Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)
Fabric OS Encryption Administrator’s Guide 219
53-1001864-01
DF-compatibility support for tape LUNs
B
DF-compatibility support for tape LUNs
Table 21 and Table 22 may be used as a reference for establishing tape LUN policies in support of
DataFort firmware versions.
NOTE
On tapes written in DataFort format, the encryption switch or blade cannot read and decrypt files
with a block size of one MB or greater.
TABLE 21 Compatibility matrix for Brocade and DataFort encryption modes for tape LUNs
DataFort firmware versions Brocade handling for DataFort written tapes - Read Brocade handling for DataFort-compatible encryption - Write
DF SAN version 1.x 1.x tape support in DF-compatible mode is not supported in Fabric OS v6.1.1_enc.
DF SAN version 2.x/3.x The encryption switch supports reading and
decrypting tapes of this format when a
DF-compatible license is present.
The encryption switch supports writing tapes in this version
format when DF-compatible encryption mode is set and a
DF-compatible license is present.
TABLE 22 Compatibility support matrix for tape pools
Tape pool encryption format Tape pool policy Metadata present Results
Native (Brocade) Encrypt Brocade metadata No error. Both read and writes are allowed in Brocade
format. The key from the metadata is used for read. A new
key is generated for write if the key from the metadata has
expired.
Native (Brocade) Encrypt DF metadata Reads are allowed in DF-compatible format using the key
from the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in Brocade format only.
Native (Brocade) Encrypt No (new tape) No error. A new key is generated and both read and write
are allowed in Brocade format.
Native (Brocade) Cleartext Brocade metadata Reads are allowed in Brocade format using the key from
the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in cleartext format (no key generated) only when the tape is
positioned at the beginning of the tape.
Native (Brocade) Cleartext DF metadata Reads are allowed in DF-compatible format using the key
from the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in cleartext format (no key generated) only when the tape is
positioned at the beginning of the tape.
Native (Brocade) Cleartext No (new tape) No error. No key is generated, and both read and writes are
allowed in cleartext format.
DF-compatible Encrypt Brocade metadata Reads are allowed in Brocade format using the key from
the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in DF-compatible format only when the tape is positioned
at the beginning of the tape.
DF-compatible Encrypt DF metadata No error. Both read and writes are allowed in
DF-compatible format. The key from the metadata is used
for read. A new key is used for write if the key from the
metadata has expired.