HP 8/80 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 193
Redirection zones, Deployment with Admin Domains (AD), Master key usage, Do not use DHCP for IP
View all HP 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 193 highlights
Redirection zones 5 Redirection zones Redirection zones should not be deleted. If a redirection zone is accidentally deleted, I/O traffic cannot be redirected to encryption devices, and encryption is disrupted. To recover, re-enable the existing device configuration by invoking the cryptocfg --commit command. If no changes have taken place since the last commit, you should use the cryptocfg --commit -force command. This recreates redirection zones related to the device configuration in the zone database, and restores frame redirection, which makes it possible to restore encryption. To remove access between a given initiator and target, remove both the active zoning information between the initiator and target, and the associated Crypto Target Containers (CTCs). This will remove the associated frame redirection zone information. Deployment with Admin Domains (AD) Virtual devices created by the encryption device do not support the AD feature in this release. All virtual devices are part of AD0 and AD255. Targets for which virtual targets are created and hosts for which virtual initiators are created must also be in AD0 and AD255. If they are not, access from the hosts and targets to the virtual targets and virtual initiators is denied, leading to denial of encryption services. Master key usage In environments consisting of multiple encryption groups, consider using the same master key for all encryption groups to simplify management. Do not use DHCP for IP interfaces Do not use DHCP for either the GbE management interface or the Ge0 and Ge1 interfaces. Assign static IP addresses. Ensure uniform licensing in HA clusters Licenses installed on the nodes should allow for identical performance numbers between HA cluster members. Fabric OS Encryption Administrator's Guide 175 53-1001864-01