Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál Strana 153
- Strana / 332
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Fabric OS Encryption Administrator’s Guide (DPM) 133
53-1002922-01
Setting encryption node initialization
3
4. Reboot the member node (the node on which the IP address has been modified).
5. Reregister the node with the group leader using new IP address.
Setting encryption node initialization
When an encryption node is initialized, the following security parameters and certificates are
generated:
• FIPS crypto officer
• FIPS user
• Node CP certificate
• A signed Key Authentication Center (KAC) certificate
• A KAC Certificate Signing Request (CSR)
From the standpoint of external SAN management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
1. Initialize the Brocade Encryption Switch node.
SecurityAdmin:switch> cryptocfg --initnode
Operation succeeded.
2. Zeroize all critical security parameters (CSPs) on the encryption engine.
SecurityAdmin:switch> cryptocfg --zeroizeEE [slotnumber]
This will zeroize all critical security parameters
ARE YOU SURE (yes, y, no, n): [no]y
Operation succeeded.
3. Initialize the new encryption engine.
SecurityAdmin:switch> cryptocfg --initEE [slotnumber]
Operation succeeded.
4. Register the encryption engine.
SecurityAdmin:switch> cryptocfg --regEE [slotnumber]
Operation succeeded.
5. Enable the encryption engine.
SecurityAdmin:switch> cryptocfg --enableEE [slotnumber]
Operation succeeded.
6. Check the encryption engine state using following command to ensure encryption engine is
online:
SecurityAdmin:switch> cryptocfg --show -localEE
- Fabric OS Encryption 1
- Document History 2
- Document Title iii 3
- 53-1002720-02 3
- Contents 5
- 53-1002922-01 10
- About This Document 15
- What’s new in this document 16
- Document conventions 16
- Command syntax conventions 17
- Notes, cautions, and warnings 17
- Additional information 18
- Getting technical help 19
- Document feedback 20
- Encryption Overview 21
- Terminology 22
- The Brocade Encryption Switch 24
- The FS8-18 blade 25
- FIPS mode 25
- Performance licensing 25
- Usage limitations 26
- FIGURE 2 Encryption overview 27
- FIGURE 3 Frame redirection 28
- IO Sync LAN 29
- FIGURE 5 DEK life cycle 30
- Master key management 31
- Support for virtual fabrics 31
- Encryption Center features 34
- Encryption user privileges 35
- Smart card usage 36
- Using system cards 41
- Deregistering system cards 43
- Using smart cards 43
- Tracking smart cards 44
- Editing smart cards 46
- Network connections 47
- Blade processor links 47
- (KAC) certificate 48
- Encryption preparation 55
- Creating an encryption group 55
- --initnode command 65
- --set -keyvault command 65
- --reg keyvault command 65
- Creating HA clusters 72
- Failback option 74
- Invoking failback 74
- Adding an encryption target 75
- FIGURE 46 Next Steps screen 83
- Configuring storage arrays 91
- Remote replication LUNs 91
- Moving targets 96
- Tape LUN statistics 99
- Encryption engine rebalancing 103
- Master keys 104
- Active master key 105
- Alternate master key 105
- Master key actions 106
- ATTENTION 107
- Creating a master key 113
- Security settings 114
- Setting zeroization 115
- Redirection zones 117
- Disk device decommissioning 117
- Decommissioning disk LUNs 118
- Displaying Universal IDs 120
- Setting disk LUN Re-key All 121
- Thin provisioned LUNs 125
- Thin Provisioning support 126
- General tab 133
- Members tab 135
- Members tab Remove button 136
- Security tab 137
- HA Clusters tab 139
- Tape Pools tab 141
- Adding tape pools 142
- Engine Operations tab 143
- TABLE 3 Encryption acronyms 144
- In this chapter 145
- Overview 146
- Command validation checks 146
- (Continued) 148
- Cryptocfg Help command output 150
- Management LAN configuration 150
- Configuring cluster links 151
- Node is a group leader node 152
- Node is a member node 152
- • FIPS crypto officer 153
- • FIPS user 153
- • Node CP certificate 153
- Submitting the CSR to a CA 156
- • cryptocfg --initEE 163
- • cryptocfg --regEE 163
