Key Management Systems; Master Key Management; Master Key Generation; Master Key Backup - Brocade Communications Systems 1606 Administrator's Manual

Key management systems

Key management systems are available from several vendors. This release supports the following
leading key management systems:
•
•
•
•

Master key management

Communications with opaque key vaults are encrypted using a master key that is created by the
encryption engine on the encryption switch. Currently, this includes the key vaults of all supported
key management systems except NetApp LKM.

Master key generation

A master key must be generated by the group leader encryption engine. The master key can be
generated once by the group leader, and propagated to the other members of an encryption group.

Master key backup

It is essential to back up the master key immediately after it is generated. The master key may be
backed up to any of the following,
•
•
•
The use of smart cards provides the highest level of security. When smart cards are used, the key is
split and written on up to five cards, and the cards may be kept and stored by up to five individuals,
and all are needed to restore the master key.
Fabric OS Encryption Administrator's Guide
53-1001864-01
The NetApp LIfetime Key Manager (LKM) version 4.0 or later.
The RSA Key Manager (RKM) version 2.1.3 or later, available through EMC.
The HP Secure Key Manager (SKM) version 1.1 or later, available through Hewlett Packard.
The Thales Encryption Manager for Storage (TEMS).
To a file as an encrypted key.
To the key management system as an encrypted key record.
To a set of recovery smart cards. This option is only available if the switch is managed by the
Data Center Fabric Manager (DFCM), and if a card reader is available for attachment to the
DCFM workstation.

Key management systems

1
11