Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál Strana 1

53-1002923-0126 July 2013®Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM

viii Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .

80 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Tape LUN write early and read ahead2FIGURE 53 Encryption Targets dialog box3. Sel

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 8153-1002923-01Tape LUN statistics2NOTEYou can also select a group, switch, or engine from the E

82 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Tape LUN statistics2FIGURE 56 Tape LUN Statistics dialog boxThe dialog box contai

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 8353-1002923-01Tape LUN statistics23. Select a tape target storage device, then click LUNs.The T

84 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Tape LUN statistics2• Compressed Bytes: The number of compressed bytes written to

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 8553-1002923-01Encryption engine rebalancing2FIGURE 60 Tape LUN Statistics dialog boxThe dialog

86 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Master keys2During rebalancing operations, be aware of the following:• You might

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 8753-1002923-01Master keys2The new master key cannot be used (no new data encryption keys can be

88 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Master keys2Master key actionsNOTEMaster keys belong to the group and are managed

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 8953-1002923-01Master keys23. Select Backup Master Key as the Master Key Action.The Master Key B

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) ix53-1002923-01Multiple paths, one DEK cluster, and two HA clusters . . . . . . . . . .208Multip

90 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Master keys23. Select Backup Master Key as the Master Key Action.The Backup Maste

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 9153-1002923-01Master keys2FIGURE 63 Master key backup dialog box - Backup Destination (to smart

92 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Master keys2Overview of Saving a master key to a smart card set A card reader mus

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 9353-1002923-01Master keys2FIGURE 64 Restore Master Key for Encryption Group dialog box - Restor

94 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Master keys2FIGURE 65 Restore Master Key for Encryption Group dialog box - Restor

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 9553-1002923-01Master keys2FIGURE 66 Restore Master Key for Encryption Group dialog box - Restor

96 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Security settings2Security settings Security settings help you identify if system

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 9753-1002923-01Zeroizing an encryption engine2NOTEZeroizing an engine affects the I/Os, but all

98 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Using the Encryption Targets dialog box2Using the Encryption Targets dialog boxTh

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 9953-1002923-01Redirection zones2Redirection zonesIt is recommended that you configure the host

x Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Rekeying best practices and policies. . . . . . . . . . . . . . . . . . . . . . .

100 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Disk device decommissioning2Provided that the crypto configuration is not left u

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 10153-1002923-01Disk device decommissioning2If a rekey operation is currently in progress on a s

102 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Rekeying all disk LUNs manually23. Click Delete All to delete the decommissioned

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 10353-1002923-01Rekeying all disk LUNs manually2The following conditions must be satisfied for t

104 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Rekeying all disk LUNs manually2.FIGURE 72 Pending manual rekey operations Viewi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 10553-1002923-01Rekeying all disk LUNs manually2FIGURE 73 Encryption Target Disk LUNs dialog box

106 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Rekeying all disk LUNs manually2Viewing the progress of manual rekey operationsT

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 10753-1002923-01Thin provisioned LUNs2• Current LBA: The Logical Block Address (LBA) of the bloc

108 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing time left for auto rekey2• If you are running a Fabric OS version earlie

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 10953-1002923-01Viewing and editing switch encryption properties2The Encryption Target Disk LUNs

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) xi53-1002923-01Encryption group database manual operations . . . . . . . . . . . . . . .259Manua

110 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing switch encryption properties2FIGURE 76 Encryption Switch Pro

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 11153-1002923-01Viewing and editing switch encryption properties2• Discovering• Not a member- En

112 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing switch encryption properties2• need master/link key• Online-

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 11353-1002923-01Viewing and editing encryption group properties2FIGURE 77 Import Signed Certific

114 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing encryption group properties2The Encryption Group Properties

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 11553-1002923-01Viewing and editing encryption group properties2General tabThe General tab is vi

116 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing encryption group properties2When the first encryption engine

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 11753-1002923-01Viewing and editing encryption group properties2Members tabThe Members tab lists

118 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing encryption group properties2The Members table might not matc

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 11953-1002923-01Viewing and editing encryption group properties2Table 2 explains the impact of r

xii Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01

120 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing encryption group properties2FIGURE 81 Encryption Group Prope

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 12153-1002923-01Viewing and editing encryption group properties2• Registered Authentication Card

122 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing encryption group properties2FIGURE 82 Encryption Group Prope

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 12353-1002923-01Viewing and editing encryption group properties2• Configure Blade Processor Link

124 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Viewing and editing encryption group properties2Tape pools overviewTape cartridg

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 12553-1002923-01Viewing and editing encryption group properties2FIGURE 85 Add Tape Pool by numbe

126 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption-related acronyms in log messages2NOTEYou can also select a group from

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 12753-1002923-01Chapter3Configuring Encryption Using the CLI•Overview. . . . . . . . . . . . . .

