HP Brocade 8/12c Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864 - Page 34
Smart card usage, Registering authentication cards from a card reader
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 34 highlights
2 Smart card usage Smart card usage Smart Cards are credit card-sized cards that contain a CPU and persistent memory. Smart cards can be used as security devices. You must have Storage Encryption Security user privileges to activate, register, and configure smart cards. Smart cards can be used to do the following: • Control user access to the Management application security administrator roles. • Control activation of encryption engines. • Securely store backup copies of master keys. Smart card readers provide a plug-and-play interface to read and write to a smart card. The following smart card readers are supported: • GemPlus GemPC USB http://www.gemalto.com/readers/index.html • SCM MicrosystemsSCR331 http://www.scmmicro.com/security/view_product_en.php?PID=2 See the following procedures for instructions about how to manage smart cards: • "Registering authentication cards from a card reader" on page 16 • "Registering system cards from a card reader" on page 19 • "Tracking smart cards" on page 20 • "Saving a master key to a smart card set" on page 65 • "Restoring a master key from a smart card set" on page 69 Registering authentication cards from a card reader When authentication cards are used, one or more authentication cards must be read by a card reader attached to a Management application PC to enable certain security sensitive operations. These include the following: • Master key generation, backup, and restore operations. • Replacement of authentication card certificates. • Enabling and disabling the use of system cards. • Changing the quorum size for authentication cards. • Establishing a trusted link with the NetApp LKM key manager. • Decommissioning LUNs. To register an authentication card or a set of authentication cards from a card reader, have the cards physically available. Authentication cards can be registered during encryption group or member configuration when running the configuration wizard, or they can be registered using the following procedure. 1. Select Configure > Encryption from the menu bar. The Encryption Center dialog box displays. 2. Select an encryption group, and select Security Settings. 16 Fabric OS Encryption Administrator's Guide 53-1001864-01