Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
12345678910
x Encryption Administrator’s Guide
53-1001201-04
DF compatibility for tapes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
DF compatibility for disk LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Key vault high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Configuring CryptoTarget containers and LUNs . . . . . . . . . . . . . . .195
Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Deployment with Admin Domains (AD) . . . . . . . . . . . . . . . . . . . . . .196
Master key usage in RKM and SKM environments . . . . . . . . . . . .196
Do not use DHCP for IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .196
Ensure uniform licensing in HA clusters . . . . . . . . . . . . . . . . . . . . .196
Tape library media changer considerations . . . . . . . . . . . . . . . . . .196
Turn off host-based encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Avoid double encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
PID failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Disk caching policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Turn off compression on extension switches . . . . . . . . . . . . . . . . .197
Re-keying best practices and policies . . . . . . . . . . . . . . . . . . . . . . .198
Manual re-key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Latency in re-key operations . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Allow re-key to complete before deleting a container . . . . . . .198
Re-key operations and firmware upgrades . . . . . . . . . . . . . . .198
Do not change LUN configuration while re-keying. . . . . . . . . .199
Brocade native mode in LKM installations . . . . . . . . . . . . . . .199
Recommendation for Host I/O traffic during online
rekeying and first time encryption . . . . . . . . . . . . . . . . . . . . . .199
Changing IP addresses in encryption groups . . . . . . . . . . . . . . . . .199
Disabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . .199
Recommendations for Initiator Fan-Ins . . . . . . . . . . . . . . . . . . . . . .200
Appendix A State and Status Information
In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Encryption engine security processor (SP) states. . . . . . . . . . . . . .201
Security processor KEK status . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Encrypted LUN states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Chapter B Maintenance and Troubleshooting
In this Appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
General encryption troubleshooting using the CLI . . . . . . . . . . . . .205
Troubleshooting examples using the CLI. . . . . . . . . . . . . . . . . . . . .208
Encryption Enabled Crypto Target LUN. . . . . . . . . . . . . . . . . . .208
Encryption Disabled Crypto Target LUN . . . . . . . . . . . . . . . . . .209