HP StorageWorks 1606 HP StorageWorks Fabric OS 6.3.0 release notes (5697-0358, - Page 39

Encryption behavior

Get HP StorageWorks 1606 - Extension SAN Switch PDF manuals and user guides View all HP StorageWorks 1606 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 39 highlights

GigE ports interface GigE ports route Non-local switch ports display in zoning tree Port Admin Module > GigE tab Configure > FCIP tunnel Port Admin Module > GigE tab Configure > FCIP tunnel Zone Admin Admin Domain Switch Admin > DCC policies Performance Monitoring Configure > Zoning In Web Tools, non-local switch port id/WWN can be added using text box. Remove Offline or inaccessible Devices Zone Admin Configure > Zoning Replace/Replace All zone members by selecting the offline devices from the zone tree. Offline devices have an unknown overlay badge with good visibility. Zone database summary ping Zone Admin Configure > Zoning Zoning report for both online and offline database Encryption behavior • HP recommends that the encrypted LUN containers be created when all of the nodes/encryption engines (EEs) in the Data Encryption Key (DEK)/High Availability Cluster (HAC) are up and enabled. • If two Encryption Engines are part of a High Availability Cluster, configure the host/target pair such that they form a multipath from both EEs. Avoid connecting both the host/target pairs to the same EE. This connectivity does not give full redundancy in case of EE failure resulting in HAC failover. • Since the quorum disk plays a vital role in keeping the cluster in sync, configure the quorum disk to be outside of the encryption environment. • LUN configuration • To configure a LUN for encryption: • Add the LUN as clear-text to the Crypto Target Container (CTC). • When the LUN comes online and the clear-text host I/O starts, modify the LUN from cleartext to encrypted, including the enable_encexistingdata option. • An exception to this LUN configuration process: If the LUN was previously encrypted by the HP Encryption Switch or HP Encryption Blade, the LUN can be added to the CTC with the -encrypt and -lunstate ="encrypted" options. • LUN configurations must be committed to take effect. No more than 25 LUNs can be added or modified in a single commit operation. Attempts to commit configurations that exceed 25 LUNs will fail with a warning. There is also a five-second delay before the commit operation takes effect. Always ensure that any previously committed LUN configurations or LUN modifications have taken effect before committing additional LUN configurations or additions. All LUNs should be in an Encryption Enabled state before committing additional LUN modifications. HP StorageWorks Fabric OS 6.3.0 release notes 39

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
Configure > FCIP tunnel
Port Admin Module >
GigE tab
GigE ports interface
Configure > FCIP tunnel
Port Admin Module >
GigE tab
GigE ports route
In Web Tools,
non-local switch
port id/WWN
can be added us-
ing text box.
Configure > Zoning
Zone Admin
Admin Domain
Switch Admin > DCC
policies
Performance Monitoring
Non-local switch ports
display in zoning tree
Configure > Zoning
Replace/Replace All zone
members by selecting the offline
devices from the zone tree.
Offline devices have an unknown
overlay badge with good
visibility.
Zone Admin
Remove Offline or inac-
cessible Devices
Configure > Zoning
Zoning report for both online and
offline database
Zone Admin
Zone database summary
ping
Encryption behavior
HP recommends that the encrypted LUN containers be created when all of the nodes/encryption
engines (EEs) in the Data Encryption Key (DEK)/High Availability Cluster (HAC) are up and enabled.
If two Encryption Engines are part of a High Availability Cluster, configure the host/target pair
such that they form a multipath from both EEs. Avoid connecting both the host/target pairs to
the same EE. This connectivity does not give full redundancy in case of EE failure resulting in
HAC failover.
Since the quorum disk plays a vital role in keeping the cluster in sync, configure the quorum
disk to be outside of the encryption environment.
LUN configuration
To configure a LUN for encryption:
Add the LUN as clear-text to the Crypto Target Container (CTC).
When the LUN comes online and the clear-text host I/O starts, modify the LUN from clear-
text to encrypted, including the
enable_encexistingdata
option.
An exception to this LUN configuration process: If the LUN was previously encrypted by the
HP Encryption Switch or HP Encryption Blade, the LUN can be added to the CTC with the
–encrypt
and
–lunstate =“encrypted”
options.
LUN configurations must be committed to take effect. No more than 25 LUNs can be added
or modified in a single commit operation. Attempts to commit configurations that exceed 25
LUNs will fail with a warning. There is also a five-second delay before the commit operation
takes effect.
Always ensure that any previously committed LUN configurations or LUN modifications have
taken effect before committing additional LUN configurations or additions. All LUNs should be
in an Encryption Enabled state before committing additional LUN modifications.
HP StorageWorks Fabric OS 6.3.0 release notes
39