20
Steps for connecting to a DPM appliance
Uploading the KAC certificate onto the DPM appliance (manual identity
enrollment)
NOTE
The Fabric OS encryption switch will not use the Identity Auto Enrollment feature supported with
DPM 3.x servers. You must complete the identity enrollment manually to configure the DPM 3.x
server with the Fabric OS encryption switch as described in this section.
You need to install the switch public key certificate (KAC certificate). For each encryption node,
manually create an identity as follows:
1.
2. Click Create.
3. Enter a label for the node in the Name field. This is a user-defined identifier.
4. Select the Hardware Retail Group in the Identity Groups field.
5. Select the Operational User role in the Authorization field.
6. Click Browse and select the imported certificate as the Identity certificate.
7.
The CA certificate file referenced in the SSLCAcertificateFile field (refer to
and registered on the switch designated as an encryption group leader. You may want to note this
location before proceeding to
page 548.
DPM key vault high availability deployment
When dual DPM appliances are used for high availability, the DPM appliances must be clustered
and must operate in maximum availability mode, as described in the DPM appliance user
documentation.
When dual DPM appliances are clustered, they are accessed using an IP load balancer. For a
complete high availability deployment, the multiple IP load balancers are clustered, and the IP load
balancer cluster exposes a virtual IP address called a floating IP address. The floating IP address
must be registered on the encryption group leader.
Neither the secondary DPM appliance nor individual DPM appliance IP addresses should be
registered.
Loading the CA certificate onto the encryption group leader
The certificate for the CA that signed the switch KAC CSRs must be loaded onto the encryption
group leader. The group leader can then distribute the CA certificate to the encryption group
members.
1. From the Encryption Center, select a group from the Encryption Center Devices table, then
548
Select the Identities tab.
Click Save.
select Group > Properties from the menu task bar to display the Encryption Group Properties
dialog box. The General tab is selected
If groups are not visible in the Encryption Devices table, select View > Groups from the menu
bar.
"Loading the CA certificate onto the encryption group leader"
(Figure
195).
step
4) must be imported
Brocade Network Advisor SAN User Manual
53-1002696-01
on