Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál Strana 177
- Strana / 322
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Fabric OS Encryption Administrator’s Guide (KMIP) 159
53-1002747-02
Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)
3
The following example creates the encryption group "brocade".
SecurityAdmin:switch> cryptocfg --create -encgroup brocade
Encryption group create status: Operation Succeeded.
The switch on which you create the encryption group becomes the designated group leader. Once
you have created an encryption group, all group-wide configurations, including key vault
configuration, adding member nodes, configuring failover policy settings, and setting up storage
devices, as well as all encryption management operations, are performed on the group leader.
3. Set the key vault type for KMIP by entering the cryptocfg
--set -keyvault command.
Successful execution sets the key vault type for the entire encryption group. The following
example sets the key vault type to KMIP.
SecurityAdmin:switch> cryptocfg --set -keyvault KMIP
Set key vault status: Operation Succeeded.
4. Import the CA certificate from the download location and register KMIP as the key vault. The
group leader automatically shares this information with other group members.
SecurityAdmin:switch> cryptocfg --import -scp <CA certificate file>
<host IP> <host username> <host path>
SecurityAdmin:switch> cryptocfg --reg -keyvault <CA certificate file>
<KMIP IP> primary
At this point, it may take about one minute to fully configure the switch with KMIP.
5. As the switches come up, enable the encryption engines.
SecurityAdmin:switch> cryptocfg --enableEE
Operation succeeded.
6. Use the cryptocfg --show groupcfg command to verify that the key vault state is Connected.
Mace_127:admin> cryptocg --show groupcfg
rbash: cryptocg: command not found
Mace_127:admin> cryptocfg --show -groupcfg
Encryption Group Name: mace127_mace129
Failback mode: Auto
Replication mode: Disabled
Heartbeat misses: 3
Heartbeat timeout: 2
Key Vault Type: KMIP
System Card: Disabled
Primary Key Vault:
IP address: 10.32.53.55
Certificate ID: Brocade
Certificate label: KMIPcert
State: Connected
Type: KMIP
Secondary Key Vault not configured
Additional Key Vault/Cluster Information:
Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: 9000
Time of Day on Key Server: 2010-03-17 17:51:31
- Fabric OS Encryption 1
- Document History 2
- Contents 3
- 53-1002747-02 10
- About This Document 13
- What’s new in this document 14
- Document conventions 14
- Command syntax conventions 15
- Notes, cautions, and warnings 15
- Additional information 16
- Getting technical help 17
- Document feedback 18
- Encryption Overview 19
- Terminology 20
- The Brocade Encryption Switch 22
- The FS8-18 blade 23
- FIPS mode 23
- Performance licensing 23
- Usage limitations 24
- FIGURE 2 Encryption overview 25
- FIGURE 3 Frame redirection 26
- IO Sync LAN 27
- FIGURE 5 DEK life cycle 28
- Master key management 29
- Support for virtual fabrics 29
- Encryption Center features 32
- Encryption user privileges 33
- Smart card usage 34
- Using system cards 39
- Deregistering system cards 41
- Using smart cards 41
- Tracking smart cards 41
- Editing smart cards 43
- Network connections 44
- Blade processor links 45
- (KAC) certificate 46
- -----BEGIN CERTIFICATE 54
- Encryption preparation 67
- Creating an encryption group 68
- Protocol (KMIP) 73
- --initnode command 78
- --reg keyvault 79
- Error Instructions dialog box 84
- Creating HA clusters 87
- Failback option 89
- Invoking failback 89
- Adding an encryption target 90
- 4. Click Next 91
- FIGURE 70 Next Steps screen 97
- Configuring storage arrays 105
- Moving Targets 108
- Tape LUN statistics 111
- Encryption engine rebalancing 116
- Master keys 117
- Master key actions 118
- Active master key 118
- Alternate master key 118
- ATTENTION 120
- Creating a master key 126
- Security Settings 127
- Setting zeroization 128
- Redirection zones 130
- Disk device decommissioning 130
- Decommissioning disk LUNs 131
- Displaying Universal IDs 133
- Setting disk LUN Re-key All 134
- Thin provisioned LUNs 138
- Thin provisioning support 139
- General tab 146
- Members tab 148
- Members tab Remove button 150
- Security tab 151
- HA Clusters tab 153
