Creating An Eskm/Skm High Availability Cluster - Brocade Communications Systems StoreFabric SN6500B User Manual

20
Steps for connecting to an ESKM/SKM appliance
17. Select the server certificate name you just created from the certificate list, and select
18. Click Install Certificate.
19. Paste the signed certificate data you copied under Certificate Response, then click Save.
Enabling SSL on the Key Management System (KMS) Server
The KMS Server provides the interface to the client. Secure Sockets Layer (SSL) must be enabled
on the KMS Server before this interface will operate. After SSL is enabled on the first appliance, it
will be enabled automatically on the other cluster members.
To configure and enable SSL, complete the following steps:
1. Select the Device tab.
2. In the Device Configuration menu, click KMS Server to display the Key Management Services
3. In the KMS Server Settings section of the window, click Edit.
4. Configure the KMS Server Settings. Ensure that the port and connection timeout settings are
5. Click Save.

Creating an ESKM/SKM High Availability cluster

The HP ESKM/SKM key vault supports clustering of HP ESKM/SKM appliances for high availability.
If two ESKM/SKM key vaults are configured, they must be clustered. If only a single ESKM/SKM
appliance is configured, it may be clustered for backup purposes, but the backup appliance will not
be directly used by the switch. The procedures in this section will establish a cluster configuration
on one ESKM/SKM appliance and then transfer that configuration to the remaining appliances.
•
•
•
To create a cluster, complete the following steps on one of the HP ESKM/SKM appliances that is to
be a member of the cluster:
1. From the ESKM/SKM management console, click the Device tab.
2. In the Device Configuration menu, click Cluster.
3. Select and note the Local IP address. You will need this address when you add an appliance to
560
Properties.
The Certificate Request Information window displays.
The Certificate Installation window displays.
The status of the server certificate should change from Request Pending to Active.
Configuration window.
9000 and 3600, respectively. For Server Certificate, select the name of the certificate you
created in "Creating and installing the ESKM/SKM server certificate"
Create the cluster on one ESKM/SKM appliance that is to be a member of the cluster.
Copy the local CA certificate from the first ESKM/SKM appliance or an existing cluster
member.
Paste the local CA certificate into the management console for each of the ESKM/SKM
appliances added to the cluster.
The Create Cluster section displays.
the cluster.
on page 559.
Brocade Network Advisor SAN User Manual
53-1002696-01