128 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Overview3OverviewThis chapter explains how to use the command line interface (CL

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 12953-1002923-01Command RBAC permissions and AD types34. PortMember: allows all control operatio

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) xiii53-1002923-01About This DocumentIn this chapter•How this document is organized . . . . . .

130 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Command RBAC permissions and AD types3createhaclusterNOMN N N OMN NDisallowedcre

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 13153-1002923-01Command RBAC permissions and AD types3rebalanceNOMN N N OMN NDisallowedreclaimNO

132 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Cryptocfg Help command output3Cryptocfg Help command outputAll encryption operat

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 13353-1002923-01Configuring cluster links3Configuring cluster linksEach encryption switch or FS8

134 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring cluster links3DHCP: Offeth0: 10.33.54.208/20eth1: none/noneGateway:

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 13553-1002923-01Setting encryption node initialization34. Reboot the member node (the node on wh

136 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance3Steps for connecting to an SKM

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 13753-1002923-01Steps for connecting to an SKM or ESKM appliance313. Select Save.The Brocade use

138 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance3FIGURE 87 Creating an HP SKM/ES

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 13953-1002923-01Steps for connecting to an SKM or ESKM appliance3Creating and installing the SKM

xiv Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Supported hardware and software. The following hardware platforms support data e

140 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance317. Select the server certifica

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 14153-1002923-01Steps for connecting to an SKM or ESKM appliance34. Click Edit. A warning messag

142 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance33. Select the name of the local

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 14353-1002923-01Steps for connecting to an SKM or ESKM appliance320. Create and install an SKM/E

144 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance35. Initialize the encryption en

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 14553-1002923-01Steps for connecting to an SKM or ESKM appliance310. Allow Certificate Duration

146 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance3The following example creates t

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 14753-1002923-01Steps for connecting to an SKM or ESKM appliance3Server SDK Version:

148 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance3• The user name and password mu

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 14953-1002923-01Steps for connecting to an SKM or ESKM appliance3cluster fails, an error is logg

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) xv53-1002923-01Notes, cautions, and warningsThe following notices and statements are used in thi

150 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an SKM or ESKM appliance3When the secondary SKM/ESKM is

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 15153-1002923-01Steps for connecting to an SKM or ESKM appliance35. Use the cryptocfg --import c

152 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Generating and backing up the master key3Node Name: 10:00:00:05

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 15353-1002923-01Generating and backing up the master key33. Save the master key to a file.Securi

154 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01High availability clusters3Group Leader Node Name: 10:00:00:05:1e:41:9a:7eEn

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 15553-1002923-01High availability clusters3NOTEIn Fabric OS 6.3.0 and later, HA cluster creation

156 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01High availability clusters3NOTEAn HA cluster configuration must have two encrypt

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 15753-1002923-01High availability clusters3<<old node WWN> [old slot number]><<

158 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01High availability clusters3Policy Configuration ExamplesThe following examples i

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 15953-1002923-01Re-exporting a master key3Re-exporting a master keyWith the introduction of Fabr

xvi Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Key termsFor definitions specific to Brocade and Fibre Channel, see the technica

160 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Re-exporting a master key3The exported key ID is displayed with the master key I

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 16153-1002923-01Re-exporting a master key3The following example lists the exported master key ID

162 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Enabling the encryption engine3Enabling the encryption engineEnable the encrypti

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 16353-1002923-01Zoning considerations3 No HA cluster membership EE Attributes: Med

164 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Zoning considerations3Frame redirection zoningName Server-based frame redirectio

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 16553-1002923-01Zoning considerations3 The Local Name Server has 1 entry }The nsshow command sho

166 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01CryptoTarget container configuration37. Create a zone that includes the initiato

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 16753-1002923-01CryptoTarget container configuration3FIGURE 89 Relationship between initiator, v

168 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01CryptoTarget container configuration3To determine if rebalancing is recommended

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 16953-1002923-01CryptoTarget container configuration3Creating a CryptoTarget container1. Log in

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) xvii53-1002923-01For information about the Key Management Interoperability Protocol standard, vi

170 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01CryptoTarget container configuration3Number of LUN(s): 0Operation Succeeded6