- Tape Pools tab 155
- Adding tape pools 156
- Engine Operations tab 157
- TABLE 3 Encryption acronyms 158
- In this chapter 159
- Overview 160
- Command validation checks 160
- (Continued) 162
- Cryptocfg Help command output 163
- Management LAN configuration 164
- Configuring cluster links 164
- Node is a group leader node 166
- Node is a member node 166
- Setting FIPS compliance 168
- Creating a local CA 168
- Creating a server certificate 168
- Creating a cluster 168
- Backing up the certificates 169
- Configuring the KMIP server 169
- Adding a node to the cluster 169
- KeySecure) 170
- Register the KAC certificate 174
- Verify connectivity 174
- • Node CP certificate 175
- • cryptocfg --initEE 178
- • cryptocfg --regEE 178
- • cryptocfg --enableEE 178
- High availability clusters 182
- Creating an HA cluster 183
- Policy Configuration Examples 186
- Re-exporting a master key 187
- Viewing the master key IDs 188
- Zoning considerations 191
- Frame redirection zoning 192
- Gathering information 196
- Crypto LUN configuration 200
- Discovering a LUN 201
- Configuring a Crypto LUN 201
- LUN parameters and policies 204
- Configuring a tape LUN 205
- Decommissioning LUNs 213
- Tape pool configuration 218
- CommVault Galaxy labeling 219
- NetBackup labeling 219
- NetWorker labeling 219
- Creating a tape pool 220
- Deleting a tape pool 221
- Modifying a tape pool 221
- First-time encryption 222
- Space reclamation 224
- Data rekeying 225
- Deployment Scenarios 229
- Virtual 231
- --rdcreate [host wwn] 239
- FIGURE 129 FCIP deployment 241
- VMware ESX server deployments 242
- General guidelines 246
- HP-UX considerations 250
- AIX Considerations 251
- Enabling a disabled LUN 251
- Disk metadata 251
- Tape metadata 252
- Tape data compression 252
- Tape pools 252
- Tape block zero handling 253
- Tape key expiry 253
- PID failover 256
- Key Vault Best Practices 260
- Tape Device LUN Mapping 260
- Deleting an encryption group 265
- Removing an HA cluster member 265
- Deleting an HA cluster member 269
- Failover/failback example 270
- Recovery 271
- -hbmisses and -hbtimeout 276
- Key vault diagnostics 282
- --perfshow 283
- -portperfshow 283
- Command Activity 285
- Problem Resolution 285
- General errors and conditions 286
- LUN policy troubleshooting 293
- MPIO and internal LUN states 295
- Multi-node EG replacement 296
- Single-node EG replacement 298
- Multi-node EG Case 299
- Single-node EG Replacement 302
- Encryption group Nodes 306
- State and Status Information 309
- Security processor KEK status 310
- Encrypted LUN states 310
- TABLE 21 Tape LUN states 313
Související produkty a manuály pro Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support
Počítačové příslušenství Brocade Fabric OS Feature Support Matrix (Supporting Fabri Uživatelský manuál
(12 stránky)
(12 stránky)
Počítačové příslušenství Brocade Fabric OS Command Reference (Supporting Fabric OS Uživatelský manuál
(127 stránky)
(127 stránky)
Počítačové příslušenství Brocade Fabric OS Software Licensing Guide (Supporting Fab Uživatelský manuál
(58 stránky)
(58 stránky)
Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál
(300 stránky)
(300 stránky)
Počítačové příslušenství Brocade Fabric OS Upgrade Guide (Supporting Fabric OS v7.3 Uživatelský manuál
(34 stránky)
(34 stránky)
Počítačové příslušenství Brocade Fabric OS Troubleshooting and Diagnostics Guide (S Uživatelský manuál
(130 stránky)
(130 stránky)
Počítačové příslušenství Brocade Fabric Watch Administrators Guide (Supporting Fabr Uživatelský manuál
(116 stránky)
(116 stránky)
Počítačové příslušenství Brocade Flow Vision Administrators Guide (Supporting Fabri Uživatelský manuál
(90 stránky)
(90 stránky)
Počítačové příslušenství Brocade Monitoring and Alerting Policy Suite Administrator Uživatelský manuál
(114 stránky)
(114 stránky)
Počítačové příslušenství Brocade EZSwitchSetup Administrator’s Guide (Supporting 30 Uživatelský manuál
(64 stránky)
(64 stránky)
Počítačové příslušenství Brocade FICON Administrator’s Guide (Supporting Fabric OS Uživatelský manuál
(126 stránky)
(126 stránky)
Počítačové příslušenství Brocade Web Tools Administrators Guide (Supporting Fabric Uživatelský manuál
(274 stránky)
(274 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.054 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce