HP 1606 HP StorageWorks Fabric OS 6.3.1c Release Notes (5697-0509 September 2 - Page 42

Always ensure that any previously committed LUN configurations or LUN modifications have taken effect before committing additional LUN configurations or additions. All LUNs should be in an Encryption Enabled state before committing additional LUN modifications. • The cryptocfg -manual_rekey -all command should not be used in environments with multiple encryption engines (encryption blades) installed in a director-class chassis when more than one encryption engine has access to the same LUN. In such situations, use the cryptocfg -manual_rekey command to manually rekey these LUNs. • If an HA Cluster is configured within an Encryption Group with containers configured for auto Failback Mode, the following procedure must be followed when upgrading from Fabric OS 6.2.x to 6.3.1x. Note that the following procedure is required only under the above-mentioned conditions. 1. Before the firmware upgrade, change the Failback Mode to manual for all containers configured as auto. Take note of which Encryption Engines currently own which containers. 2. Upgrade all nodes in the Encryption Group to Fabric OS 6.3.1x, one node at a time. 3. After all nodes have been successfully upgraded, using the notes taken in step 1, manually invoke the failback of the containers to the correct Encryption Engine using the command cryptocfg -failback -EE [slot num] [slot num]. 4. Once the manual failback completes, change the Failback Mode back to auto from manual, if it was changed in step 1. • Avoid changing the configuration of any LUN that belongs to a CTC/LUN configuration while the rekeying process for that LUN is active. If the user changes the LUN's settings during manual or auto, rekeying or First Time Encryption, the system reports a warning message stating that the encryption engine is busy and a forced commit is required for the changes to take effect. A forced commit command halts all active rekeying processes running in all CTCs and corrupts any LUN engaged in a rekeying operation. There is no recovery for this type of failure. • Configuration of crypto targets on HP StorageWorks encryption switches or encryption blades is accomplished in two stages: entering the configuration changes and issuing a commit operation. Previous to Fabric OS 6.3.1a, if the data encryption group (Encryption Group) became incomplete (one or more members became inaccessible due to network problems and the encryption group becomes "degraded") between these two stages, the commit operation was still executed. While this did not result in any issue for the configured host and targets, it could lead to configuration changes being applied to only a subset of the encryption switches in the encryption group. This was a rare situation that had only been seen in test environments. This issue has been resolved in Fabric OS 6.3.1a. • If the data encryption group (Encryption Group) gets into a state where the Group Leader encryption switch reports that another encryption switch is NOT a member node of the encryption group, and the encryption switch member node still indicates that it IS part of the encryption group, the following recovery action can be performed to re-merge the nodes into the encryption group: 1. On the Group Leader encryption switch, execute the CLI command cryptocfg -dereg -membernode 2. Wait for 30 seconds. 3. Execute the CLI command cryptocfg -reg -membernode This is a rare situation that has been noted in a test environment where there were intermittent management network connectivity problems. A fix for this issue is expected in the Fabric OS 6.4.0 release, targeted for June 2010. • To remove access between a given initiator and target, the user must not only remove the active zoning information between the initiator and target, but must also remove the associated CTCs, 42