Creating An Skm Or Eskm High Availability Cluster; Copying The Local Ca Certificate - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
4. Click Edit.
5. Configure the KMS Server Settings. Ensure that the port and connection timeout settings are
6. Click Save.
Creating an SKM or ESKM high availability cluster
The HP SKM/ESKM key vault supports clustering of HP SKM/ESKM appliances for high availability.
If two SKM/ESKM key vaults are configured, they must be clustered. If only a single SKM/ESKM
appliance is configured, it may be clustered for backup purposes, but the backup appliance will not
be directly used by the switch. The procedures in this section will establish a cluster configuration
on one SKM/ESKM appliance and then transfer that configuration to the remaining appliances.
•
•
•
To create a cluster, perform the following steps on one of the HP SKM/ESKM appliances that is to
be a member of the cluster.
1. From the SKM/ESKM management console, click the Device tab.
2. In the Device Configuration menu, click Cluster.
3. Select and note the Local IP address. You will need this address when you add an appliance to
4. For Local Port, use the default value of 9001 unless you are explicitly directed to use a
5. Type the cluster password in the Create Cluster section of the main window to create the new
6. Click the Create button.
7.
Copying the local CA certificate
Before adding an SKM/ESKM appliance to a cluster, you must obtain the local CA certificate from
the original SKM/ESKM or from an SKM/ESKM that is already in the cluster.
1. Select the Security tab.
2. Select Local CAs under Certificates & CAs.
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
A warning message might display explaining that if you disable SSL, you must have TLS
enabled for your web browser.
9000 and 3600, respectively. For Server Certificate, select the name of the certificate you
created in
"Creating and installing the SKM or ESKM server certificate"
Create the cluster on one SKM/ESKM appliance that is to be a member of the cluster.
Copy the local CA certificate from the first SKM/ESKM appliance or an existing cluster
member.
Paste the local CA certificate it into the management console for each of the SKM/ESKM
appliances added to the cluster.
The Create Cluster section displays.
the cluster.
different value for your site.
cluster.
In the Cluster Settings section of the window, click Download Cluster Key and save the key to a
convenient location, such as your computer's desktop. The cluster key is a text file and is only
required temporarily. It should be deleted from your computer's desktop after all SKM/ESKM
appliances have been added to the cluster.
Steps for connecting to an SKM or ESKM appliance
3
on page 139.
141
Advertisement
Table of Contents
Troubleshooting
