Brocade Communications Systems StoreFabric SN6500B User Manual page 748

20
Viewing and editing encryption group properties
700
•
Backup Key Vault Connection Status: The status of the backup key vault link. Options are:
•
Connected
•
Unknown/Busy
•
Not configured
•
Not responding
•
Failed authentication
•
High Availability Mode: (For KMIP key vault only.) Options are:
•
Opaque: Both the primary and secondary key vaults are registered on the Fabric OS
encryption switch. The client archives the key to a single (primary) key vault. For disk
operations, an additional key hardening check is done on the secondary key vault
before the key is used for encryption.
•
Transparent: A single key vault should be registered on the Fabric OS encryption
switch. The client assumes the entire HA is implemented on the key vault. Key archival
and retrieval is done to the KMIP without any additional key hardening checks.
•
No HA: Both the primary and secondary key vaults are registered on the Fabric OS
encryption switch. The client archives keys to both key vaults and ensures that the
archival is successful before the key is used for encryption.
•
None: High availability is not configured.
•
Not Applicable: Displays if your selected key vault type is not KMIP.
•
User Authentication: (For KMIP key vault only.) The methods used to authenticate a user.
Options are:
•
Username and Password: Activates the Primary and Backup Key Vault User Names
and password fields for completion.
•
Username: Activates the Primary and Backup Key Vault User Names for completion.
•
None: Deactivates Primary and Backup Key Vault User Names and password fields.
•
Not Applicable: Displays if your selected key vault type is not KMIP.
•
Certificate Type: (For KMIP key vault only.) Displays the TLS certificate type used between
the Fabric OS encryption switch and the key vault. Options are:
•
CA Signed: The Fabric OS encryption switch KAC certificate is signed by a CA, imported
back on the Fabric OS encryption switch and registered as a KAC certificate. The CA
will be registered as a key vault certificate on the Fabric OS encryption switch.
•
Self Signed: The self-signed certificates are exchanged and registered on both ends.
The key vault certificate is registered on the Fabric OS encryption switch and the
Fabric OS encryption switch KAC certificate is registered on the key vault.
•
Not Applicable: Displays if your selected key vault type is not KMIP.
•
Vendor Name: (For KMIP key vault only.) Displays the supported key vendor server. The
vendor name will display the connected key vault through KMIP. Displays as Not Applicable
if your selected key vault type is not KMIP.
•
Primary Key Vault Certificate table: Displays the details of the primary vault certificate; for
example, version and signature information. The Load from File button allows you to locate
and load a primary key vault certificate from a different location.
•
Backup Key Vault Certificate table: Displays the details of the backup vault certificate; for
example, version and signature information. The Load from File button allows you to locate
and load a backup key vault certificate from a different location.
Brocade Network Advisor SAN User Manual
53-1002696-01