Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch
12345678910
x Fabric OS Encryption Administrator’s Guide
53-1002159-03
Chapter 4 Deployment Scenarios
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Single encryption switch, two paths from host to target . . . . . . . . 176
Single fabric deployment - HA cluster . . . . . . . . . . . . . . . . . . . . . . .177
Single fabric deployment - DEK cluster . . . . . . . . . . . . . . . . . . . . . .178
Dual fabric deployment - HA and DEK cluster. . . . . . . . . . . . . . . . .179
Multiple paths, one DEK cluster, and two HA clusters . . . . . . . . . .180
Multiple paths, DEK cluster, no HA cluster . . . . . . . . . . . . . . . . . . .182
Deployment in Fibre Channel routed fabrics. . . . . . . . . . . . . . . . . .183
Deployment as part of an edge fabric . . . . . . . . . . . . . . . . . . . . . . .185
Deployment with FCIP extension switches . . . . . . . . . . . . . . . . . . .186
VMware ESX server deployments. . . . . . . . . . . . . . . . . . . . . . . . . . .187
Chapter 5 Best Practices and Special Topics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Firmware download considerations. . . . . . . . . . . . . . . . . . . . . . . . .190
Firmware upgrades and downgrades . . . . . . . . . . . . . . . . . . . .190
Data-at-rest encryption support for IBM SVC LUNs
configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Specific guidelines for HA clusters . . . . . . . . . . . . . . . . . . . . . .191
Configuration upload and download considerations . . . . . . . . . . .192
Configuration upload at an encryption group leader node . . .192
Configuration upload at an encryption group member
node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Information not included in an upload . . . . . . . . . . . . . . . . . . .193
Steps before configuration download. . . . . . . . . . . . . . . . . . . .193
Configuration download at the encryption group leader. . . . .194
Configuration download at an encryption group member . . .194
Steps after configuration download . . . . . . . . . . . . . . . . . . . . .194
HP-UX considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
AIX Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Enable of a disabled LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Disk metadata. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Tape metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Tape data compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Tape pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Tape block zero handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Tape key expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Configuring CryptoTarget containers and LUNs . . . . . . . . . . . . . . .197
Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Deployment with Admin Domains (AD) . . . . . . . . . . . . . . . . . . . . . .199