Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
31323334353637383940
Encryption Administrator’s Guide 19
53-1001201-04
Configure Encryption features
2
Properties
The Properties button launches either the Switch Encryption Properties dialog box, if a switch or
encryption engine is selected, or the Encryption Group Properties dialog box, if a group is selected.
From the Properties dialog box, you can perform the following tasks:
Adding tape pools” on page 28
“Master keys” on page 75
“Saving the master key to a file” on page 76
“Saving a master key to a key vault” on page 78
“Saving a master key to a smart card set” on page 79
“Restoring a master key from a file” on page 81
“Restoring a master key from a key vault” on page 82
“Restoring a master key from a smart card set” on page 83
Zeroize
Zeroize is the process of erasing all data encryption keys and other sensitive encryption
information in an encryption engine. You can zeroize an encryption engine manually to protect
encryption keys.
Zeroizing has the following effects:
All copies of data encryption keys kept in the encryption switch or encryption blade are erased.
Internal public and private key pairs that identify the encryption engine are erased and the
encryption switch or the encryption blade is in the FAULTY state.
All encryption operations on this engine are stopped and all virtual initiators (VI) and virtual
targets (VT) are removed from the fabric’s name service.
The key vault link keys (for NetApp LKM key vaults) or the master key (for other key vaults) is
erased from the encryption engine.
Once enabled, the encryption engine is able to restore the necessary data encryption keys
from the key vault when the link key (for the NetApp Lifetime Key Management application) or
the master key (for other key vaults) are restored.
If the encryption engine was part of an HA cluster, targets fail over to the peer which assumes
the encryption of all storage targets. Data flow will continue to be encrypted.
If there is no HA backup, host traffic to the target will fail as if the target has gone offline. The
host will not have unencrypted access to the target. There will be no data flow at all because
the encryption virtual targets will be offline.
NOTE
Zeroizing an engine affects the I/Os but all target and LUN configuration is intact. Encryption target
configuration data is not deleted.
See “Zeroizing an encryption engine” on page 85 for more information.