Steps For Connecting To A Kmip Appliance (Safenet Keysecure) - Brocade Communications Systems StoreFabric SN6500B User Manual

20

Steps for connecting to a KMIP appliance (SafeNet KeySecure)

Steps for connecting to a KMIP appliance (SafeNet KeySecure)
With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP)
KeySecure Management Console can be used on the Fabric OS encryption switch. Any
KMIP-compliant server can be reregistered as a KMIP key vault.
NOTE
Currently, only KMIP with SafeNet KeySecure for Key Management (SSKM) native hosting LKM is
supported.
After installing the SafeNet KeySecure appliance (also referred to as KeySecure), you must
complete the following steps before the Fabric OS encryption switch can be configured with the
KeySecure. These steps must be performed only once.
NOTE
If you are configuring two Key Server nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.
The following is a suggested order of steps that must be completed to create a secure connection
to the SafeNet KeySecure.
1. Set FIPS compliance. Refer to
2. Create a local CA. Refer to
3. Create a server certificate. Refer to
4. Create a cluster. Refer to
5. Export and sign the encryption node certificate signing requests. Refer to
6. Import the signed certificates into the encryption node. Refer to
7.
8. Configure the KMIP server. Refer to
9. Add a secondary node to the cluster. Refer to
574
"Creating a cluster"
encryption node KAC CSR on KMIP"
certificate into a switch" on page 585.
Back up the certificates Refer to
"Setting FIPS compliance"
"Creating a local CA" on page 576.
"Creating a server certificate"
on page 582.
on page 584.
"Backing up the certificates"
"Configuring the KMIP server"
"Adding a node to the cluster"
on page 575.
on page 577.
"Signing the
"Importing a signed KAC
on page 586.
on page 588.
on page 589.
Brocade Network Advisor SAN User Manual
53-1002696-01