Dell Brocade 6510 Brocade Fabric OS v7.0.2 Release Notes v1.0 - Page 25

• If the migration to FOS v7.0 or later does not occur from 6.4.1a, 6.4.1b, or 6.4.2, the following will result • BES will reboot if auto reboot is enabled otherwise it needs to be rebooted manually for recovery2010/11/08-04:54:35:485488, [FSS-1009], 4424/886, CHASSIS, ERROR, MACE, FSS Error: fcsw0-vs: MISMATCH: component., svc.c, line: 2462, comp:FSSK_TH, ltime:2010/11/08-04:54:35:485484 • Adding of 3PAR Session/Enclosure LUNs to CTCs is now supported. Session/Enclosure LUNs (LUN 0xFE) used by 3PAR InServ arrays must be added to CryptoTarget (CTC) containers with LUN state set to "cleartext", encryption policy set to "cleartext". BES/FS8-18 will not perform any explicit enforcement of this requirement. • The "cryptocfg -manual_rekey -all" command should not be used in environments with multiple encryption engines (FS8-18 blades) installed in a DCX/DCX-4S/DCX 8510 chassis with more than one encryption engine has access to the same LUN. In such situations, use the "cryptocfg -manual_rekey " command to manually rekey these LUNs. • When host clusters are deployed in an Encryption environment, please note the following recommendations: • If two EEs (encryption engines) are part of a HAC (High Availability Cluster), configure the host/target pair such that they form a multipath from both EEs. Avoid connecting both the host/target pairs to the same EE. This connectivity does not give full redundancy in the case of EE failure resulting in HAC failover. • Since quorum disk plays a vital role in keeping the cluster in sync, please configure the quorum disk to be outside of the encryption environment. • The "-key_lifespan" option has no effect for "cryptocfg -add -LUN", and only has an effect for "cryptocfg --create -tapepool" for tape pools declared "-encryption_format native". For all other encryption cases, a new key is generated each time a medium is rewound and block zero is written or overwritten. For the same reason, the "Key Life" field in the output of "cryptocfg --show -container -all -stat" should always be ignored, and the "Key life" field in "cryptocfg --show -tapepool -cfg" is only significant for native-encrypted pools. • The Quorum Authentication feature requires a compatible DCFM or Brocade Network Advisor release (DCFM 10.3 or later for pre-FOS v7.0 and Network Advisor 11.1 or later for FOS v7.0 or later) that supports this feature. Note, all nodes in the EG must be running FOS v6.3.0 or later for quorum authentication to be properly supported. • The System Card feature requires a compatible DCFM or Brocade Network Advisor release (DCFM 10.3 or later for pre-FOS v7.0 and Network Advisor 11.1 or later for FOS v7.0 or later) that supports this feature. Note, all nodes in the EG must be running FOS v6.3.0 or later for system verification to be properly supported. • The Brocade Encryption switch and FS8-18 blade do not support QoS. When using encryption or Frame Redirection, participating flows should not be included in QoS Zones. • HP SKM & ESKM are supported with Multiple Nodes and Dual SKM/ESKM Key Vaults. Two-way certificate exchange is supported. Please refer to the Encryption Admin Guide for configuration information. If using dual SKMs or ESKMs on BES/FS8-18 Encryption Group, then these SKM / ESKM Appliances must be clustered. Failure to cluster will result in key creation failure. Otherwise, register only one SKM / ESKM on the BES/FS8-18 Encryption Group. • The RSA RKM Appliance A1.6, SW v2.7.1.1 is supported. The procedure for setting up the RKM Appliance with BES or a DCX/DCX-4S/DCX 8510 with FS8-18 blades is located in the Encryption Admin Guide. • Support for registering a 2nd RKM Appliance on BES/FS8-18 is blocked. If the RKM Appliances are clustered, then the virtual IP address hosted by a 3rd party IP load balancer for the RKM Cluster must be registered on BES/FS8-18 in the primary slot for Key Vault IP. Fabric OS v7.0.2 Release Notes v1.0 Page 25 of 99