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 17153-1002923-01CryptoTarget container configuration3CAUTIONWhen configuring a multi-path LUN, y

172 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01CryptoTarget container configuration3CAUTIONWhen configuring a multi-path LUN, y

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 17353-1002923-01Crypto LUN configuration3Crypto LUN configurationA Crypto LUN is the LUN of a ta

174 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Crypto LUN configuration3CAUTIONWhen configuring a LUN with multiple paths, perf

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 17553-1002923-01Crypto LUN configuration3NOTEIf you are using VMware virtualization software or

176 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Crypto LUN configuration3Crypto LUN parameters and policies Table 6 shows the en

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 17753-1002923-01Crypto LUN configuration3Configuring a tape LUNThis example shows how to configu

178 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Crypto LUN configuration3b. Add an initiator to the CryptoTarget container “my_t

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 17953-1002923-01Crypto LUN configuration3Encryption format: DF_compatibleTape type:

Copyright © 2012 - 2013 Brocade Communications Systems, Inc. All Rights Reserved.ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabri

xviii Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01If you cannot use the licenseIdShow command because the switch is inoperable,

180 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Crypto LUN configuration3Modifying Crypto LUN parameters You can modify one or m

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 18153-1002923-01Impact of tape LUN configuration changes3For tape LUNs, the -enable_encexistingd

182 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring a multi-path Crypto LUN3To avoid the risk of data corruption, you mu

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 18353-1002923-01Configuring a multi-path Crypto LUN33. On the group leader encryption switch (sw

184 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring a multi-path Crypto LUN3c. Review the output of the LUN discovery to

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 18553-1002923-01Decommissioning LUNs3Make sure the LUNs in previously committed LUN configuratio

186 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Decommissioning LUNs3If a LUN is removed when undergoing decommission or is in a

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 18753-1002923-01Decommissioning replicated LUNs3Decommissioning replicated LUNsThe following sce

188 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Force-enabling a decommissioned disk LUN for encryption3NOTEDo not delete the ke

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 18953-1002923-01Force-enabling a disabled disk LUN for encryption37. En a b le t h e L UN .Fabr

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 153-1002923-01Chapter1Encryption OverviewIn this chapter•Host and LUN considerations . . . . . .

190 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Tape pool configuration3Tape pool configurationTape pools are used by tape backu

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 19153-1002923-01Tape pool configuration3CommVault Galaxy labelingCommVault uses a storage policy

192 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Tape pool configuration3Creating a tape poolTake the following steps to create a

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 19353-1002923-01Tape pool configuration3Deleting a tape poolThis command does not issue a warnin

194 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01First-time encryption3First-time encryptionFirst-time encryption, also referred

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 19553-1002923-01Thin provisioned LUNs3Thin provisioned LUNsWith the introduction of Fabric OS 7.

196 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Thin provisioned LUNs3Encryption format: nativeEncrypt existing data: disa

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 19753-1002923-01Data rekeying3• The WRITE_SAME command will not be supported for the unmap opera

198 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Data rekeying3• Rekey temporarily uses the last 512 blocks. As a result, these b

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 19953-1002923-01Data rekeying31. Log in to the group leader as FabricAdmin. 2. Enable automatic

2 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Terminology1TerminologyThe following are definitions of terms used extensively in

200 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Data rekeying3Target: 50:06:01:60:30:20:db:34 50:06:01:60:b0:20:

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 20153-1002923-01Data rekeying32. Check the status of the resumed rekey session.FabricAdmin:switc

202 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Data rekeying3

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 20353-1002923-01Chapter4Deployment ScenariosIn this chapter•Single encryption switch, two paths

204 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Single encryption switch, two paths from host to target4Single encryption switch

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 20553-1002923-01Single fabric deployment - HA cluster4Single fabric deployment - HA clusterFigur

206 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Single fabric deployment - DEK cluster4In Figure 92, the two encryption switches

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 20753-1002923-01Dual fabric deployment - HA and DEK cluster4In Figure 93, two encryption switche

208 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Multiple paths, one DEK cluster, and two HA clusters4failover for the encryption

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 20953-1002923-01Multiple paths, DEK cluster, no HA cluster4The configuration details shown in Fi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 353-1002923-01Terminology1Opaque Key VaultA storage location that provides untrusted key managem

210 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Multiple paths, DEK cluster, no HA cluster4The configuration details are as foll

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 21153-1002923-01Deployment in Fibre Channel routed fabrics4Deployment in Fibre Channel routed fa

