HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 149
on and register SKM as the key vault. The group leader automatically
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 149 highlights
Steps for connecting to an SKM or ESKM appliance 3 The switch on which you create the encryption group becomes the designated group leader. Once you have created an encryption group, all group-wide configurations, including key vault configuration, adding member nodes, configuring failover policy settings, and setting up storage devices, as well as all encryption management operations, are performed on the group leader. 3. Set the key vault type for SKM/ESKM by entering the cryptocfg --set -keyvault command. Successful execution sets the key vault type for the entire encryption group. The following example sets the key vault type to SKM, which is the selection also used for ESKM. SecurityAdmin:switch>cryptocfg --set -keyvault SKM Set key vault status: Operation Succeeded. 4. Import the CA certificate from the download location used when "Downloading the local CA certificate" on page 121, and register SKM as the key vault. The group leader automatically shares this information with other group members. SecurityAdmin:switch>cryptocfg --import -scp SecurityAdmin:switch>cryptocfg --reg -keyvault primary At this point, it may take around one minute to fully configure the switch with SKM/ESKM. 5. As the switches come up, enable the encryption engines. SecurityAdmin:switch>cryptocfg --enableEE Operation succeeded. 6. Use the cryptocfg - - show groupcfg command to verify that the key vault state is Connected. Mace_127:admin> cryptocg --show groupcfg rbash: cryptocg: command not found Mace_127:admin> cryptocfg --show -groupcfg Encryption Group Name: mace127_mace129 Failback mode: Auto Replication mode: Disabled Heartbeat misses: 3 Heartbeat timeout: 2 Key Vault Type: SKM System Card: Disabled Primary Key Vault: IP address: Certificate ID: Certificate label: State: Type: 10.32.53.55 Brocade skmcert Connected SKM Secondary Key Vault not configured Additional Key Vault/Cluster Information: Key Vault/CA Certificate Validity: Port for Key Vault Connection: Time of Day on Key Server: Server SDK Version: Yes 9000 2010-03-17 17:51:31 4.8.1 Encryption Node (Key Vault Client) Information: Node KAC Certificate Validity: Yes Time of Day on the Switch: 2010-03-17 17:22:05 Fabric OS Encryption Administrator's Guide 129 53-1002159-03