574
Brocade Network Advisor SAN User Manual
53-1002696-01
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
20
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP)
KeySecure Management Console can be used on the Fabric OS encryption switch. Any
KMIP-compliant server can be reregistered as a KMIP key vault.
NOTE
Currently, only KMIP with SafeNet KeySecure for Key Management (SSKM) native hosting LKM is
supported.
After installing the SafeNet KeySecure appliance (also referred to as KeySecure), you must
complete the following steps before the Fabric OS encryption switch can be configured with the
KeySecure. These steps must be performed only once.
NOTE
If you are configuring two Key Server nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.
The following is a suggested order of steps that must be completed to create a secure connection
to the SafeNet KeySecure.
1. Set FIPS compliance. Refer to
“Setting FIPS compliance”
on page 575.
2. Create a local CA. Refer to
“Creating a local CA”
on page 576.
3. Create a server certificate. Refer to
“Creating a server certificate”
on page 577.
4. Create a cluster. Refer to
“Creating a cluster”
on page 582.
5. Export and sign the encryption node certificate signing requests. Refer to
“Signing the
encryption node KAC CSR on KMIP”
on page 584.
6. Import the signed certificates into the encryption node. Refer to
“Importing a signed KAC
certificate into a switch”
on page 585.
7. Back up the certificates Refer to
“Backing up the certificates”
on page 586.
8. Configure the KMIP server. Refer to
“Configuring the KMIP server”
on page 588.
9. Add a secondary node to the cluster. Refer to
“Adding a node to the cluster”
on page 589.
Summary of Contents for Network Advisor 12.0.0
Page 36: ...xxxvi Brocade Network Advisor SAN User Manual 53 1002696 01...
Page 82: ...34 Brocade Network Advisor SAN User Manual 53 1002696 01 License downgrade 2...
Page 86: ...38 Brocade Network Advisor SAN User Manual 53 1002696 01 Uninstalling a patch 3...
Page 122: ...74 Brocade Network Advisor SAN User Manual 53 1002696 01 VM Manager discovery 4...
Page 184: ...136 Brocade Network Advisor SAN User Manual 53 1002696 01 Fabric tracking 5...
Page 214: ...166 Brocade Network Advisor SAN User Manual 53 1002696 01 User profiles 6...
Page 284: ...236 Brocade Network Advisor SAN User Manual 53 1002696 01 User defined performance monitors 8...
Page 320: ...272 Brocade Network Advisor SAN User Manual 53 1002696 01 Grouping on the topology 9...
Page 434: ...386 Brocade Network Advisor SAN User Manual 53 1002696 01 Port Auto Disable 12...
Page 442: ...394 Brocade Network Advisor SAN User Manual 53 1002696 01 Exporting Host port mapping 13...
Page 450: ...402 Brocade Network Advisor SAN User Manual 53 1002696 01 Exporting storage port mapping 14...
Page 536: ...488 Brocade Network Advisor SAN User Manual 53 1002696 01 Virtual FCoE port configuration 16...
Page 552: ...504 Brocade Network Advisor SAN User Manual 53 1002696 01 Security configuration deployment 17...
Page 878: ...830 Brocade Network Advisor SAN User Manual 53 1002696 01 Removing thresholds 24...
Page 922: ...874 Brocade Network Advisor SAN User Manual 53 1002696 01 VLAN routing 26...
Page 990: ...942 Brocade Network Advisor SAN User Manual 53 1002696 01 SAN Connection utilization 29...
Page 1138: ...1090 Brocade Network Advisor SAN User Manual 53 1002696 01 Call Home Event Tables B...
Page 1144: ...1096 Brocade Network Advisor SAN User Manual 53 1002696 01 IP Performance monitoring events C...
Page 1186: ...1138 Brocade Network Advisor SAN User Manual 53 1002696 01 Regular Expressions F...
Page 1486: ...1438 Brocade Network Advisor SAN User Manual 53 1002696 01 Views H...