212 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Deployment in Fibre Channel routed fabrics4The following is a summary of steps f

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 21353-1002923-01Deployment as part of an edge fabric4Deployment as part of an edge fabricIn this

214 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Deployment as part of an edge fabric4• The encryption device creates the frame r

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 21553-1002923-01Deployment with FCIP extension switches4Deployment with FCIP extension switchesE

216 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01VMware ESX server deployments4VMware ESX server deploymentsVMware ESX servers ma

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 21753-1002923-01VMware ESX server deployments4FIGURE 101 VMware ESX server, One HBA per guest OS

218 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01VMware ESX server deployments4Figure 102 shows a VMware ESX server with two gues

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 21953-1002923-01VMware ESX server deployments4FIGURE 102 VMware ESX server, One HBA shared by tw

4 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01The Brocade Encryption Switch1The Brocade Encryption SwitchThe Brocade Encryption

220 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01VMware ESX server deployments4

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 22153-1002923-01Chapter5Best Practices and Special Topics•Firmware upgrade and downgrade conside

222 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Firmware upgrade and downgrade considerations5Firmware upgrade and downgrade con

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 22353-1002923-01Firmware upgrade and downgrade considerations5• When doing a firmware upgrade to

224 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Firmware upgrade and downgrade considerations5• Do not try registering a node ru

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 22553-1002923-01Configuration upload and download considerations5Configuration upload and downlo

226 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuration upload and download considerations5Steps before configuration down

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 22753-1002923-01HP-UX considerations53. If there are containers that belonged to the old encrypt

228 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01AIX Considerations5NOTEWhen an EMC-CX3 storage array is used with HP-UX the CX3

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 22953-1002923-01Tape data compression5Tape data compressionData is compressed by the encryption

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 553-1002923-01The FS8-18 blade1The FS8-18 bladeThe FS8-18 blade provides the same features and f

230 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Tape block zero handling5Tape block zero handlingThe block zero of the tape medi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 23153-1002923-01Redirection zones5• To enable host MPIO, LUNs must also be available through a s

232 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Ensure uniform licensing in HA clusters5Ensure uniform licensing in HA clustersL

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 23353-1002923-01Turn off compression on extension switches5Turn off compression on extension swi

234 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01KAC certificate registration expiry5Do not change LUN configuration while rekeyi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 23553-1002923-01Disabling the encryption engine5Disabling the encryption engineThe disable encry

236 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Best practices for host clusters in an encryption environment5The fan-in ratio f

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 23753-1002923-01Tape device LUN mapping5Tape device LUN mapping When performing LUN mapping, ens

238 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Special notes for HP Data Protector backup and restore application5

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 23953-1002923-01Chapter6Maintenance and Troubleshooting•Encryption group and HA cluster maintena

6 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Recommendation for connectivity1Recommendation for connectivityIn order to achieve

240 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group and HA cluster maintenance6Encryption group and HA cluster main

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 24153-1002923-01Encryption group and HA cluster maintenance6FIGURE 104 Removing a node from an e

242 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group and HA cluster maintenance6 IP Address: 10.3

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 24353-1002923-01Encryption group and HA cluster maintenance6Deleting an encryption groupYou can

244 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group and HA cluster maintenance6Displaying the HA cluster configurat

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 24553-1002923-01Encryption group and HA cluster maintenance6Replacing an HA cluster member1. Log

246 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group and HA cluster maintenance6FIGURE 105 Replacing a failed encryp

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 24753-1002923-01Encryption group and HA cluster maintenance6Case 2: Replacing a “live” encryptio

248 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group and HA cluster maintenance6Performing a manual failback of an e

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 24953-1002923-01Encryption group merge and split use cases6• After the failback completes, the c

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 753-1002923-01Brocade encryption solution overview1Brocade encryption solution overviewThe loss

250 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group merge and split use cases6NOTEWhen attempting to reclaim a fail

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 25153-1002923-01Encryption group merge and split use cases6RecoveryIf auto failback policy is se

252 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group merge and split use cases6• The isolation of N3 from the group

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 25353-1002923-01Encryption group merge and split use cases6Recovery1. Restore the connection bet

254 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group merge and split use cases6NOTEThe collective time allowed (the

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 25553-1002923-01Encryption group merge and split use cases6NOTEIf one or more EG status displays

256 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group merge and split use cases6Display the encryption group state ag

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 25753-1002923-01Encryption group merge and split use cases6If you now perform a cryptocfg --show

258 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption group merge and split use cases66. Verify your encryption group is re

