Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
211212213214215216217218219220
Encryption Administrator’s Guide 197
53-1001201-04
Turn off host-based encryption
5
In tape libraries where the media changer unit is addressed by separate LUN at the same target
port as the actual tape SCSI I/O LUN, create a CryptoTarget container for the target port, and add
both the media changer unit LUN and one or more tape SCSI I/O LUNs to that CryptoTarget
container. If only a media changer unit LUN is added to the CryptoTarget container, no encryption is
performed on this device.
Turn off host-based encryption
If a host has an encryption capability of any kind, be sure it is turned it off before using the
encryption engine on the encryption switch or blade. Encryption and decryption at the host may
make it impossible to successfully decrypt the data.
Avoid double encryption
Encryption and decryption at tape drives does not affect the encryption switch or blade capabilities,
and does not cause problems with decrypting the data. However, double encryption adds the
unecessary of managing two sets of encryption keys, increases the risk of losing data, and may
reduce performance, and does not add security.
PID failover
Virtual device PIDs do not persist upon failover within a single fabric HA cluster. Upon failover, the
virtual device is s assigned a different PID on the standby encryption switch or blade.
Some operating systems view the PID change as an indication of path failure, and will switch over
to redundant path in another fabric. In these cases, HA clusters should not be implemented. These
operating systems include the following:
HP-UX prior to 11.x
All versions of IBM AIX
Solaris 2.x
Disk caching policies
Any caching other than write-through caching on the disk array should be turned off to increase
array performance.
Turn off compression on extension switches
If tape piplining and fast write are enabled on an extension switch, data compression may also be
enabled. If data has been encrypted in its path prior to running through the extension switch, data
compression should be turned off on the extension switch to increase performance.