Brocade Communications Systems StoreFabric SN6500B User Manual page 742

20
Viewing and editing switch encryption properties
•
•
694
•
Thales e-Security keyAuthority (TEKA): If an encryption group contains mixed firmware
nodes, the Encryption Group Properties Key Vault Type name is based on the firmware
version of the group leader. For example, If a switch is running Fabric OS 7.1.0 or later,
the Key Vault Type is displayed as "Thales e-Security keyAuthority (TEKA)."If a switch is
running Fabric OS prior to v7.1.0, Key Vault Type is displayed as "Thales Key Manager
(TEMS)".
•
Tivoli Key Lifetime Manager (TKLM)
•
Key Management Interoperability Protocol (KMIP): Any KMIP-compliant server can be
registered as a key vault on the Fabric OS encryption switch after setting the key vault
type to KMIP.
Currently, only KMIP with SafeNet KeySecure for key management (SSKM) native
hosting LKM is supported.
•
Primary Key Vault Link Key Status/Backup Key Vault Link Key Status: Status options are:
•
Not Used: The key vault type is not LKM/SSKM.
•
No Link Keys, ready to establish: No access request has been sent to an LKM/SSKM,
or a previous request was not accepted.
•
Link key requested, waiting for LKM approval: A request has been sent to LKM/SSKM
and is waiting for the LKM/SSKM administrator's approval.
•
Created, not validated: An interim state until first used Link Key valid, online:
(LKM/SSKM only) a shared link key exists and has been successfully used.
•
Primary Key Vault Connection Status/Backup Key Vault Connection Status: Whether the
primary key vault link is connected. Options are:
•
Unknown/Busy
•
Key Vault Not Configured
•
No Response
•
Failed authentication
•
Connected.
•
Key Vault User Name button: (TEKA only.) Launches a dialog box to identify key vault user
information. A user name is automatically generated on the switch side for use in defining
a TEKA client for the switch.
Public Key Certificate Request text box: The switch's KAC certificate signing request, which
must be signed by a certificate authority (CA). The signed certificate must then be imported
onto the switch and onto the primary and backup key vaults.
•
Export button: Exports the public key certificate in CSR format to an external file for signing
by a certificate authority (CA).
•
Import button: Imports a signed public key certificate.
Encryption Engine Properties table: The properties for the encryption engine. There may be
0 to 4 slots, one for each encryption engine in the switch.
•
Current Status: The status of the encryption engine. Many possible values exist. Common
options are:
•
Not Available (the engine is not initialized)
•
Disabled
•
Operational
Brocade Network Advisor SAN User Manual
53-1002696-01