Table of Contents
Advertisement
14
Steps for connecting to an RKM appliance
9. For each encryption node, create an identity as follows.
RKM key vault high availability deployment
When dual RKM appliances are used for high availability, the RKM appliances must be clustered,
and must operate in maximum availability mode, as described in the RKM appliance user
documentation.
When dual RKM appliances are clustered, they are accessed using an IP load balancer. For a
complete high availability deployment, the multiple IP load balancers are clustered, and the IP load
balancer cluster exposes a virtual IP address called a floating IP address. The floating IP address
must be registered on the Brocade encryption group leader.
The secondary RKM appliance must not be registered, and also individual RKM appliance IP
addresses must not be registered.
354
kcn.1998-01.com.brocade:DEK_AES_256_ECB
a. Click Create.
b. Type the key name string into the Name field.
c.
Select Hardware Retail Group for Identity Group.
d. Deselect Activated Keys Have Duration.
e. Select AES for Algorithm.
f.
Select 256 for Key Size.
g.
Select the Mode for the respective key classes as follows:
XTS for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_XTS"
CBC for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_CCM"
CBC for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_GCM"
ECB for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_ECB"
h. Click Next.
i.
Repeat a. through h. for each key class.
j.
Click Finish.
a. Select the Identities tab.
b. Click Create.
c.
Enter a label for the node in the Name field. This is a user-defined identifier.
d. Select the Hardware Retail Group in the Identity Groups field.
e. Select the Operational User role in the Authorization field.
f.
Click Browse and select the imported certificate as the Identity certificate.
g.
Click Save.
DCFM Professional User Manual
53-1001773-01
Advertisement
Chapters
Table of Contents
Troubleshooting
