Rkm Key Vault High Availability Deployment - Brocade Communications Systems Brocade BladeSystem 4/24 User Manual

18
9. For each encryption node, create an identity as follows.

RKM key vault high availability deployment

When dual RKM appliances are used for high availability, the RKM appliances must be clustered,
and must operate in maximum availability mode, as described in the RKM appliance user
documentation.
When dual RKM appliances are clustered, they are accessed using an IP load balancer. For a
complete high availability deployment, the multiple IP load balancers are clustered, and the IP load
balancer cluster exposes a virtual IP address called a floating IP address. The floating IP address
must be registered on the Brocade encryption group leader.
The secondary RKM appliance must not be registered, and also individual RKM appliance IP
addresses must not be registered.
466
kcn.1998-01.com.brocade:DEK_AES_256_ECB
a. Click Create.
b. Type the key name string into the Name field.
c. Select Hardware Retail Group for Identity Group.
d. Deselect Activated Keys Have Duration.
e. Select AES for Algorithm.
f. Select 256 for Key Size.
g. Select the Mode for the respective key classes as follows:
XTS for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_XTS"
CBC for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_CCM"
CBC for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_GCM"
ECB for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_ECB"
h. Click Next.
i. Repeat a. through h. for each key class.
j. Click Finish.
a. Select the Identities tab.
b. Click Create.
c. Enter a label for the node in the Name field. This is a user-defined identifier.
d. Select the Hardware Retail Group in the Identity Groups field.
e. Select the Operational User role in the Authorization field.
f. Click Browse and select the imported certificate as the Identity certificate.
g. Click Save.
DCFM Professional Plus User Manual
53-1001774-01