HP 4400 HP B-series Fabric OS 7.0.0a Release Notes (5697-0881, June 2011) - Page 43

•

The Encryption SAN Switch and Encryption FC blade do not support QoS. When using encryption

or Frame Redirection, participating flows should not be included in QoS Zones.

•

HP encryption devices can be configured for either disk or tape operation. However, encryption

FC blades can be configured to support different media types within a common DC SAN Director/

DC04 SAN Director chassis. The ability to configure multiple Crypto-Target Containers defining

different media types on a single encryption engine (Encryption SAN Switch or Encryption FC

blade) is supported beginning with Fabric OS 6.4.0.

•

When the tape key expires in the middle of write operation on the tape, the key is used to append

the data on the tape media. When the backup application rewinds the media and starts writing

to Block-0 again (and if the key is expired), a new key is created and used henceforth. The expired

key is then marked as read only and used only for restoring data from previously encrypted tapes.

•

Note that the disk device decommission functionality is not currently supported with SKM/ESKM.

•

SKM/ESKM FIPS Mode Enablement

FIPS compliance mode is disabled in SKM/ESKM by default. To enable it, follow the procedure

described in the SKM/ESKM user guide,

“

Configuring the Key Manager for FIPS Compliance

”

section.

NOTE:

Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key Manager.

Therefore, if FIPS enablement is required, HP strongly recommends that it be performed during

the initial SKM/ESKM configuration, before any key sharing between the switch and the

SKM/ESKM occurs.

•

SKM/ESKM dual node cluster - Auto failover considerations:

In a dual node SKM/ESKM cluster configuration with the encryption switch, ensure that the two

SKM/ESKM nodes are always available and online for proper key archival. If one of the

SKM/ESKM nodes fails, you cannot use the configuration to create new keys. In other words,

adding new targets or LUNs to the encryption path will not work until both the SKM/ESKM nodes

are available. However, there will not be any issue for retrieving keys or using the existing setup

as long as one SKM/ESKM node is available.

The encryption switch makes sure that any new KEY is hardened (archived) to both SKM/ESKM

Key Vaults in the SKM/ESKM Cluster before the key gets used for encryption. In the event that

one of the SKM/ESKM vaults is down, the key creation will fail because of the hardening check

failure. As a result, the new key creation operation will not function. For Key retrieval, this is not

the requirement and any one Key Vault being online will get the Key as long as that Key Vault

has the Key.

•

Auto rekeying of encrypted disk LUNs may be delayed when an encryption engine reboots or

when HAC failover/failback occurs. Should either of these events delay auto rekeying, use the

cryptocfg –manual_rekey

command to manually start the rekeying of the affected LUNs.

