HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 164
Zoning considerations, Setting default zoning to no access
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 164 highlights
3 Zoning considerations Current Master KeyID: a3:d7:57:c7:54:66:65:05:61:7a:35:2c:59:af:a5:dc Alternate Master KeyID: e9:e4:3a:f8:bc:4e:75:44:81:35:b8:90:d0:1f:6f:4d No HA cluster membership EE Attributes: Media Type : DISK EE Slot: 10 SP state: Online Current Master KeyID: a3:d7:57:c7:54:66:65:05:61:7a:35:2c:59:af:a5:dc Alternate Master KeyID: e9:e4:3a:f8:bc:4e:75:44:81:35:b8:90:d0:1f:6f:4d No HA cluster membership EE Attributes: Media Type : DISK EE Slot: 12 SP state: Online Current Master KeyID: a3:d7:57:c7:54:66:65:05:61:7a:35:2c:59:af:a5:dc Alternate Master KeyID: e9:e4:3a:f8:bc:4e:75:44:81:35:b8:90:d0:1f:6f:4d HA Cluster Membership: hacDcx3 EE Attributes: Media Type : DISK Zoning considerations When encryption is implemented, frames sent between a host and a target LUN are redirected to a virtual target within an encryption switch or blade. Redirection zones are created to route these frames. When redirection zones are in effect, direct access from host to target should not be allowed to prevent data corruption. Zone hosts and targets together before configuring them for encryption. Redirection zones are automatically created to redirect the host-target traffic through the encryption engine, but redirection zones can only be created if the host and target are already zoned. Setting default zoning to no access Initially, default zoning for all Brocade switches is set to All Access. The All Access setting allows the Brocade Encryption Switch, DCX, or DCX-4S to join the fabric and be discovered before zoning is applied. If there is a difference in this setting within the fabric, the fabric will segment. Before committing an encryption configuration in a fabric, default zoning must be set to No Access within the fabric. The No Access setting ensures that no two devices on the fabric can communicate with one another without going through a regular zone or a redirection zone. 1. Check the default zoning setting. Commonly, it will be set to All Access. switch:admin> defzone --show Default Zone Access Mode committed - All Access transaction - No Transaction 144 Fabric OS Encryption Administrator's Guide 53-1002159-03