Brocade Fabric OS v7.1.2a Release Notes v1.0

ManualsBrandsHP ManualsStorageHP SN6000 Stackable 8Gb 24-port Single Power Fibre Channel Switch

Encryption Behavior for the Brocade Encryption Switch (BES) and FS8-18

• SafeNet’s KeySecure hosting NetApp’s LKM (SSKM) is supported for data encryption operations with

FOS v7.0.1 or later.

• Use of SSKM with the Brocade encryption solution is only supported for SSKM operating in

PVM mode. Please see SSKM documentation for operating in PVM mode for details.

Operation in HVM mode is not supported.

• It is recommended to use Tight VNC connection to access the management console for

SSKM

and LKM key vaults instead of remote desktop. If remote desktop is used, customer may

encounter the following errors related to smart card reader:

 Error communicating with smart card reader.

 Card reader already in use by default key.

 Unable to complete TEP/TAP process as window for selecting card and entering

password does not appear.

• Please refer to SafeNet Keysecure install documentation for setting up and initially

configuring the SSKM key vaults. There are some changes between setting up the SSKMs and

the LKMs. Please refer SafeNet or NetApp documentation for any LKM to SSKM migration

procedures. This migration is not tested/supported with FOS v7.0.1 or later.

• The following is tested and supported with FOS v7.0.1 or later

 Platform Serial Number: 27CJNQ1

 Platform FW Version: SSKM-1.0-03

 Platform Firmware Build ID: 0.5_secure

 DB version: 166

 SEP FW ID: SEPLuna TDB

 SEP HW ID: Luna K6 TBD

 SEP SW ID: 6.2.0 TBD

 System Card FW ID: 200.5

 Management console version: 1.0 build 18.

• For crypto tape operations, please ensure to use Emulex FC HBA firmware/drivers

2.82A4/7.2.50.007 or higher. Use of lower level firmware/drivers may result in hosts not being able to

access their tape LUNs through a crypto target container.

• If the migration to FOS v7.0 or later does not occur from 6.4.1a, 6.4.1b, or 6.4.2, the following will

result

• BES will reboot if auto reboot is enabled otherwise it needs to be rebooted manually for

recovery2010/11/08-04:54:35:485488, [FSS-1009], 4424/886, CHASSIS, ERROR,

MACE, FSS Error: fcsw0-vs: MISMATCH: component., svc.c, line: 2462, comp:FSSK_TH,

ltime:2010/11/08-04:54:35:485484

• Adding of 3PAR Session/Enclosure LUNs to CTCs is now supported. Session/Enclosure LUNs (LUN

0xFE) used by 3PAR InServ arrays must be added to CryptoTarget (CTC) containers with LUN state set

to “cleartext”, encryption policy set to “cleartext”. BES/FS8-18 will not perform any explicit

enforcement of this requirement.

• When host clusters are deployed in an Encryption environment, please note the following

recommendations:

• If two EEs (encryption engines) are part of a HAC (High Availability Cluster), configure the

host/target pair such that they form a multipath from both EEs. Avoid connecting both

the host/target pairs to the same EE. This connectivity does not give full redundancy in

the case of EE failure resulting in HAC failover.

• Since quorum disk plays a vital role in keeping the cluster in sync, please configure the

quorum disk to be outside of the encryption environment.

• The “–key_lifespan” option has no effect for “cryptocfg –add –LUN”, and only has an effect for

“cryptocfg --create –tapepool” for tape pools declared “-encryption_format native”. For all other

encryption cases, a new key is generated each time a medium is rewound and block zero is written or

Fabric OS v7.1.2a Release Notes v1.0 Page 23 of 38