Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
111112113114115116117118119120
Fabric OS Encryption Administrator’s Guide (DPM) 97
53-1002720-02
Redirection zones
2
Redirection zones
It is recommended that you configure the host and target in the same zone before you configure
them for encryption. Doing so creates a redirection zone to redirect the host/target traffic through
the encryption engine; however, a redirection zone can only be created if the host and target are in
the same zone. If the host and target are not already configured in the same zone, you can
configure them for encryption, but you will still need to configure them in the same zone, which will
then enable you to create the redirection zone as a separate step.
NOTE
If the encryption group is busy when you click Commit, you are given the option to either force the
commit, or abort the changes. Click Commit to re-create the redirection zone.
Disk device decommissioning
A disk device needs to be decommissioned when any of the following occurs:
The storage lease expires for an array, and devices must be returned or exchanged.
Storage is reprovisioned for movement between departments.
An array or device is removed from service.
In all cases, all data on the disk media must be rendered inaccessible. Device decommissioning
deletes all information that could be used to recover the data, for example, information related to
master key IDs and cache files.
After device decommissioning is performed, the following actions occur:
Metadata on the LUN is erased and the reference is removed from cache on the Brocade
Encryption Switch.
The LUN state is shown as decommissioned in the key vault.
The LUN is removed from the container.
NOTE
The key IDs that were used for encrypting the data are returned.
When disk LUNs are decommissioned, the decommissioned keys are still stored on the switch. In
order to delete them from the switch, you must view them from the Decommissioned Key IDs dialog
box. Refer to Figure 73.
When a device decommission operation fails on the encryption group leader for any reason, the
crypto configuration remains uncommitted until a user-initiated commit or a subsequent device
decommission operation issued on the encryption group leader completes successfully. Device
decommission operations should always be issued from a committed configuration. If not, the
operation will fail with the error message An outstanding transaction is pending in Switch/EG. If
this occurs, you can resolve the problems by committing the configuration from the encryption
group leader.