HP Brocade 8/12c Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864 - Page 187
Steps before configuration download, Configuration download at the encryption group leader
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 187 highlights
Configuration upload and download considerations 5 Steps before configuration download The configuration download does not have any certificates, public or private keys, master key, or link keys included. Perform following steps prior to configuration download to generate and obtain the necessary certificates and keys: 1. Use the following commands to initialize the encryption engine cryptocfg -InitNode cryptocfg -initEE cryptocfg -regEE Initializing the switch generates the following internal certificates: - KAC certificate - CP certificate - FIPS officer and user certificates 2. Import peer nodes/switches certificates onto the switch prior to configuration download. 3. Import key vault certificates onto switch prior to configuration download. 4. Create an encryption group with same name as in configuration upload information for the encryption group leader node. 5. Import Authentication Card Certificates onto the switch prior to configuration download. Configuration download at the encryption group leader The configuration download contains the encryption group-wide configuration information about Crypto Targets, disk and tape LUNs, tape pools, HA clusters, security, and key vaults. The encryption group leader first applies the encryption group-wide configuration information to the local configuration database and then distributes the configuration to all members in the encryption group. Also any layer-2 and switch specific configuration information is applied locally to the encryption group leader. Configuration download at an encryption group member Switch specific configuration information pertaining to the member switch or blade is applied. Information specific to the encryption group leader is filtered out. Fabric OS Encryption Administrator's Guide 169 53-1001864-01