Lkm/Sskm Key Vault Deregistration; Steps For Connecting To An Eskm/Skm Appliance - Brocade Communications Systems StoreFabric SN6500B User Manual

20

Steps for connecting to an ESKM/SKM appliance

LKM/SSKM key vault deregistration

Deregistration of either the primary or secondary LKM/SSKM key vault from an encryption switch
or blade is allowed independently.
•
•
Steps for connecting to an ESKM/SKM appliance
The ESKM/SKM management web console can be accessed from any web browser with Internet
access to the ESKM/SKM appliance. The URL for the appliance is as follows:
Where:
The following configuration steps are performed from the ESKM/SKM management web console
and from the Management application:
1. Configure a Brocade group on the ESKM/SKM. Refer to
2. Register the Brocade group user name and password on the encryption node. Refer to
3. Set up a local CA on the ESKM/SKM. Refer to
4. Download the CA certificate. Refer to
5. Create and install an ESKM/SKM server certificate. Refer to
554
Deregistration of Primary LKM/SSKM: You can deregister the Primary LKM/SSKM from an
encryption switch or blade without deregistering the backup or secondary LKM/SSKM for
maintenance or replacement purposes. However, when the primary LKM/SSKM is
deregistered, key creation operations will fail until either the primary LKM/SSKM is
reregistered, or the secondary LKM/SSKM is deregistered and reregistered as the primary
LKM/SSKM.
When the primary LKM/SSKM is replaced with a different LKM/SSKM, you must first
synchronize the DEKs from the secondary LKM/SSKM before reregistering the primary
LKM/SSKM.
Deregistration of Secondary LKM/SSKM: You can deregister the secondary LKM/SSKM
independently. Future key operations will use only the primary LKM/SSKM until the secondary
LKM/SSKM is reregistered on the encryption switch or blade.
When the secondary LKM/SSKM is replaced with a different LKM/SSKM, you must first
synchronize the DEKs from the primary LKM/SSKM before reregistering the secondary
LKM/SSKM.
https://<appliance hostname>:<appliance port number>
-
<appliance hostname>
appliance.
-
<appliance port number>
when installing the ESKM/SKM appliance, use that port number.
ESKM/SKM" on page 555.
"Registering the ESKM/SKM Brocade group user name and password"
ESKM/SKM" on page 557.
on page 558.
ESKM/SKM server certificate"
is the hostname or IP address when installing the ESKM/SKM
is 9443 by default. If a different port number was specified
"Setting up the local Certificate Authority (CA) on
"Downloading the local CA certificate from ESKM/SKM"
on page 559.
"Configuring a Brocade group on
on page 556.
"Creating and installing the
Brocade Network Advisor SAN User Manual
53-1002696-01