Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario Pagina 79
- Pagina / 322
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Fabric OS Encryption Administrator’s Guide (KMIP) 61
53-1002747-02
Adding a switch to an encryption group
2
3. Register the key vault. BNA registers the key vault using the cryptocfg --reg keyvault
command.
4. Enable the encryption engines. BNA initializes an encryption switch using the cryptocfg
--
initEE [<slotnumber>] and cryptocfg --regEE [<slotnumber>] commands.
5. Create a new master key. (Opaque key vaults only). BNA checks for a new master key. New
master keys are generated from the Security tab located in the Encryption Group Properties
dialog box.
NOTE
A master key is not generated if the key vault type is LKM. LKM manages DEK exchanges
through a trusted link, and the LKM appliance uses its own master key to encrypt DEKs.
6. Save the switch’s public key certificate to a file. BNA saves the KAC certificate in the specified
file.
7. Back up the master key to a file. (Opaque key vaults only). BNA saves the master key in the
specified file.
Adding a switch to an encryption group
The setup wizard allows you to either create a new encryption group, or add an encryption switch to
an existing encryption group. Use the following procedure to add a switch to an encryption group:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box (Refer to Figure 6 on page 14).
2. Select a switch to add from the Encryption Center Devices table, then select Switch >
Create/Add to Group from the menu task bar.
NOTE
The switch must not already be in an encryption group.
The Configure Switch Encryption wizard welcome screen displays (Figure 53).
- Fabric OS Encryption 1
- Document History 2
- Contents 3
- 53-1002747-02 10
- About This Document 13
- What’s new in this document 14
- Document conventions 14
- Command syntax conventions 15
- Notes, cautions, and warnings 15
- Additional information 16
- Getting technical help 17
- Document feedback 18
- Encryption Overview 19
- Terminology 20
- The Brocade Encryption Switch 22
- The FS8-18 blade 23
- FIPS mode 23
- Performance licensing 23
- Usage limitations 24
- FIGURE 2 Encryption overview 25
- FIGURE 3 Frame redirection 26
- IO Sync LAN 27
- FIGURE 5 DEK life cycle 28
- Master key management 29
- Support for virtual fabrics 29
- Encryption Center features 32
- Encryption user privileges 33
- Smart card usage 34
- Using system cards 39
- Deregistering system cards 41
- Using smart cards 41
- Tracking smart cards 41
- Editing smart cards 43
- Network connections 44
- Blade processor links 45
- (KAC) certificate 46
- -----BEGIN CERTIFICATE 54
- Encryption preparation 67
- Creating an encryption group 68
- Protocol (KMIP) 73
- --initnode command 78
- --reg keyvault 79
- Error Instructions dialog box 84
- Creating HA clusters 87
- Failback option 89
- Invoking failback 89
- Adding an encryption target 90
- 4. Click Next 91
- FIGURE 70 Next Steps screen 97
- Configuring storage arrays 105
- Moving Targets 108
- Tape LUN statistics 111
- Encryption engine rebalancing 116
- Master keys 117
- Master key actions 118
- Active master key 118
- Alternate master key 118
- ATTENTION 120
- Creating a master key 126
- Security Settings 127
- Setting zeroization 128
- Redirection zones 130
- Disk device decommissioning 130
- Decommissioning disk LUNs 131
- Displaying Universal IDs 133
- Setting disk LUN Re-key All 134
- Thin provisioned LUNs 138
- Thin provisioning support 139
- General tab 146
- Members tab 148
- Members tab Remove button 150
- Security tab 151
- HA Clusters tab 153
- Tape Pools tab 155
- Adding tape pools 156
- Engine Operations tab 157
- TABLE 3 Encryption acronyms 158
- In this chapter 159
- Overview 160
- Command validation checks 160
- (Continued) 162
- Cryptocfg Help command output 163
- Management LAN configuration 164
- Configuring cluster links 164
- Node is a group leader node 166
- Node is a member node 166
