HP 8/8 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 78
Re-balancing the encryption engine
View all HP 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 78 highlights
2 Re-balancing the encryption engine 8. Select the desired encryption mode. • If you change a LUN policy from Native Encryption or DF-Compatible Encryption to Clear Text, you disable encryption. • The LUNs of the target which are not enabled for encryption must still be added to the CryptoTarget container with the Clear Text encryption mode option. NOTE The Re-keying interval can only be changed for disk LUNs. For tape LUNs, expiration of the re-keying interval simply triggers the generation of a new key, to be used on future tape volumes. Tapes that are already made are not re-keyed. To re-key a tape, you would need to read the tape contents using a host application that decrypts the tape contents using the old key, and then re-write the tape, which re-encrypts the data with the new key. 9. Click OK. The selected tape LUNs are added to the encryption target container. Re-balancing the encryption engine If you are currently using encryption and running Fabric OS version 6.3.x or earlier, you are hosting tape and disk target containers on different encryption switches or blades. Beginning with Fabric OS version 6.4, disk and tape target containers can be hosted on the same switch or blade. Hosting both disk and tape target containers on the same switch or blade may result in a drop in throughput, but it can reduce cost by reducing the number of switches or blades needed to support encrypted I/O in environments that use both disk and tape. The throughput drop can be mitigated by re-balancing the tape and disk target containers across the encryption engine. This ensures that the tape and disk target containers are distributed within the encryption engine for maximum throughput. All nodes within an encryption group must be upgraded to Fabric OS version 6.4 or a later release to support hosting disk and tape target containers on the same encryption engine. If any node within an encryption group is running an earlier release, disk and tape containers must continue to be hosted on separate encryption engines. During re-balancing operations, be aware of the following: • You may notice a slight disruption in Disk I/O. In some cases, manual intervention may be needed. • Backup jobs to tapes may need to be restarted after re-balancing completes. To determine if re-balancing is recommended for an encryption engine, check the encryption engine properties. Beginning with Fabric OS version 6.4, a field is added that indicates whether or not re-balancing is recommended You may be prompted to rebalance during the following operations: • When adding a new disk or tape target container. • When removing an existing disk or tape target container. • After failover to a backup encryption engine in an HA cluster. • After an failed encryption engine in an HA cluster is recovered, and failback processing has taken place. To rebalance an encryption engine, do the following. 60 Fabric OS Encryption Administrator's Guide 53-1001864-01