Manualshelf

HP Fabric OS 6.2.2f Release Notes (5697-1756, February 2012)

ManualsBrandsHP ManualsStorageHP StorageWorks EVA4400 Dual Controller Array
31323334353637383940
The Encryption SAN Switch and Encryption FC blade do not support QoS. When using
encryption or Frame Redirection, participating flows should not be included in QoS Zones.
With Windows and Veritas Volume Manager/Veritas Dynamic Multipathing, when LUN sizes
less than 400 MB are presented to the Encryption SAN Switch for encryption, a host panic
can occur. Fabric OS 6.2.2f does not support this configuration.
To clean up the stale rekey information for the LUN, use one of the following methods:
Method 1
1. Modify the LUN policy from encrypt to cleartext and commit. The LUN will become
disabled.
2. Enable the LUN using cryptocfg --enable LUN. Modify the LUN policy from
clear-text to encrypt with enable_encexistingdata to enable the first time
encryption and do commit. This clears the stale rekey metadata on the LUN and the
LUN can be used again for encryption.
Method 2
1. Remove the LUN from Crypto Target Container and commit.
2. Add the LUN back to the Crypto Target Container with LUN
State=clear-text, policy=encrypt and enable_encexistingdata
set for enabling the First Time Encryption and commit. This clears the stale rekey
metadata on the LUN and the LUN can be used again for encryption.
Relative to the HP Encryption switch and HP Encryption blade, all nodes in the Encryption
Group must be at the same firmware level before starting a rekey or First Time Encryption
operation. Make sure that existing rekey or First Time Encryption operations complete before
upgrading any of the encryption products in the Encryption Group. Also, make sure that the
firmware upgrade of all nodes in the Encryption Group completes before starting a rekey or
First Time Encryption operation.
SKM FIPS mode enablement
FIPS compliance mode is disabled in SKM by default. To enable it, follow the procedure
described in the SKM User Guide, “Configuring the Key Manager for FIPS Compliance”
section.
NOTE: Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key
Manager. Therefore, if you must enable FIPS, HP strongly recommends that you do so during the
initial SKM configuration, before any key sharing between the switch and the SKM occurs.
Initial setup of encrypted LUNs
IMPORTANT: While performing first-time encryption to a LUN with more than one initiator active
at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to
avoid this occurrence.
Initial setup of encrypted LUNs 35