HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 244
Key vault connectivity, Key Vault client SDK version
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 244 highlights
6 Key vault diagnostics If an encryption switch is part of an EG, the diagnostic testing is performed on that switch only and not the entire group. If multiple nodes in an encryption group have different Fabric OS versions, only those nodes running Fabric OS 7.0.0 and later can be configured for periodic key vault diagnostic testing. You can set the diagnostic tests to run at regular intervals. When incidents occur, the findings are collected in log reports. The first instance of a failure and subsequent restoration of operation is reported as a Remote Access Server (RAS) log. Subsequent findings for the same incident are not logged to avoid redundant messages. Key vault connectivity Key vault connectivity is adiagnostics feature that allows you to periodically collect information about the state of key vault connectivity from the Brocade Encryption Switch and possible version, configuration, or cluster information of the key vault (KV). This feature reports the following types of configuration information: • Key Vault/Cluster scope: • CA Certificate and its validity (for example, valid header and expiry date) • Key Vault IP/Port • KV firmware version • Time of day on the KV • Key class and format on the KV configured for the user group • Client session timeout • Encryption node scope • Node KAC certificate and its validity (for example, valid header and expiry date) • Username/password • User group • Time of day on the switch • Key Vault client SDK version • Timeout and retry policy for the client SDK The key vault client SDK version, and timeout and retry policy for the client SDK could differ across encryption nodes, depending on the firmware versions they are running. This feature also reports the results of a vault connectivity check and the results of a validation check on key operations. These results are specific to each encryption node. The operations done as part of this are: • Connects to the key vault and performs a connectivity check, reports any possible issues in case of failure, for example, certificate issues, username or password issues, or connectivity issues. • Attempts to retrieve a key and indicates any possible issues in case of failure. • Attempts to store a key on the vault and indicates any possible issues in case of failure. • Verifies if a key written is synchronized across the vaults in a cluster. 224 Fabric OS Encryption Administrator's Guide 53-1002159-03