Manualshelf

HP B-series Fabric OS 7.0.2d Release Notes (5697-2822, August 2013--includes all 7.0.x versions)

ManualsBrandsHP ManualsStorageHP 1606 FCIP 16-pt Enabled 8Gb FC 6-pt Enabled 1GbE Power Pack+ Switch
31323334353637383940
SKM/ESKM dual node cluster - Auto failover considerations:
In a dual node SKM/ESKM cluster configuration with the encryption switch, ensure that the
two SKM/ESKM nodes are always available and online for proper key archival. If one of the
SKM/ESKM nodes fails, you cannot use the configuration to create new keys. In other words,
adding new targets or LUNs to the encryption path will not work until both the SKM/ESKM
nodes are available. However, there will not be any issue for retrieving keys or using the
existing setup as long as one SKM/ESKM node is available.
The encryption switch makes sure that any new KEY is hardened (archived) to both SKM/ESKM
Key Vaults in the SKM/ESKM Cluster before the key gets used for encryption. In the event that
one of the SKM/ESKM vaults is down, the key creation will fail because of the hardening
check failure. As a result, the new key creation operation will not function. For Key retrieval,
this is not the requirement and any one Key Vault being online will get the Key as long as that
Key Vault has the Key.
Auto rekeying of encrypted disk LUNs may be delayed when an encryption engine reboots
or when HAC failover/failback occurs. Should either of these events delay auto rekeying, use
the cryptocfg manual_rekey command to manually start the rekeying of the affected
LUNs.
Initial setup of encrypted LUNs
IMPORTANT: While performing first-time encryption to a LUN with more than one initiator active
at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to
avoid this occurrence.
NOTE: When configuring multipath LUNs, care should be taken to add LUN 0 on all of the paths,
subject to the following considerations:
If LUN 0 presented by the back-end target is a controller LUN (not a disk LUN; that is, not
visible in the discoverLUN output), add LUN 0 to the container as a clear text LUN for any
multi-path configuration. Make sure all of the paths have this LUN 0 added for MPIO operation
(EVA configuration, for example).
If LUN 0 presented by the back-end target is a disk LUN, LUN 0 can be added to the container
either as clear text or encrypted (MSA configuration, for example).
For HP-UX, LUN 0 can appear as 0x0 or 0x400, but both of them are LUN 0 only and should
be treated alike.
Additional Considerations for FICON Environments
At the time of the Fabric OS 7.0.2d release, the latest supported FICON release is Fabric OS
7.0.0c. References in the subsequent FICON sections of these release notes correctly represent
the currently supported FICON version.
Not all possible combinations of features and hardware configurations are included in the FICON
qualification process. Features and hardware configurations not supported for FICON may be
supported for Open Systems environments. This section describes those features and configurations
tested for FICON environments and includes supplemental information for users deploying Fabric
OS-based platforms in FICON environments.
Multiple 10 Gbps ISLs and FCIP links can load-share between cascaded FICON
directors/switches but do not load balance in a FICON configuration.
The 10-bit addressing mode is not supported in a FICON environment.
See the “Fabric OS Upgrade and Downgrade Special Considerations section of the release
notes when planning an upgrade to a fabric that includes the HP 1606 SAN Extension Switch
or has any HP DC SAN Director Multiprotocol Extension Blade in an HP StorageWorks DC
34