18
Steps for connecting to an LKM appliance
Steps for connecting to an LKM appliance
The NetApp Lifetime Key Manager (LKM) resides on an FIPS 140-2 Level 3-compliant network
appliance. The encryption engine and LKM appliance communicate over a trusted link. A trusted
link is a secure connection established between the Encryption switch or blade and the NetApp
LKM appliance, using a shared secret called a link key.
The following configuration steps are performed from the NetApp DataFort Management Console
and from the Management application:
•
•
•
•
•
These steps are described in more detail in the following sections:
•
•
•
•
•
•
•
•
Launching the NetApp DataFort Management Console
The NetApp DataFort Management Console (DMC) must be installed on your PC or workstation to
complete certain procedures described in this chapter. Refer to the appropriate DMC product
documentation for DMC installation instructions. After you install DMC, complete the following
steps:
1. Launch the DMC.
2. Click the Appliance tab on the top panel.
3. Add the NetApp LKM appliance IP address or hostname.
4. Right-click the added IP address and log in to the NetApp LKM key vault.
Establishing the trusted link
You must generate the trusted link establishment package (TEP) on all nodes to obtain a trusted
acceptance package (TAP) before you can establish a trusted link between each node and the
NetApp LKM appliance.
1. Select Configure > Encryption from the menu task bar.
2. The Encryption Center dialog box displays.
448
Install and launch the NetApp DataFort Management Console.
Establish the trusted link.
Obtain and import the LKM certificate.
Export and register encryption node certificates on LKM.
If required, create an LKM cluster for high availability.
"Launching the NetApp DataFort Management Console"
"Establishing the trusted link"
"Obtaining and importing the LKM certificate"
"Exporting and registering the switch KAC certificates on LKM"
"LKM key vault high availability deployment"
"Disk keys and tape pool keys (Brocade native mode support)"
"Tape LUN and DF -compatible tape pool support"
"LKM Key Vault Deregistration"
on page 448
on page 449
on page 451
on page 452
on page 452
on page 448
on page 450
on page 451
Brocade Network Advisor SAN User Manual
53-1002167-01