HP StorageWorks 1606 HP StorageWorks Fabric OS 6.3.0c Release Notes (5697-0361 - Page 39

or fabric. Failure to do so results in the commit operation for the CTC or LUNs failing and may

Get HP StorageWorks 1606 - Extension SAN Switch PDF manuals and user guides View all HP StorageWorks 1606 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 39 highlights

Always ensure that any previously committed LUN configurations or LUN modifications have taken effect before committing additional LUN configurations or additions. All LUNs should be in an Encryption Enabled state before committing additional LUN modifications. • The cryptocfg -manual_rekey -all command should not be used in environments with multiple encryption engines (encryption blades) installed in a director-class chassis when more than one encryption engine has access to the same LUN. In such situations, use the cryptocfg -manual_rekey command to manually rekey these LUNs. • If an HA Cluster is configured within an Encryption Group with containers configured for auto Failback Mode, the following procedure must be followed when upgrading from Fabric OS 6.2.x to 6.3.0c. Note that the following procedure is required only under the above-mentioned conditions. 1. Before the firmware upgrade, change the Failback Mode to manual for all containers configured as auto. Take note of which Encryption Engines currently own which containers. 2. Upgrade all nodes in the Encryption Group to Fabric OS 6.3.0c, one node at a time. 3. After all nodes have been successfully upgraded, using the notes taken in step 1, manually invoke the failback of the containers to the correct Encryption Engine using the command cryptocfg -failback -EE [slot num] [slot num]. 4. Once the manual failback completes, change the Failback Mode back to auto from manual, if it was changed in step 1. • Avoid changing the configuration of any LUN that belongs to a CTC/LUN configuration while the rekeying process for that LUN is active. If the user changes the LUN's settings during manual or auto, rekeying or First Time Encryption, the system reports a warning message stating that the encryption engine is busy and a forced commit is required for the changes to take effect. A forced commit command halts all active rekeying processes running in all CTCs and corrupts any LUN engaged in a rekeying operation. There is no recovery for this type of failure. • To remove access between a given initiator and target, the user must not only remove the active zoning information between the initiator and target, but must also remove the associated CTCs, which will in turn remove the associated frame redirection zone information. Make sure to back up all data before taking this action. • Before committing configurations or modifications to the CTC or LUNs on an HP Encryption Switch or HP Encryption Blade, make sure that there are no outstanding zoning transactions in the switch or fabric. Failure to do so results in the commit operation for the CTC or LUNs failing and may cause the LUNs to be disabled. The user can check for outstanding zoning transactions by issuing the CLI command cfgtransshow: DCX_two:root> cfgtransshow There is no outstanding zoning transaction • Each LUN is uniquely identified by the HP Encryption Switch or HP Encryption Blade using the LUN's serial number. The LUN serial numbers must be unique for LUNs exposed from the same target port. The LUN serial numbers must also be unique for LUNs belonging to different target ports in nonmultipathing configurations. Failure to ensure unique LUN serial numbers results in nondeterministic behavior and may result in faulting of the HP Encryption Switch or HP Encryption Blade. • When creating an HA cluster or EG with two or more HP Encryption Switch/Encryption Blades, the GE ports (I/O sync links) must be configured with an IP address for the eth0 and eth1 Ethernet interfaces using ipaddrset. In addition, the eth0 and eth1 Ethernet ports should be connected to the network for redundancy. These I/O sync links connections must be established before any Re-Key, First Time Encryption, or enabling EE for crypto operations. Failure to do so results in HA Cluster creation failure. If the IP address for these ports is configured after the EE was enabled for encryption, HP Encryption Switch needs to be rebooted and Encryption Blades should be slot- HP StorageWorks Fabric OS 6.3.0c Release Notes 39

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
Always ensure that any previously committed LUN configurations or LUN modifications have
taken effect before committing additional LUN configurations or additions. All LUNs should be
in an Encryption Enabled state before committing additional LUN modifications.
The
cryptocfg -manual_rekey -all
command should not be used in environments with
multiple encryption engines (encryption blades) installed in a director-class chassis when more
than one encryption engine has access to the same LUN. In such situations, use the
cryptocfg
-manual_rekey <CTC> <LUN Num> <Initiator PWWN>
command to manually rekey these
LUNs.
If an HA Cluster is configured within an Encryption Group with containers configured for
auto
Failback Mode, the following procedure must be followed when upgrading from Fabric OS 6.2.x
to 6.3.0c. Note that the following procedure is required only under the above-mentioned conditions.
1.
Before the firmware upgrade, change the Failback Mode to
manual
for all containers con-
figured as
auto
. Take note of which Encryption Engines currently own which containers.
2.
Upgrade all nodes in the Encryption Group to Fabric OS 6.3.0c, one node at a time.
3.
After all nodes have been successfully upgraded, using the notes taken in step 1, manually
invoke the failback of the containers to the correct Encryption Engine using the command
cryptocfg -failback -EE <WWN of hosting node> [slot num] <WWN of
second node in HAC> [slot num]
.
4.
Once the manual failback completes, change the Failback Mode back to
auto
from
manual
,
if it was changed in step 1.
Avoid changing the configuration of any LUN that belongs to a CTC/LUN configuration while the
rekeying process for that LUN is active. If the user changes the LUN
s settings during manual or
auto, rekeying or First Time Encryption, the system reports a warning message stating that the
encryption engine is busy and a forced commit is required for the changes to take effect. A forced
commit command halts all active rekeying processes running in all CTCs and corrupts any LUN
engaged in a rekeying operation. There is no recovery for this type of failure.
To remove access between a given initiator and target, the user must not only remove the active
zoning information between the initiator and target, but must also remove the associated CTCs,
which will in turn remove the associated frame redirection zone information. Make sure to back
up all data before taking this action.
Before committing configurations or modifications to the CTC or LUNs on an HP Encryption Switch
or HP Encryption Blade, make sure that there are no outstanding zoning transactions in the switch
or fabric. Failure to do so results in the commit operation for the CTC or LUNs failing and may
cause the LUNs to be disabled. The user can check for outstanding zoning transactions by issuing
the CLI command
cfgtransshow
:
DCX_two:root> cfgtransshow
There is no outstanding zoning transaction
Each LUN is uniquely identified by the HP Encryption Switch or HP Encryption Blade using the
LUN
s serial number. The LUN serial numbers must be unique for LUNs exposed from the same
target port. The LUN serial numbers must also be unique for LUNs belonging to different target
ports in nonmultipathing configurations. Failure to ensure unique LUN serial numbers results in
nondeterministic behavior and may result in faulting of the HP Encryption Switch or HP Encryption
Blade.
When creating an HA cluster or EG with two or more HP Encryption Switch/Encryption Blades,
the GE ports (I/O sync links) must be configured with an IP address for the
eth0
and
eth1
Ethernet
interfaces using
ipaddrset
. In addition, the
eth0
and
eth1
Ethernet ports should be connected
to the network for redundancy. These I/O sync links connections must be established before any
Re-Key, First Time Encryption, or enabling EE for crypto operations. Failure to do so results in HA
Cluster creation failure. If the IP address for these ports is configured after the EE was enabled for
encryption, HP Encryption Switch needs to be rebooted and Encryption Blades should be
slot-
HP StorageWorks Fabric OS 6.3.0c Release Notes
39