Table of Contents
Advertisement
Figure 14. Encryption configuration
If you have purchased the recommended optional Smart card FRU for additional
encryption security management, see the "Smart card usage" section of the Fabric
OS Encryption Administrator's Guide Supporting Tivoli Key Lifecycle Manager (TKLM)
Environments for information on using that functionality.
Avoid double encryption
Encryption and decryption at the storage device level does not affect the
encryption switch or blade capabilities, and does not cause problems with
decrypting the data. However, double encryption adds the unnecessary need to
manage two sets of encryption keys, increases the risk of losing data, may reduce
performance, and does not add security.
Managing license keys (optional)
Depending on what has been ordered, certain licenses are factory-installed on the
switch. Feature licenses might be included as a paperpack item in the switch
shipping carton. This paperpack provides you with keys to unlock the features.
You can also purchase licenses separately from IBM.
Attention:
paperpack are required for activation of optional features on the switch. After a
feature is activated, its activation key is associated with a specific product WWN
and serial number.
Encryption Configuration
Pre-initialization setup
Generate critical security parameters
and certificates
Load and set up certificates
Establish Trusted Link (LKM
appliance)
Node (switch)
Configure global parameters and
level
policies of encryption group
Generate and back-up master key in
RSA environments
Key Vault high availability handling
Configure cluster interconnect
Encryption group configuration
Crypto target container configuration
Encryption
group level
Crypto LUN (disk) configuration
Crypto tape configuration
Other configuration
Retain this paperpack in a safe place. The transaction keys in the
Chapter 2. Installing and configuring the switch
27
Advertisement
Table of Contents
