HP StorageWorks 1606 HP StorageWorks FOS 6.3.0b Release Notes (5697-0360, Apri - Page 42
Initial setup of encrypted LUNs, Configuring the Key Manager for FIPS Compliance
View all HP StorageWorks 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
• In an environment with a mixed firmware version (FOS 6.2.x + 6.3.0) Encryption Group, the I/O link state reported for FOS 6.2.x nodes is unreachable. During a rolling upgrade from FOS 6.2.0x to 6.3.0, you should see the I/O link status reported as Unreachable when the cryptocfg -show -loc command is invoked. However, once all the nodes are upgraded to FOS 6.3.0, the show command will accurately reflect the status of the I/O Link. The I/O link status while performing the rolling upgrade from FOS 6.2.0 to 6.3.0 can be ignored until all nodes have been upgraded to 6.3.0. Mace39:root> cryptocfg --show -loc EE Slot: 0 SP state: Online Current Master KeyID: 43:f1:bd:dc:91:89:f2:f1:6a:a1:48:89:7b:d0:5f:59 Alternate Master KeyID: 3a:a4:5b:86:90:d5:69:26:29:78:f8:3b:f9:b2:9c:b9 HA Cluster Membership: hac39_115 EE Attributes: Link IP Addr : 10.32.50.36 Link GW IP Addr: 10.32.48.1 Link Net Mask : 255.255.240.0 Link MAC Addr : 00:05:1e:53:8a:86 Link MTU : 1500 Link State : UP Media Type : DISK System Card Label : System Card CID : Remote EE Reachability : Node WWN/Slot IO Link State 10:00:00:05:1e:53:77:80/0 10:00:00:05:1e:53:b7:ae/0 EE IP Addr EE State 10.32.53.107 10.32.53.105 EE_STATE_ONLINE EE_STATE_ONLINE Non-Reachable Non-Reachable • SKM FIPS Mode Enablement FIPS compliance mode is disabled in SKM by default. To enable it, follow the procedure described in the SKM user guide, "Configuring the Key Manager for FIPS Compliance" section. NOTE: Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key Manager. Therefore, if FIPS enablement is required, HP strongly recommends that it be performed during the initial SKM configuration, before any key sharing between the switch and the SKM occurs. Initial setup of encrypted LUNs IMPORTANT: While performing first-time encryption to a LUN with more than one initiator active at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to avoid this occurrence. 42