HP B-series Fabric OS 7.0.0a Release Notes

43

Section	Page
HP B-series Fabric OS 7.0.0a Release Notes	1
Version	3
Description	3
Update recommendation	5
Supersedes	6
New features	6
In-flight Encryption and Compression on 16 Gbps capable ISLs	6
Buffer Credit Loss Detection and Automatic Recovery on 16 Gbps capable ISLs	6
10 Gbps FC Capability on 16 Gbps FC Platforms	6
Advanced Diagnostics Support on 16 Gbps FC Platforms	7
Dynamic Fabric Provisioning - Fabric Assigned WWN	7
FCIP Enhancements	7
Configurable QoS on FCIP tunnel	8
Auto-mode option for compression	8
XISL Support ON HP DC SAN Director Multiprotocol Extension Blade – Ability to use VE ports as XISLs	8
InBand Management on HP DC SAN Director Multiprotocol Extension Blade and HP 1606 SAN Extension Switch	8
Relaxing subnet restrictions	9
GigE/xGigE port sharing across Logical Switches	9
Increase in number of circuits on 1 GE ports	9
Encryption Platform Enhancements (HP StorageWorks Encryption SAN Switch / HP StorageWorks DC Switch Encryption FC Blade)	9
Access Gateway Enhancements	9
Detection of Unreliable N_Port Links	9
RADIUS/LDAP support	9
APM (Advanced Performance Monitoring) End to End and Frame Monitoring capability	10
F_Port Static Mapping	10
Fabric Watch Enhancements	10
Switch Status Policy enhancements	10
Support for multiple email recipients for Fabric Watch Events	10
Advanced SFP monitoring based on SFP type	10
SFP monitored as a FRU (Field Replaceable Unit)	11
Additional Fabric Watch Enhancements	11
Advanced Performance Monitoring (APM) Enhancements	11
Coexistence of TopTalkers and FCR on 16 Gbps platforms	11
E_Port TopTalkers support and E_Port End to End monitors support on 16 Gbps platforms	12
Security Enhancements	12
User defined roles/RBAC	12
Switch banner support	12
Removing support for Brocade certificates for FCAP authentication	12
SSH authentication using public keys	12
SFTP support for firmwaredownload, configupload and configdownload	12
IPv6 support for LDAP authentication	12
Fabric Services Enhancements and Updates	12
Allow a switch with default zone “no access” to merge with a fabric	12
Duplicate WWN detection and resolution	13
RASlog upon detecting Invalid TI zones	13
Ability to assign names to logical fabrics	13
No direct E_Port support with legacy M-series (McDATA) switch	13
Additional RAS and Diagnostics Enhancements	13
Spinfab enhancements	13
Frame Viewer	13
Port Decommission	13
Firmware History Log	14
Ability to assign longer port names	14
Fabric OS version in Auditlog message header	14
FCoE Enhancements	14
Optionally licensed software	14
Temporary license support	16
Standards compliance	17
New hardware support	17
Supported product models	17
Unsupported product models	18
Devices supported	18
Operating systems	18
Access Gateway support	18
Access Gateway support in non-Brocade fabrics	20
Zoning and fabric operations	21
Prerequisites	21
DC SAN Backbone and DC04 SAN Director blade support	24
Power supply requirements for Director blades	25
Fibre Channel Routing scalability	27
Important notes and recommendations	27
HP Network Advisor compatibility	27
DCFM Compatibility	28
Fabric OS compatibility	28
Web Tools compatibility	28
SMI compatibility	28
Other recommendations	28
Adaptive Networking/flow-based QoS prioritization	28
Access Gateway device-based mapping in ESX environments	29
Brocade HBA/Adapter Compatibility	29
D_Port	29
Encryption Behavior for the HP StorageWorks Encryption SAN Switch and HP StorageWorks DC Switch Encryption FC Blade	29
FCIP (HP DC SAN Director Multiprotocol Extension Blade, HP 1606 SAN Extension Switch and HP StorageWorks B-series Multi-protocol Router Blade)	32
FCoE/CEE (HP 2408 24-10 GbE w/8-8 Gbps FC Base FCoE Switch and HP DC SAN Director 10/24 FCoE Blade)	33
FCR and Integrated Routing	36
FICON	36
FL_Port (Loop) Support	36
ICLs on HP StorageWorks DC SAN Backbone Director Switch /HP StorageWorks DC04 SAN Director Switch	36
Native Connectivity (M-EOS interoperability)	37
Port Mirroring	37
Virtual Fabrics	37
Zoning	37
Miscellaneous	38
Fabric OS feature compatibility in native connectivity modes	39
Recommended Migration Paths to Fabric OS 7.0.0a	39
Migrating from Fabric OS 6.4.x	39
Migrating from Fabric OS 6.3.x	39
Fabric OS Upgrade and Downgrade Special Considerations	39
Firmware upgrade instructions	40
Scalability	40
Encryption — additional recommendations	40
Initial setup of encrypted LUNs	44
Fabric OS 7.0.0 fixes	44
Fabric OS 7.0.0a fixes	52

HP 4400 HP B-series Fabric OS 7.0.0a Release Notes (5697-0881, June 2011) - Page 43

The Encryption SAN Switch and Encryption FC blade do not support QoS. When using encryption

Page 43 highlights