac_skm_cert.pem
Password:
Operation succeeded.
The following example imports a KAC certificate that was previously exported to USB storage.
SecurityAdmin:switch>cryptocfg --import -usb signed_kac_skm_cert.pem \
kac_skm_cert.pem
Operation succeeded.
SecurityAdmin:switch>cryptocfg --reg -KACcert signed_kac_skm_cert.pem
Operation succeeded
the fabric.
It is identified by a user-defined name.
When there is more than one member, the group is managed from a designated group leader.
All group members must share the same key manager.
The same master key is used for all encryption operations in the group.
In the case of FS8-18 blades:
-
All encryption engines in a chassis are part of the same encryption group.
-
An encryption group may contain up to four DCX nodes with a maximum of four encryption
engines per node forming a total of sixteen encryption engines.
on page 121.
FS8-18 blade) as the designated group leader and log in as Admin or SecurityAdmin.
create -encgroup command followed by a name of your choice. The
--
name can be up to 15 characters long, and it can include any alphanumeric characters and
underscores. White space or other special characters are not permitted.
The following example creates the encryption group "brocade".
SecurityAdmin:switch>cryptocfg --create -encgroup brocade
Encryption group create status: Operation Succeeded.
"Downloading the
Fabric OS Encryption Administrator's Guide
53-1002159-03
Advertisement
Table of Contents
Troubleshooting