- Setting FIPS compliance 168
- Creating a local CA 168
- Creating a server certificate 168
- Creating a cluster 168
- Backing up the certificates 169
- Configuring the KMIP server 169
- Adding a node to the cluster 169
- KeySecure) 170
- Register the KAC certificate 174
- Verify connectivity 174
- • Node CP certificate 175
- • cryptocfg --initEE 178
- • cryptocfg --regEE 178
- • cryptocfg --enableEE 178
- High availability clusters 182
- Creating an HA cluster 183
- Policy Configuration Examples 186
- Re-exporting a master key 187
- Viewing the master key IDs 188
- Zoning considerations 191
- Frame redirection zoning 192
- Gathering information 196
- Crypto LUN configuration 200
- Discovering a LUN 201
- Configuring a Crypto LUN 201
- LUN parameters and policies 204
- Configuring a tape LUN 205
- Decommissioning LUNs 213
- Tape pool configuration 218
- CommVault Galaxy labeling 219
- NetBackup labeling 219
- NetWorker labeling 219
- Creating a tape pool 220
- Deleting a tape pool 221
- Modifying a tape pool 221
- First-time encryption 222
- Space reclamation 224
- Data rekeying 225
- Deployment Scenarios 229
- Virtual 231
- --rdcreate [host wwn] 239
- FIGURE 129 FCIP deployment 241
- VMware ESX server deployments 242
- General guidelines 246
- HP-UX considerations 250
- AIX Considerations 251
- Enabling a disabled LUN 251
- Disk metadata 251
- Tape metadata 252
- Tape data compression 252
- Tape pools 252
- Tape block zero handling 253
- Tape key expiry 253
- PID failover 256
- Key Vault Best Practices 260
- Tape Device LUN Mapping 260
- Deleting an encryption group 265
- Removing an HA cluster member 265
- Deleting an HA cluster member 269
- Failover/failback example 270
- Recovery 271
- -hbmisses and -hbtimeout 276
- Key vault diagnostics 282
- --perfshow 283
- -portperfshow 283
- Command Activity 285
- Problem Resolution 285
- General errors and conditions 286
- LUN policy troubleshooting 293
- MPIO and internal LUN states 295
- Multi-node EG replacement 296
- Single-node EG replacement 298
- Multi-node EG Case 299
- Single-node EG Replacement 302
- Encryption group Nodes 306
- State and Status Information 309
- Security processor KEK status 310
- Encrypted LUN states 310
- TABLE 21 Tape LUN states 313
Relacionado con productos y manuales para Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support
Accesorios De Computador Brocade Fabric OS Feature Support Matrix (Supporting Fabri Manual de usuario
(12 paginas)
(12 paginas)
Accesorios De Computador Brocade Fabric OS Command Reference (Supporting Fabric OS Manual de usuario
(127 paginas)
(127 paginas)
Accesorios De Computador Brocade Fabric OS Software Licensing Guide (Supporting Fab Manual de usuario
(58 paginas)
(58 paginas)
Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario
(300 paginas)
(300 paginas)
Accesorios De Computador Brocade Fabric OS Upgrade Guide (Supporting Fabric OS v7.3 Manual de usuario
(34 paginas)
(34 paginas)
Accesorios De Computador Brocade Fabric OS Troubleshooting and Diagnostics Guide (S Manual de usuario
(130 paginas)
(130 paginas)
Accesorios De Computador Brocade Fabric Watch Administrators Guide (Supporting Fabr Manual de usuario
(116 paginas)
(116 paginas)
Accesorios De Computador Brocade Flow Vision Administrators Guide (Supporting Fabri Manual de usuario
(90 paginas)
(90 paginas)
Accesorios De Computador Brocade Monitoring and Alerting Policy Suite Administrator Manual de usuario
(114 paginas)
(114 paginas)
Accesorios De Computador Brocade EZSwitchSetup Administrator’s Guide (Supporting 30 Manual de usuario
(64 paginas)
(64 paginas)
Accesorios De Computador Brocade FICON Administrator’s Guide (Supporting Fabric OS Manual de usuario
(126 paginas)
(126 paginas)
Accesorios De Computador Brocade Web Tools Administrators Guide (Supporting Fabric Manual de usuario
(274 paginas)
(274 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.057 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales