Release Notes
Fabric OS v7.2.1e Release Notes v1.0 Page 24 of 82
Gen 5 platforms and blades are capable of setting an EHT value on an individual port basis. On 8G
platforms EHT is set on an ASIC-wide basis, meaning all ports on a common ASIC will have the same
EHT setting. Extra care should be given when configuring EHT on 8G platforms or Gen 5 platforms
with 8G blades to ensure E_Ports are configured with an appropriate Hold Time setting.
When using Virtual Fabrics and creating a new Logical Switch when running FOS v7.1.0 or later, the
default EHT setting for the new Logical Switch will be the FOS default value of 220ms. However, with
FOS v7.1.0 and later, each Logical Switch can be configured with a unique EHT setting that is
independent of other Logical Switches and the Default Switch. Any Gen 5 ports (Condor3 based)
assigned to that Logical Switch will be configured with that Logical Switch’s EHT setting. Any 8G ports
(Condor2 based) will continue to share the EHT value configured for the Default Switch.
For more information on EHT behaviors and recommendations, refer to the Brocade SAN Fabric
Resiliency Best Practices v2.0 document available on www.brocade.com.
Encryption Behavior for the Brocade Encryption Switch (BES) and FS8-18
• SafeNet’s KeySecure hosting NetApp’s LKM (SSKM) is supported for data encryption operations with
SSKM operating in PVM mode.Please see SSKM documentation for operating in PVM mode for details.
Operation in HVM mode is not supported
•
RASlog SPC-3005 with error 34 may be seen if the link key used by a BES/FS8-18 is re-
established. Please refer to the LKM/SSKM Encryption Admin Guide for the workaround.
Also, please ensure that two (2) SSKM’s are present in the deployment for workaround to be
performed.
• For crypto tape operations, please ensure to use Emulex FC HBA firmware/drivers
2.82A4/7.2.50.007 or higher. Use of lower level firmware/drivers may result in hosts not being able to
access their tape LUNs through a crypto target container.
• Adding of 3PAR Session/Enclosure LUNs to CTCs is now supported. Session/Enclosure LUNs (LUN
0xFE) used by 3PAR InServ arrays must be added to CryptoTarget (CTC) containers with LUN state set
to “cleartext”, encryption policy set to “cleartext”. BES/FS8-18 will not perform any explicit
enforcement of this requirement.
• The Brocade Encryption switch and FS8-18 blade do not support QoS. When using encryption or
Frame Redirection, participating flows should not be included in QoS Zones.
• FOS 7.1.0 or later will use SHA256 signatures for the TLS certificates used to connect to the ESKM 3.0
Server using ESKM 2.0 client. Upgrade from FOS v7.0.x to FOS 7.2 and downgrade from FOS 7.2 to
FOS v7.0.x would require regeneration and re-registration of CA and signed KAC certificates to restore
connectivity to the key vault. Please refer to the Encryption Admin Guide for more details on
ESKM/FOS compatibility matrix.
• The RSA DPM Appliance SW v3.2 is supported. The procedure for setting up the DPM Appliance with
BES or a DCX/DCX-4S/DCX 8510 with FS8-18 blades is located in the Encryption Admin Guide.
• Before upgrading from FOS v7.0.x to FOS7.2, it is required that the RKM server running SW v2.7.1.1
should be upgraded to DPM server running SW v3.2. Please refer to DPM/FOS compatibility matrix in
the Encryption Admin Guide for more details.
• Support for registering a 2nd DPM Appliance on BES/FS8-18 is blocked. If the DPM Appliances are
clustered, then the virtual IP address hosted by a 3rd party IP load balancer for the DPM Cluster must
be registered on BES/FS8-18 in the primary slot for Key Vault IP.
• With Windows and Veritas Volume Manager/Veritas Dynamic Multipathing, when LUN sizes less than
400MB are presented to BES for encryption, a host panic may occur and this configuration is not
supported in the FOS v6.3.1 or later release.