Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
236 Encryption Administrator’s Guide
53-1001341-02
Thales Encryption Manager for Storage
D
DEK retrieval
The DEK is retrieved from the primary Thales key vault if the primary is online and reachable. If the
primary Thales key vault is not online or not reachable, the DEK is retrieved from the secondary
Thales key vault.
DEK update
DEK update behavior is same as DEK creation.
Thales key vault deregistration
Deregistration of either Primary or Secondary Thales key vault from the Brocade encryption switch
or blade is allowed independently.
Deregistration of the primary Thales key vault - You can deregister the primary Thales key vault
from the Brocade encryption switch or blade without deregistering the secondary Thales key vault
for maintenance or replacement purposes. However, when the primary Thales key vault is
deregistered, key creation operations will fail until either the primary key vault is reregistered or the
secondary key vault is deregistered and reregistered as primary.
When the primary key vault is replaced with a different key vault, you must first synchronize the
DEKs from the secondary key vault before reregistering the primary key vault.
Deregistration of the secondary Thales key vault - You can deregister the Secondary Thales key
vault independently. Future key operations will use only the Primary Thales key vault until the
secondary key vault is reregistered back on the Brocade encryption switch or blade.
When the Secondary key vault is replaced with a different key vault, you must first synchronize the
DEKs from primary key vault before reregistering the secondary key vault.