Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)
Brocade Network Advisor SAN User Manual 463
53-1002167-01
Steps for connecting to an SKM appliance
18
Tape LUN support
• DEK Creation - The DEK is created and archived to the SKM cluster using the cluster’s virtual IP
address. The DEK is synchronized with other SKMs in the cluster. Upon successful archival of
the DEK to the SKM cluster, the DEK can be used for encryption of the tape LUN. If archival of
the DEK to the SKM cluster fails, an error is logged and the operation is retried.
• DEK retrieval - The DEK is retrieved from the SKM cluster using the cluster’s virtual IP address.
If DEK retrieval fails, it is retried.
• DEK update - DEK update behavior is the same as DEK Creation.
SKM Key Vault Deregistration
Deregistration of either Primary or Secondary LKM KV from an encryption switch or blade is
allowed independently.
• Deregistration of Primary SKM - You can deregister the Primary SKM from an encryption switch
or blade without deregistering the backup or secondary SKM for maintenance or replacement
purposes. However, when the primary SKM is deregistered, key creation operations will fail
until either primary SKM is reregistered or the secondary SKM is deregistered and reregistered
as Primary SKM.
When the Primary SKM is replaced with a different SKM, you must first synchronize the DEKs
from the secondary SKM before reregistering the primary SKM.
• Deregistration of Secondary SKM - You can deregister the Secondary SKM independently.
Future key operations will use only the Primary SKM until the secondary SKM is reregistered on
the encryption switch or blade.
When the Secondary SKM is replaced with a different SKM, you must first synchronize the
DEKs from Primary SKM before reregistering the secondary SKM.