HP 4400 HP B-series Fabric OS 6.3.2d Release Notes (5697-1105, July 2011) - Page 34
Encryption behavior
View all HP 4400 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 34 highlights
[slot_number/]port_number [16-bit_address] command prior to allowing devices to log in to the switch. Once assigned, the PIDs are maintained across reboots and future Fabric OS upgrades. This issue does not impact switches that do not have Fabric OS 6.3.1a factory installed. Field upgrade to a later version of Fabric OS will not resolve this situation. For environments in which this will be an issue, the specified workaround will need to be implemented until a future version of Fabric OS is factory installed. • Beginning with Fabric OS 6.2.0, the data collected by SupportSave operations was greatly expanded to include all readable registers within the ASIC. In cases where some registers may be unused and therefore contain invalid data, a CDR-1003 error message would be issued. Fabric OS 6.3.1b and later now reclassifies these messages as warnings, rather than critical errors. • A new command has been introduced in Fabric OS 6.3.2a that allows configuration of the fault delay on individual ports. The command portCfgFaultDelay allows a port to be configured to a 1.2 second fault delay versus the default setting of R_A_TOV. • NAME: portCfgFaultDelay - Configures the fault delay for a single FC port. • SYNOPSIS: portcfgfaultdelay [slot/]port, mode • DESCRIPTION: Use this command to configure the fault delay of an FC port. In the event that the link is noisy after a host power cycle, the switch may go into a soft fault state, which means a delay of R_A_TOV. Setting the mode value to 1 reduces the fault delay value to 1.2 seconds. The configuration is stored in nonvolatile memory and is persistent across switch reboots and power cycles. Use the portCfgShow command to display user-configured fault delay settings. Encryption behavior • HP recommends that the encrypted LUN containers be created when all of the nodes/encryption engines (EEs) in the Data Encryption Key (DEK)/High Availability Cluster (HAC) are up and enabled. • If two Encryption Engines are part of a High Availability Cluster, configure the host/target pair such that they form a multipath from both EEs. Avoid connecting both the host/target pairs to the same EE. This connectivity does not give full redundancy in case of EE failure resulting in HAC failover. • Since the quorum disk plays a vital role in keeping the cluster in sync, configure the quorum disk to be outside of the encryption environment. • LUN configuration • To configure a LUN for encryption: • Add the LUN as clear-text to the Crypto Target Container (CTC). • When the LUN comes online and the clear-text host I/O starts, modify the LUN from cleartext to encrypted, including the enable_encexistingdata option to convert the LUN from clear-text to encrypted. • An exception to this LUN configuration process: If the LUN was previously encrypted by the HP Encryption Switch or HP Encryption Blade, the LUN can be added to the CTC with the -encrypt and -lunstate ="encrypted" options. • LUN configurations must be committed to take effect. No more than 25 LUNs can be added or modified in a single commit operation. Attempts to commit configurations that exceed 25 LUNs will fail with a warning. There is also a five-second delay before the commit operation takes effect. Always ensure that any previously committed LUN configurations or LUN modifications have taken effect before committing additional LUN configurations or additions. All LUNs should be in an Encryption Enabled state before committing additional LUN modifications. • The cryptocfg -manual_rekey -all command should not be used in environments with multiple encryption engines (encryption blades) installed in a director-class chassis when more 34