Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
12345678910
x Fabric OS Encryption Administrator’s Guide
53-1001864-01
Configuration upload and download considerations . . . . . . . . . . .168
Configuration Upload at an encryption group leader node. . .168
Configuration upload at an encryption group member node .168
Information not included in an upload . . . . . . . . . . . . . . . . . . .168
Steps before configuration download. . . . . . . . . . . . . . . . . . . .169
Configuration download at the encryption group leader. . . . .169
Configuration download at an encryption group member . . .169
Steps after configuration download . . . . . . . . . . . . . . . . . . . . .170
HP-UX considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Enable of a disabled LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Disk metadata. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Tape metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Tape data compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Tape pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Tape block zero handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Tape key expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
DF compatibility for tapes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
DF compatibility for disk LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Configuring CryptoTarget containers and LUNs . . . . . . . . . . . . . . . 174
Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Deployment with Admin Domains (AD) . . . . . . . . . . . . . . . . . . . . . .175
Master key usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Do not use DHCP for IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .175
Ensure uniform licensing in HA clusters . . . . . . . . . . . . . . . . . . . . .175
Tape library media changer considerations . . . . . . . . . . . . . . . . . . 176
Turn off host-based encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Avoid double encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
PID failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Turn off compression on extension switches . . . . . . . . . . . . . . . . . 176
Re-keying best practices and policies . . . . . . . . . . . . . . . . . . . . . . .177
Manual re-key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Latency in re-key operations . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Allow re-key to complete before deleting a container . . . . . . .177
Re-key operations and firmware upgrades . . . . . . . . . . . . . . .177
Do not change LUN configuration while re-keying. . . . . . . . . .178
Brocade native mode in LKM installations . . . . . . . . . . . . . . .178
Recommendation for Host I/O traffic during
online rekeying and first time encryption. . . . . . . . . . . . . . . . .178
Changing IP addresses in encryption groups . . . . . . . . . . . . . . . . .178
Disabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Recommendations for Initiator Fan-Ins . . . . . . . . . . . . . . . . . . . . . .179