HP 4400 HP StorageWorks Fabric OS 6.2.2e Release Notes (5697-0809, February 20 - Page 33

Initial setup of encrypted LUNs, Fabric OS 6.2.1 fixes, described in the SKM User Guide

Get HP 4400 PDF manuals and user guides View all HP 4400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

• Relative to the HP Encryption switch and HP Encryption blade, all nodes in the Encryption Group must be at the same firmware level before starting a rekey or First Time Encryption operation. Make sure that existing rekey or First Time Encryption operations complete before upgrading any of the encryption products in the Encryption Group. Also, make sure that the firmware upgrade of all nodes in the Encryption Group completes before starting a rekey or First Time Encryption operation. • SKM FIPS mode enablement FIPS compliance mode is disabled in SKM by default. To enable it, follow the procedure described in the SKM User Guide, "Configuring the Key Manager for FIPS Compliance" section. NOTE: Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key Manager. Therefore, if you must enable FIPS, HP strongly recommends that you do so during the initial SKM configuration, before any key sharing between the switch and the SKM occurs. Initial setup of encrypted LUNs IMPORTANT: While performing first-time encryption to a LUN with more than one initiator active at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to avoid this occurrence. NOTE: When configuring multipath LUNs, care should be taken to add LUN 0 on all of the paths, subject to the following considerations: • If LUN 0 presented by the back-end target is a controller LUN (not a disk LUN; that is, not visible in the discoverLUN output), add LUN 0 to the container as a clear text LUN. Make sure all of the paths have this LUN 0 added for MPIO operation (EVA configuration, for example). • If LUN 0 presented by the back-end target is a disk LUN, LUN 0 can be added to the container either as clear text or encrypted (MSA configuration, for example). • For HP-UX, LUN 0 can appear as 0x0 or 0x400, but both of them are LUN 0 only and should be treated alike. Fabric OS 6.2.1 fixes Table 8 (page 34) lists defects closed in the Fabric OS 6.2.1 firmware release. In addition to including all fixes from previous 6.2.0x releases, 6.2.1 contains all fixes included in the 5.3.2b, 6.0.1a, 6.1.1d, and 6.1.2a releases. Initial setup of encrypted LUNs 33

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
Relative to the HP Encryption switch and HP Encryption blade, all nodes in the Encryption
Group must be at the same firmware level before starting a rekey or First Time Encryption
operation. Make sure that existing rekey or First Time Encryption operations complete before
upgrading any of the encryption products in the Encryption Group. Also, make sure that the
firmware upgrade of all nodes in the Encryption Group completes before starting a rekey or
First Time Encryption operation.
SKM FIPS mode enablement
FIPS compliance mode is disabled in SKM by default. To enable it, follow the procedure
described in the SKM User Guide, “Configuring the Key Manager for FIPS Compliance”
section.
NOTE:
Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key
Manager. Therefore, if you must enable FIPS, HP strongly recommends that you do so during the
initial SKM configuration, before any key sharing between the switch and the SKM occurs.
Initial setup of encrypted LUNs
IMPORTANT:
While performing first-time encryption to a LUN with more than one initiator active
at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to
avoid this occurrence.
NOTE:
When configuring multipath LUNs, care should be taken to add LUN 0 on all of the paths,
subject to the following considerations:
If LUN 0 presented by the back-end target is a controller LUN (not a disk LUN; that is, not
visible in the
discoverLUN
output), add LUN 0 to the container as a clear text LUN. Make
sure all of the paths have this LUN 0 added for MPIO operation (EVA configuration, for
example).
If LUN 0 presented by the back-end target is a disk LUN, LUN 0 can be added to the container
either as clear text or encrypted (MSA configuration, for example).
For HP-UX, LUN 0 can appear as 0x0 or 0x400, but both of them are LUN 0 only and should
be treated alike.
Fabric OS 6.2.1 fixes
Table 8 (page 34)
lists defects closed in the Fabric OS 6.2.1 firmware release. In addition to
including all fixes from previous 6.2.0
x
releases, 6.2.1 contains all fixes included in the 5.3.2b,
6.0.1a, 6.1.1d, and 6.1.2a releases.
Initial setup of encrypted LUNs
33