HP StorageWorks 1606 HP StorageWorks Fabric OS 6.3.0 release notes (5697-0358, - Page 43

Initial setup of encrypted LUNs, SKM FIPS Mode Enablement for FIPS Compliance

Get HP StorageWorks 1606 - Extension SAN Switch PDF manuals and user guides View all HP StorageWorks 1606 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 43 highlights

HA Cluster Membership: hac39_115 EE Attributes: Link IP Addr : 10.32.50.36 Link GW IP Addr: 10.32.48.1 Link Net Mask : 255.255.240.0 Link MAC Addr : 00:05:1e:53:8a:86 Link MTU : 1500 Link State : UP Media Type : DISK System Card Label : System Card CID : Remote EE Reachability : Node WWN/Slot IO Link State 10:00:00:05:1e:53:77:80/0 10:00:00:05:1e:53:b7:ae/0 EE IP Addr EE State 10.32.53.107 10.32.53.105 EE_STATE_ONLINE EE_STATE_ONLINE Non-Reachable Non-Reachable • SKM FIPS Mode Enablement for FIPS Compliance: FIPS compliance mode is disabled in SKM by default. To enable the FIPS compliance mode, customers can refer to the Configuring the Key Manager section in the SKM user guide. NOTE: According to the FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key Manager. If FIPS enablement is required, it is strongly recommended to perform this step during the initial SKM configuration, ahead of any key sharing between the switch and the SKM. Initial setup of encrypted LUNs IMPORTANT: While performing first-time encryption to a LUN with more than one initiator active at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to avoid this occurrence. NOTE: When configuring multipath LUNs, care should be taken to add LUN 0 on all of the paths, subject to the following considerations: • If LUN 0 presented by the back-end target is a controller LUN (not a disk LUN; that is, not visible in the discoverLUN output), add LUN 0 to the container as a clear text LUN. Make sure all of the paths have this LUN 0 added for MPIO operation (EVA configuration, for example). • If LUN 0 presented by the back-end target is a disk LUN, LUN 0 can be added to the container either as clear text or encrypted (MSA configuration, for example). • For HP-UX, LUN 0 can appear as 0x0 or 0x400, but both of them are LUN 0 only and should be treated alike. HP StorageWorks Fabric OS 6.3.0 release notes 43

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
HA Cluster Membership:
hac39_115
EE Attributes:
Link IP Addr
: 10.32.50.36
Link GW IP Addr: 10.32.48.1
Link Net Mask
: 255.255.240.0
Link MAC Addr
: 00:05:1e:53:8a:86
Link MTU
: 1500
Link State
: UP
Media Type
: DISK
System Card Label
:
System Card CID
:
Remote EE Reachability :
Node WWN/Slot
EE IP Addr
EE State
IO Link State
10:00:00:05:1e:53:77:80/0
10.32.53.107
EE_STATE_ONLINE
Non-Reachable
10:00:00:05:1e:53:b7:ae/0
10.32.53.105
EE_STATE_ONLINE
Non-Reachable
SKM FIPS Mode Enablement for FIPS Compliance:
FIPS compliance mode is disabled in SKM by
default. To enable the FIPS compliance mode, customers can refer to the
Configuring the Key
Manager
section in the
SKM user guide
.
NOTE:
According to the FIPS requirements, you cannot enable or disable FIPS when there are keys on
the Key Manager. If FIPS enablement is required, it is strongly recommended to perform this step
during the initial SKM configuration, ahead of any key sharing between the switch and the SKM.
Initial setup of encrypted LUNs
IMPORTANT:
While performing first-time encryption to a LUN with more than one initiator active at the time, rekey
operations slow to a standstill. Define LUNs for a single initiator at a time to avoid this occurrence.
NOTE:
When configuring multipath LUNs, care should be taken to add LUN 0 on all of the paths, subject to
the following considerations:
If LUN 0 presented by the back-end target is a controller LUN (not a disk LUN; that is, not visible
in the
discoverLUN
output), add LUN 0 to the container as a clear text LUN. Make sure all of
the paths have this LUN 0 added for MPIO operation (EVA configuration, for example).
If LUN 0 presented by the back-end target is a disk LUN, LUN 0 can be added to the container
either as clear text or encrypted (MSA configuration, for example).
For HP-UX, LUN 0 can appear as 0x0 or 0x400, but both of them are LUN 0 only and should be
treated alike.
HP StorageWorks Fabric OS 6.3.0 release notes
43