Brocade Fabric OS v7.0.2e Release Notes v1.0
Fabric OS v7.0.2e Release Notes v1.0 Page 26 of 53
• Adding of 3PAR Session/Enclosure LUNs to CTCs is now supported. Session/Enclosure LUNs (LUN
0xFE) used by 3PAR InServ arrays must be added to CryptoTarget (CTC) containers with LUN state set
to “cleartext”, encryption policy set to “cleartext”. BES/FS8-18 will not perform any explicit
enforcement of this requirement.
• The “cryptocfg –manual_rekey –all” command should not be used in environments with multiple
encryption engines (FS8-18 blades) installed in a DCX/DCX-4S/DCX 8510 chassis with more than one
encryption engine has access to the same LUN. In such situations, use the “cryptocfg –manual_rekey
<CTC> <LUN Num> <Initiator PWWN>” command to manually rekey these LUNs.
• When host clusters are deployed in an Encryption environment, please note the following
recommendations:
• If two EEs (encryption engines) are part of a HAC (High Availability Cluster), configure the
host/target pair such that they form a multipath from both EEs. Avoid connecting both
the host/target pairs to the same EE. This connectivity does not give full redundancy in
the case of EE failure resulting in HAC failover.
• Since quorum disk plays a vital role in keeping the cluster in sync, please configure the
quorum disk to be outside of the encryption environment.
• The “–key_lifespan” option has no effect for “cryptocfg –add –LUN”, and only has an effect for
“cryptocfg --create –tapepool” for tape pools declared “-encryption_format native”. For all other
encryption cases, a new key is generated each time a medium is rewound and block zero is written or
overwritten. For the same reason, the “Key Life” field in the output of “cryptocfg --show -container -all
–stat” should always be ignored, and the “Key life” field in “cryptocfg --show –tapepool –cfg” is only
significant for native-encrypted pools.
• The Quorum Authentication feature requires a compatible DCFM or Brocade Network Advisor release
(DCFM 10.3 or later for pre-FOS v7.0 and Network Advisor 11.1 or later for FOS v7.0 or later) that
supports this feature. Note, all nodes in the EG must be running FOS v6.3.0 or later for quorum
authentication to be properly supported.
• The System Card feature requires a compatible DCFM or Brocade Network Advisor release (DCFM
10.3 or later for pre-FOS v7.0 and Network Advisor 11.1 or later for FOS v7.0 or later) that supports
this feature. Note, all nodes in the EG must be running FOS v6.3.0 or later for system verification to
be properly supported.
• The Brocade Encryption switch and FS8-18 blade do not support QoS. When using encryption or
Frame Redirection, participating flows should not be included in QoS Zones.
• HP SKM & ESKM are supported with Multiple Nodes and Dual SKM/ESKM Key Vaults. Two-way
certificate exchange is supported. Please refer to the Encryption Admin Guide for configuration
information. If using dual SKMs or ESKMs on BES/FS8-18 Encryption Group, then these SKM / ESKM
Appliances must be clustered. Failure to cluster will result in key creation failure. Otherwise, register
only one SKM / ESKM on the BES/FS8-18 Encryption Group.
• The RSA RKM Appliance A1.6, SW v2.7.1.1 is supported. The procedure for setting up the RKM
Appliance with BES or a DCX/DCX-4S/DCX 8510 with FS8-18 blades is located in the Encryption
Admin Guide.
• Support for registering a 2nd RKM Appliance on BES/FS8-18 is blocked. If the RKM Appliances are
clustered, then the virtual IP address hosted by a 3rd party IP load balancer for the RKM Cluster must
be registered on BES/FS8-18 in the primary slot for Key Vault IP.
• With Windows and Veritas Volume Manager/Veritas Dynamic Multipathing, when LUN sizes less than
400MB are presented to BES for encryption, a host panic may occur and this configuration is not
supported in the FOS v6.3.1 or later release.
• Hot Code Load from FOS v6.4.1a to FOS v7.0 or later is supported. Cryptographic operations and I/O
will be disrupted but other layer 2 FC traffic will not be disrupted.