Manualshelf

Administrator's Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) Instruction Manual

ManualsBrandsBrocade ManualsComputer AccessoriesFabric OS Encryption
11121314151617181920
Fabric OS Encryption Administrator’s Guide (SKM/ESKM) ix
53-1002923-01
Multiple paths, one DEK cluster, and two HA clusters . . . . . . . . . .208
Multiple paths, DEK cluster, no HA cluster . . . . . . . . . . . . . . . . . . .209
Deployment in Fibre Channel routed fabrics. . . . . . . . . . . . . . . . . .211
Deployment as part of an edge fabric . . . . . . . . . . . . . . . . . . . . . . .213
Deployment with FCIP extension switches . . . . . . . . . . . . . . . . . . .215
VMware ESX server deployments. . . . . . . . . . . . . . . . . . . . . . . . . . .216
Chapter 5 Best Practices and Special Topics
Firmware upgrade and downgrade considerations . . . . . . . . . . . .222
General guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Specific guidelines for HA clusters . . . . . . . . . . . . . . . . . . . . . .224
Configuration upload and download considerations . . . . . . . . . . .225
Configuration upload at an encryption group
leader node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Configuration upload at an encryption group
member node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Information not included in an upload . . . . . . . . . . . . . . . . . . .225
Steps before configuration download. . . . . . . . . . . . . . . . . . . .226
Configuration download at the encryption group leader. . . . .226
Configuration download at an encryption group member . . .226
Steps after configuration download . . . . . . . . . . . . . . . . . . . . .226
HP-UX considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
AIX Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Enabling a disabled LUN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Disk metadata. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Tape metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Tape data compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Tape pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Tape block zero handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Tape key expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Configuring CryptoTarget containers and LUNs . . . . . . . . . . . . . . .230
Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Deployment with Admin Domains (AD) . . . . . . . . . . . . . . . . . . . . . .231
Do not use DHCP for IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .231
Ensure uniform licensing in HA clusters . . . . . . . . . . . . . . . . . . . . .232
Tape library media changer considerations . . . . . . . . . . . . . . . . . .232
Turn off host-based encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Avoid double encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
PID failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Turn off compression on extension switches . . . . . . . . . . . . . . . . .233