HP Brocade 8/12c HP Fabric OS 6.2.2f Release Notes (5697-1756, February 2012) - Page 35
Initial setup of encrypted LUNs, described in the SKM User Guide
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 35 highlights
• The Encryption SAN Switch and Encryption FC blade do not support QoS. When using encryption or Frame Redirection, participating flows should not be included in QoS Zones. • With Windows and Veritas Volume Manager/Veritas Dynamic Multipathing, when LUN sizes less than 400 MB are presented to the Encryption SAN Switch for encryption, a host panic can occur. Fabric OS 6.2.2f does not support this configuration. • To clean up the stale rekey information for the LUN, use one of the following methods: ◦ Method 1 1. Modify the LUN policy from encrypt to cleartext and commit. The LUN will become disabled. 2. Enable the LUN using cryptocfg --enable -LUN. Modify the LUN policy from clear-text to encrypt with enable_encexistingdata to enable the first time encryption and do commit. This clears the stale rekey metadata on the LUN and the LUN can be used again for encryption. ◦ Method 2 1. Remove the LUN from Crypto Target Container and commit. 2. Add the LUN back to the Crypto Target Container with LUN State="clear-text", policy="encrypt" and enable_encexistingdata set for enabling the First Time Encryption and commit. This clears the stale rekey metadata on the LUN and the LUN can be used again for encryption. • Relative to the HP Encryption switch and HP Encryption blade, all nodes in the Encryption Group must be at the same firmware level before starting a rekey or First Time Encryption operation. Make sure that existing rekey or First Time Encryption operations complete before upgrading any of the encryption products in the Encryption Group. Also, make sure that the firmware upgrade of all nodes in the Encryption Group completes before starting a rekey or First Time Encryption operation. • SKM FIPS mode enablement FIPS compliance mode is disabled in SKM by default. To enable it, follow the procedure described in the SKM User Guide, "Configuring the Key Manager for FIPS Compliance" section. NOTE: Per FIPS requirements, you cannot enable or disable FIPS when there are keys on the Key Manager. Therefore, if you must enable FIPS, HP strongly recommends that you do so during the initial SKM configuration, before any key sharing between the switch and the SKM occurs. Initial setup of encrypted LUNs IMPORTANT: While performing first-time encryption to a LUN with more than one initiator active at the time, rekey operations slow to a standstill. Define LUNs for a single initiator at a time to avoid this occurrence. Initial setup of encrypted LUNs 35