HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 222
Changing IP addresses in encryption groups, Disabling the encryption engine, Recommendations
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 222 highlights
5 Changing IP addresses in encryption groups NOTE In the event that the signed KAC certificate must be re-registered, you will need to log in to the key vault web interface and upload the new signed KAC certificate for the corresponding Brocade Encryption Switch Identity. You can change the value of the certificate expiration date using the following command: openssl x509 -req -sha1 -CAcreateserial -in certs/ -days 365 -CA cacert.pem -CAkey private/cakey.pem -out newcerts/ In the example above, the certificate is valid for a period of one year (365 days). You can increase or decrease this value according to your own specific needs. Changing IP addresses in encryption groups Generally, when IP addresses are assigned to the Ge0 and Ge1 ports, they should not be changed. If an encryption group member node IP address must be changed, refer to "IP Address change of a node within an encryption group" on page 117. Disabling the encryption engine The disable encryption engine interface command cryptocfg --disableEE [slot number] should be used only during firmware download, and when the encryption and security capabilities of the encryption engine have been compromised. When disabling the encryption capabilities of the encryption engine, be sure the encryption engine is not hosting any CryptoTarget containers. All CryptoTarget containers hosted on the encryption switch or FS8-18 blade must either be removed from the encryption engine, or be moved to different encryption engine in an HA Cluster or encryption group before disabling the encryption and security capabilities. Recommendations for Initiator Fan-Ins For optimal performance at reasonable scaling factors of initiators, targets, and LUNs accessed, Brocade Encryption Engines (EEs) are designed to support a fan-In ratio of between four and eight initiator ports to one target port, in terms of the number of distinct initiator ports to a Crypto Container (i.e., a virtual target port corresponding to the physical target port). 202 Fabric OS Encryption Administrator's Guide 53-1002159-03