Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

4 Encryption Administrator’s Guide

53-1001201-04

Terminology

Re-keying

Re-keying refers to decrypting data with the current Data Encryption Key (DEK), and

encrypting it with a new DEK. This is done when the security of the current key is

compromised, or when a DEK is configured to expire in a specific time frame. The

re-keying operation can be used to encrypt existing data currently stored as cleartext. In

that case, there is no existing DEK, and the data does not have to be decrypted before it

is encrypted using the new DEK.

Trusted Key Vault

Very secure storage on a hardware appliance that establishes a trusted link with the

encryption device for secure exchange of a link key. DEKs are encrypted with the link for

transit between the encryption device and the hardware appliance. At the hardware

appliance, the DEKs are re-encrypted, using master key created and maintained by

hardware appliance, and then stored in the trusted key vault.

Virtual Initiator

A logical entity that acts as a stand-in for a physical host when communicating with a

physical target LUN.

Virtual Target

A logical entity that acts as a stand-in for a physical target LUN when communicating

with a physical host. A virtual target is mapped one to one to a specific physical target.