Fabric OS Encryption Administrator's Guide
178 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Single fabric deployment - DEK cluster
4
In Figure 97, the two encryption switches provide a redundant encryption path to the target
devices. The encryption switches are interconnected through a dedicated cluster LAN. The Ge1 and
Ge0 gigabit Ethernet ports on each of these switches are attached to this LAN. This LAN connection
provides the communication needed to distribute and synchronize configuration information, and
enable the two switches to act as a high availability (HA) cluster, providing automatic failover if one
of the switches fails, or is taken out of service.
Single fabric deployment - DEK cluster
Figure 98 shows an encryption deployment in a single fabric with two paths between a host and a
target.device.
.
FIGURE 98 Single fabric deployment - DEK cluster
Target
Cluster Link Cluster Link
Management Link
Management Link
Dedicated Cluster
Network
LAN
Key Management
Appliance
or Key Vault
Management
Station
(DCFM)
Host
Host Port 1
Target
Port 1
Target
Port 2
Host Port 2
Fabric
Management
Network
LAN
Virtual
Initiator
Virtual
Target
Virtual
Target
Virtual
Initiator
Encryption
Switch
Encryption
Switch
E
n
c
r
y
p
t
i
o
n
G
r
o
u
p
D
E
K
C
l
u
s
t
e
r
Ciphertext
Cleartext