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 25953-1002923-01Encryption group database manual operations6Encryption group database manual ope

8 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Brocade encryption solution overview1Data flow from server to storageThe Brocade E

260 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Key vault diagnostics6Use the --sync -securitydb command to distribute the secur

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 26153-1002923-01Measuring encryption performance6• Key class and format on the KV configured for

262 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Measuring encryption performance6For example:FabricAdmin:switch> cryptocfg --

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 26353-1002923-01Measuring encryption performance6b. The user port on which a particular virtual

264 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Measuring encryption performance6In a DCX Backbone, the slot number is also disp

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 26553-1002923-01General encryption troubleshooting6General encryption troubleshootingTable 9 lis

266 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01General encryption troubleshooting6A backup fails because the LUN is always in t

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 26753-1002923-01General encryption troubleshooting6A performance drop occurs when using DPM on a

268 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Troubleshooting examples using the CLI6Troubleshooting examples using the CLIEnc

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 26953-1002923-01Troubleshooting examples using the CLI6Encryption Disabled CryptoTarget LUNIf th

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 953-1002923-01Data encryption key life cycle management1Data encryption key life cycle managemen

270 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Management application encryption wizard troubleshooting6Management application

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 27153-1002923-01Management application encryption wizard troubleshooting6Errors related to addin

272 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Management application encryption wizard troubleshooting6General errors related

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 27353-1002923-01LUN policy troubleshooting6LUN policy troubleshootingTable 14 may be used as an

274 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Loss of encryption group leader after power outage6Loss of encryption group lead

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 27553-1002923-01MPIO and internal LUN states65. Synchronize the crypto configurations across all

276 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01FS8-18 blade removal and replacement61. Enter the cryptocfg --resume_rekey comma

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 27753-1002923-01FS8-18 blade removal and replacement63. If the replaced FS8-18 blade is in membe

278 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01FS8-18 blade removal and replacement6NOTEBecause the FS8-18 blade was inserted i

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 27953-1002923-01Brocade Encryption Switch removal and replacement611. If a master key is not pre

Document Title iii53-1002923-01

10 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Data encryption key life cycle management1FIGURE 5 DEK life cycle

280 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Brocade Encryption Switch removal and replacement66. Replace the old Brocade Enc

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 28153-1002923-01Brocade Encryption Switch removal and replacement621. Import the signed CSR/Cert

282 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Brocade Encryption Switch removal and replacement631. If HA cluster membership f

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 28353-1002923-01Brocade Encryption Switch removal and replacement612. Recreate the EG with the s

284 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Reclaiming the WWN base of a failed Brocade Encryption Switch6b. Issue commit. A

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 28553-1002923-01Removing stale rekey information for a LUN6Removing stale rekey information for

286 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Fabric OS and ESKM compatibility matrix6NOTEWhen disabling the firmware consiste

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 28753-1002923-01Splitting an encryption group into two encryption groups6Splitting an encryption

288 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Moving an encryption blade from one EG to another in the same fabric6When prompt

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 28953-1002923-01Moving an encryption switch from one EG to another in the same fabric6Moving an

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 1153-1002923-01Master key management1Master key managementCommunications with opaque key vaults

290 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Moving an encryption switch from one EG to another in the same fabric6

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 29153-1002923-01AppendixAState and Status InformationIn this appendix•Encryption engine security

292 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Security processor KEK statusASecurity processor KEK statusTable 20 lists securi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 29353-1002923-01Encrypted LUN statesALUN_1ST_TIME_REKEY_IN_PROG First time rekey is in progress.

294 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encrypted LUN statesALUN_DIS_WR_META_DONE_ERR Disabled (Write metadata done with

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 29553-1002923-01Encrypted LUN statesATABLE 22 Tape LUN statesInternal Names Console String Expla

296 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encrypted LUN statesALUN_ENCRYPT Encryption enabled The tape medium is present,

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 29753-1002923-01IndexAadd commands--add -haclustermember, 156--add -initiator, 169, 178, 183--ad

298 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01cryptocfg command--add -haclustermember, 156--add -initiator, 169, 178, 183--add

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 29953-1002923-01disk devicesdecommissioning, 99disk lunsdecommissioning, 100rekeying manually, 1

12 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Cisco Fabric Connectivity support1Cisco Fabric Connectivity supportThe Brocade En

300 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01encryption group propertiesediting, 113using the restore master key, 97viewing,

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 30153-1002923-01using the CLI, 248removing an encryption engine using the CLI, 243removing engin

