Data Encryption Key Life Cycle Management - Brocade Communications Systems 1606 Administrator's Manual
Fabric os encryption administrator's guide v6.4.0 (53-1001864-01, june 2010)
Hide thumbs
Also See for 1606:
- Command reference manual (988 pages) ,
- Reference (792 pages) ,
- Administrator's manual (592 pages)
Table of Contents
Advertisement
Data encryption key life cycle management
Data encryption keys (DEKs) are generated by the encryption engine. Data is encrypted and
decrypted using the same DEK, so a DEK must be preserved at least long enough to decrypt the
ciphertext that it created. The length of time data is stored before it is retrieved can vary greatly,
and some data may be stored for years or decades before it is accessed. To be sure the data
remains accessible, DEKs may also need to be stored for years or decades. Key management
systems provide life cycle management for all DEKs created by the encryption engine. Key
management systems are provided by third party vendors.
Figure 4
nodes.
Regardless of the length of the life cycle, there are four stages in the life of a DEK, as shown in
Figure
used to encrypt and decrypt data at least once, and possibly many times. A DEK may be configured
to expire in a certain time frame, or it may become compromised. Under those conditions, it must
be used one more time to decrypt the data, and the resulting cleartext is encrypted with a new key
(re-keyed).
Fabric OS Encryption Administrator's Guide
53-1001864-01
shows the relationship of the LAN connections to the key vault and between encryption
Key Management
System
Node 1
EE
FIGURE 4
LAN connections to the key vault, and between encryption nodes
5. A DEK is created by an encryption engine, distributed, and stored in a key vault. The key is
Data encryption key life cycle management
LAN
Management Group
Node 2
Node 3
EE
Group Leader
IO Sync LAN
Node 4
EE
EE
1
9
Advertisement
Table of Contents
Troubleshooting
