Steps For Connecting To A Dpm Appliance; Exporting The Kac Certificate Signing Request (Csr) - Brocade Communications Systems StoreFabric SN6500B User Manual

20

Steps for connecting to a DPM appliance

Steps for connecting to a DPM appliance
All switches that you plan to include in an encryption group must have a secure connection to the
RSA Data Protection Manager (DPM). The following is a suggested order of steps needed to create
a secure connection to the DPM.
NOTE
The Fabric OS encryption switch uses the manual enrollment of identities with client registration to
connect with DPM 3.x servers. Client registration is done automatically when you upgrade to
Fabric OS 7.1.0 from an earlier version; no user interaction is required.
Once completed, client registration occurs after key vault registration, when the Fabric OS
encryption switch attempts to connect to the DPM server for the first time.
1. Export the KAC CSR to a location accessible to a CA for signing. Refer to
2. Submit the KAC CSR for signing by a CA. Refer to
3. Set the KAC certificate registration expiry. Refer to
4. Import the signed certificate into the Fabric OS encryption node. Refer to
5. Upload the signed KAC and CA certificates onto the DPM appliance and select the appropriate
6. If dual DPM appliances are used for high availability, the DPM appliances must be clustered,

Exporting the KAC certificate signing request (CSR)

1. Export the KAC CSR to a temporary location prior to submitting the KAC CSR to a CA for signing.
2. Synchronize the time on the switch and the key manager appliance. Time settings should be
3. Select a switch from the Encryption Center Devices table, then select Switch > Properties from
544
certificate signing request (CSR)"
on page 545.
page 545.
KAC certificate" on page 546.
key classes. Refer to the following:
•
"Uploading the CA certificate onto the DPM appliance (and first-time configurations)"
page 546.
•
"Uploading the KAC certificate onto the DPM appliance (manual identity enrollment)"
page 548.
and must operate in maximum availability mode, as described in the DPM appliance user
documentation. Refer to "DPM key vault high availability deployment"
within one minute of each other. Differences in time can invalidate certificates and cause key
vault operations to fail.
the menu task bar to display the Properties dialog box.
NOTE
You can also select a switch from the Encryption Center Devices table, then click the
Properties icon.
on page 544.
"Submitting the CSR to a certificate authority"
"KAC certificate registration expiry"
Brocade Network Advisor SAN User Manual
"Exporting the KAC
on
"Importing the signed
on
on
on page 548.
53-1002696-01