Master Keys; Active Master Key; Alternate Master Key - Brocade Communications Systems Brocade BladeSystem 4/24 User Manual

Supporting dcfm 10.4.x
Hide thumbs Also See for Brocade BladeSystem 4/24:
Table of Contents

Advertisement

18
To rebalance an encryption engine, do the following.
1. Select Configure > Encryption from the menu bar.
2. Select an encryption engine and select Engine > Re-Balance from the menu bar, or right click
3. Click Yes to begin re-balancing.

Master keys

When an opaque key vault is used, a master key is used to encrypt the data encryption keys. The
master key status indicates whether a master key is used and whether it has been backed up.
Encryption is not allowed until the master key has been backed up.
Only the active master key can be backed up, and multiple backups are recommended. You can
back up or restore the master key to the key vault, to a file, or to a recovery card set. A recovery
card set is set of smart cards. Each recovery card holds a portion of the master key. The cards must
be gathered and read together from a card reader attached to a PC running the Management
application to restore the master key.
NOTE
It is very important to back up the master key because if the master key is lost, none of the data
encryption keys can be restored and none of the encrypted data can be decrypted.

Active master key

The active master key is used to encrypt newly-created data encryption keys (DEKs) prior to
sending them to a key vault to be stored. You can restore the active master key under the following
conditions:

Alternate master key

The alternate master key is used to decrypt data encryption keys that were not encrypted with the
active master key. Restore the alternate master key for the following reasons:
522
The Encryption Center dialog box displays.
on the encryption engine, and select Re-Balance.
A warning message displays, cautioning you about the potential disruption of disk and tape
I/O, and telling you that the operation may take several minutes.
The active master key has been lost, which happens if all encryption engines in the group have
been zeroized or replaced with new hardware at the same time.
You want multiple encryption groups to share the same active master key. Groups should share
the same master key if the groups share the same key vault and tapes (or disks) are going to
be regularly exchanged between the groups.
To read an old tape that was created when the group used a different active master key.
To read a tape (or disk) from a different encryption group that uses a different active master
key.
DCFM Professional Plus User Manual
53-1001774-01

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Dcfm professional plus

Table of Contents