Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)
Fabric OS Encryption Administrator’s Guide 175
53-1001864-01
Redirection zones
5
Redirection zones
Redirection zones should not be deleted. If a redirection zone is accidentally deleted, I/O traffic
cannot be redirected to encryption devices, and encryption is disrupted. To recover, re-enable the
existing device configuration by invoking the cryptocfg
--commit command. If no changes have
taken place since the last commit, you should use the cryptocfg
--commit -force command. This
recreates redirection zones related to the device configuration in the zone database, and restores
frame redirection, which makes it possible to restore encryption.
To remove access between a given initiator and target, remove both the active zoning information
between the initiator and target, and the associated Crypto Target Containers (CTCs). This will
remove the associated frame redirection zone information.
Deployment with Admin Domains (AD)
Virtual devices created by the encryption device do not support the AD feature in this release. All
virtual devices are part of AD0 and AD255. Targets for which virtual targets are created and hosts
for which virtual initiators are created must also be in AD0 and AD255. If they are not, access from
the hosts and targets to the virtual targets and virtual initiators is denied, leading to denial of
encryption services.
Master key usage
In environments consisting of multiple encryption groups, consider using the same master key for
all encryption groups to simplify management.
Do not use DHCP for IP interfaces
Do not use DHCP for either the GbE management interface or the Ge0 and Ge1 interfaces. Assign
static IP addresses.
Ensure uniform licensing in HA clusters
Licenses installed on the nodes should allow for identical performance numbers between HA
cluster members.