- • cryptocfg --enableEE 163
- High availability clusters 168
- Creating an HA cluster 169
- Policy Configuration Examples 172
- Re-exporting a master key 173
- Viewing the master key IDs 174
- Zoning considerations 177
- Frame redirection zoning 178
- Gathering information 182
- Crypto LUN configuration 186
- Discovering a LUN 187
- Configuring a Crypto LUN 187
- Configuring a tape LUN 191
- Decommissioning LUNs 195
- SRDF LUNs 199
- SRDF pairs 200
- Adding replication LUNs 201
- Reading metadata after sync 202
- -newLUN option 203
- TF snapshot rekeying details 208
- ID> <initiator PWWN> 209
- -not_ready option of TF 209
- <initiator PWWN> 209
- Tape pool configuration 213
- Tape pool labeling 214
- NetBackup labeling 215
- NetWorker labeling 215
- Creating a tape pool 216
- Deleting a tape pool 216
- Modifying a tape pool 217
- First-time encryption 222
- Data rekeying 225
- Resource allocation 226
- Rekeying modes 226
- Deployment Scenarios 231
- --rdcreate [host wwn] 240
- FIGURE 103 FCIP deployment 242
- Data mirroring deployment 243
- VMware ESX server deployments 245
- General guidelines 248
- Enabling a disabled LUN 253
- HP-UX considerations 253
- AIX considerations 253
- Disk metadata 254
- Tape metadata 254
- Tape data compression 255
- Tape pools 255
- Tape block zero handling 256
- Tape key expiry 256
- Avoid double encryption 258
- PID failover 258
- Manual rekey 259
- Latency in rekey operations 259
- Key vault best practices 263
- Tape device LUN mapping 263
- Deleting an encryption group 269
- Removing an HA cluster member 269
- Deleting an HA cluster member 273
- Failover/failback example 274
- Recovery 275
- -hbmisses and -hbtimeout 280
- Key vault diagnostics 286
- --perfshow 287
- -portperfshow 287
- Command Activity 291
- Problem Resolution 291
- General errors and conditions 292
- LUN policy troubleshooting 299
- MPIO and internal LUN states 301
- Multi-node EG replacement 302
- Single-node EG replacement 304
- Multi-node EG Case 305
- Single-node EG Replacement 308
- Deregistering a DPM key vault 310
- FIGURE 111 DPM Clients page 311
- TABLE 15 Compatibility Matrix 313
- Encryption group Nodes 314
- State and Status Information 317
- Security processor KEK status 318
- Encrypted LUN states 318
- TABLE 22 Tape LUN states 321
Související produkty a manuály pro Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support
Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál
(324 stránky)
(324 stránky)
Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál
(322 stránky)
(322 stránky)
Počítačové příslušenství Brocade Fabric OS Feature Support Matrix (Supporting Fabri Uživatelský manuál
(12 stránky)
(12 stránky)
Počítačové příslušenství Brocade Fabric OS Command Reference (Supporting Fabric OS Uživatelský manuál
(127 stránky)
(127 stránky)
Počítačové příslušenství Brocade Fabric OS Software Licensing Guide (Supporting Fab Uživatelský manuál
(58 stránky)
(58 stránky)
Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál
(300 stránky)
(300 stránky)
Počítačové příslušenství Brocade Fabric OS Upgrade Guide (Supporting Fabric OS v7.3 Uživatelský manuál
(34 stránky)
(34 stránky)
Počítačové příslušenství Brocade Fabric OS Troubleshooting and Diagnostics Guide (S Uživatelský manuál
(130 stránky)
(130 stránky)
Počítačové příslušenství Brocade Fabric Watch Administrators Guide (Supporting Fabr Uživatelský manuál
(116 stránky)
(116 stránky)
Počítačové příslušenství Brocade Flow Vision Administrators Guide (Supporting Fabri Uživatelský manuál
(90 stránky)
(90 stránky)
Počítačové příslušenství Brocade Monitoring and Alerting Policy Suite Administrator Uživatelský manuál
(114 stránky)
(114 stránky)
Počítačové příslušenství Brocade EZSwitchSetup Administrator’s Guide (Supporting 30 Uživatelský manuál
(64 stránky)
(64 stránky)
Počítačové příslušenství Brocade FICON Administrator’s Guide (Supporting Fabric OS Uživatelský manuál
(126 stránky)
(126 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.044 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce