Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHousehold Appliances8
31323334353637383940
Brocade Communications Systems, Inc. Page 34 of 48
Figure 6: User Data Flow for User Data Encryption SFP
Data encryption keys (DEKs) are generated by the TOE. Data is encrypted and decrypted using the same DEK. A
DEK must be preserved at least long enough to decrypt the ciphertext that it created. The length of time data is
stored before it is retrieved can vary greatly, and some data may be stored for years or decades before it is accessed.
Key management systems provide life cycle management for all DEKs created by the encryption engine. Key
management systems are provided by third party vendors.
A DEK is created by an encryption engine, distributed, and stored in a key vault. The key is used to encrypt and
decrypt data at least once, and possibly many times. The TOE zeroizes a DEK when the key is no longer needed.
6.1.2.1.2 CryptoTarget Container
A CryptoTarget container is a configuration of “virtual devices” that is created for each storage device hosted on the
TOE. The CryptoTarget container holds the configuration infomation for a single storage device, including DEK,
associated hosts (a.k.a., initiators) and storage device settings. A CryptoTarget container virtualizes the interfaces
between the storage devices and hosts to provide a transparent encryption function.