Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch
11121314151617181920
Fabric OS Encryption Administrator’s Guide xi
53-1002159-03
Do not use DHCP for IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .199
Ensure uniform licensing in HA clusters . . . . . . . . . . . . . . . . . . . . .199
Tape library media changer considerations . . . . . . . . . . . . . . . . . .199
Turn off host-based encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
Avoid double encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
PID failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Turn off compression on extension switches . . . . . . . . . . . . . . . . .200
Re-keying best practices and policies . . . . . . . . . . . . . . . . . . . . . . .200
Manual re-key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Latency in re-key operations . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Allow re-key to complete before deleting a container . . . . . . .201
Re-key operations and firmware upgrades . . . . . . . . . . . . . . .201
Do not change LUN configuration while re-keying. . . . . . . . . .201
Recommendation for Host I/O traffic during online
rekeying and first time encryption . . . . . . . . . . . . . . . . . . . . . .201
KAC certificate registration expiry . . . . . . . . . . . . . . . . . . . . . . . . . .201
Changing IP addresses in encryption groups . . . . . . . . . . . . . . . . .202
Disabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Recommendations for Initiator Fan-Ins . . . . . . . . . . . . . . . . . . . . . .202
Best practices for host clusters in an encryption environment . . .204
HA Cluster deployment considerations and best practices . . . . . .204
Key Vault Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Tape Device LUN Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Chapter 6 Maintenance and Troubleshooting
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
Encryption group and HA cluster maintenance. . . . . . . . . . . . . . . .205
Displaying encryption group configuration or status
information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
Removing a member node from an encryption group. . . . . . .206
Deleting an encryption group . . . . . . . . . . . . . . . . . . . . . . . . . .208
Removing an HA cluster member . . . . . . . . . . . . . . . . . . . . . . .208
Displaying the HA cluster configuration . . . . . . . . . . . . . . . . . .208
Replacing an HA cluster member . . . . . . . . . . . . . . . . . . . . . . .209
Deleting an HA cluster member . . . . . . . . . . . . . . . . . . . . . . . .211
Performing a manual failback of an encryption engine . . . . .212