Manualshelf

HP StorageWorks Fabric OS 6.3.3d Release Notes (5697-0493, May 2010 - includes all 6.3.0x versions)

ManualsBrandsHP ManualsStorageHP 8/8 Base (0) e-port SAN Switch
41424344454647484950
2. Enable the LUN using cryptocfg --enable –LUN. Modify the LUN policy from
clear-text to encrypt with enable_encexistingdata to enable the first time
encryption and do commit.
This will clear the stale rekey metadata on the LUN and the LUN can be used again for
encryption.
Method 2
1. Remove the LUN from Crypto Target Container and commit.
2. Add the LUN back to the Crypto Target Container with LUN State=”clear-text”,
policy=”encrypt” and enable_encexistingdata set for enabling the First Time
Encryption and commit.
This will clear the stale rekey metadata on the LUN and the LUN can be used again for
encryption.
In an environment with a mixed firmware version (Fabric OS 6.2.x + 6.3.0) Encryption Group,
the I/O link state reported for Fabric OS 6.2.x nodes is unreachable. During a rolling upgrade
from Fabric OS 6.2.0x to 6.3.0, you should see the I/O link status reported as Unreachable
when the cryptocfg –show -loc command is invoked. However, once all the nodes are up-
graded to Fabric OS 6.3.0, the show command will accurately reflect the status of the I/O Link.
The I/O link status while performing the rolling upgrade from Fabric OS 6.2.0 to 6.3.0 can be
ignored until all nodes have been upgraded to 6.3.0.
Mace39:root> cryptocfg --show -loc
EE Slot: 0
SP state: Online
Current Master KeyID: 43:f1:bd:dc:91:89:f2:f1:6a:a1:48:89:7b:d0:5f:59
Alternate Master KeyID: 3a:a4:5b:86:90:d5:69:26:29:78:f8:3b:f9:b2:9c:b9
HA Cluster Membership: hac39_115
EE Attributes:
Link IP Addr : 10.32.50.36
Link GW IP Addr: 10.32.48.1
Link Net Mask : 255.255.240.0
Link MAC Addr : 00:05:1e:53:8a:86
Link MTU : 1500
Link State : UP
Media Type : DISK
System Card Label :
System Card CID :
Remote EE Reachability :
Node WWN/Slot EE IP Addr EE State
IO Link State
10:00:00:05:1e:53:77:80/0 10.32.53.107 EE_STATE_ONLINE Non-Reachable
10:00:00:05:1e:53:b7:ae/0 10.32.53.105 EE_STATE_ONLINE Non-Reachable
SKM FIPS Mode Enablement
FIPS compliance mode is disabled in SKM by default. To enable it, follow the procedure described
in the SKM user guide, Configuring the Key Manager for FIPS Compliance section.
NOTE:
Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key Manager.
Therefore, if FIPS enablement is required, HP strongly recommends that it be performed during
the initial SKM configuration, before any key sharing between the switch and the SKM occurs.
44