302 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Mmanual command, --manual_rekey, 199manual re-key, 233manual rekeyviewing progre

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 30353-1002923-01remove commands--rem -haclustermember, 241--rem -LUN, 179, 276--remove -hacluste

304 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01tape pools, 229adding, 124CommVault Galaxy labeling using the CLI, 191configurin

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 1353-1002923-01Chapter2Configuring Encryption Using the Management Application•Encryption Center

14 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption Center features2Encryption Center featuresThe Encryption Center dialog

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 1553-1002923-01Encryption user privileges2Encryption user privilegesIn Brocade Network Advisor,

16 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Smart card usage2Smart card usageSmart Cards are credit card-sized cards that con

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 1753-1002923-01Smart card usage2• Establishing a trusted link with the NetApp LKM key vault.• De

18 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Smart card usage23. Locate the Authentication Card Quorum Size and select the quo

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 1953-1002923-01Smart card usage2Registering authentication cards from the databaseSmart cards th

iv Document Title53-1002923-01

20 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Smart card usage2Deregistering an authentication cardAuthentication cards can be

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 2153-1002923-01Smart card usage2Using system cardsSystem cards are smart cards that can be used

22 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Smart card usage2Enabling or disabling the system card requirementTo use a system

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 2353-1002923-01Smart card usage2Deregistering system cardsSystem cards can be removed from the d

24 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Smart card usage2FIGURE 7 Smart Card asset tracking dialog boxThe Smart Cards tab

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 2553-1002923-01Smart card usage2NOTEYou can remove smart cards from the table to keep the Smart

26 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Smart card usage2Editing smart cardsSmart cards can be used for user authenticati

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 2753-1002923-01Network connections2Network connectionsBefore you use the encryption setup wizard

28 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption node initialization and certificate generation2Configuring blade proce

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 2953-1002923-01Steps for connecting to an ESKM/SKM appliance2Setting encryption node initializat

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) iii53-1002923-01ContentsAbout This DocumentIn this chapter . . . . . . . . . . . . . . . . . . .

30 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an ESKM/SKM appliance2Configuring a Brocade group on ESKM

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 3153-1002923-01Steps for connecting to an ESKM/SKM appliance2FIGURE 10 Key Vault Credentials dia

32 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an ESKM/SKM appliance2Setting up the local Certificate Au

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 3353-1002923-01Steps for connecting to an ESKM/SKM appliance25. Under Certificates & CAs, se

34 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an ESKM/SKM appliance210. Click Sign Request.11. Enter th

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 3553-1002923-01Steps for connecting to an ESKM/SKM appliance2Creating an ESKM/SKM high availabil

36 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an ESKM/SKM appliance2Adding ESKM/SKM appliances to the c

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 3753-1002923-01Steps for connecting to an ESKM/SKM appliance2Signing the encryption node KAC cer

38 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Steps for connecting to an ESKM/SKM appliance2Importing a signed KAC certificate

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 3953-1002923-01Steps for connecting to an ESKM/SKM appliance2Data Encryption KeysThe following s

iv Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Chapter 2 Configuring Encryption Using the Management ApplicationEncryption Cente

40 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Encryption preparation2ESKM/SKM key vault deregistrationDeregistration of either

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 4153-1002923-01Creating an encryption group2Creating an encryption groupThe following steps desc

42 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Creating an encryption group2g. Configuration Status.h. Read Instructions.FIGURE

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 4353-1002923-01Creating an encryption group2FIGURE 15 Designate Switch Membership dialog box 5.

44 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Creating an encryption group2The dialog box contains the following information:•

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 4553-1002923-01Creating an encryption group2Using this dialog box, you can select a key vault fo

46 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Creating an encryption group21. Enter the IP address or host name for the primary

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 4753-1002923-01Creating an encryption group2FIGURE 20 Specify Master Key File Name dialog box 9.

48 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Creating an encryption group211. Set quorum size and system card requirements.The

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 4953-1002923-01Creating an encryption group2FIGURE 23 Configuration Status dialog boxAll configu

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) v53-1002923-01High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Creating an encryption group2FIGURE 24 Next Steps dialog box14. Review post-confi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 5153-1002923-01Adding a switch to an encryption group27. Back up the master key to a file. (Opaq

52 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Adding a switch to an encryption group2FIGURE 26 Designate Switch Membership dial

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 5353-1002923-01Adding a switch to an encryption group2FIGURE 27 Add Switch to Existing Encryptio

54 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Adding a switch to an encryption group26. Enter the location where you want to st

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 5553-1002923-01Adding a switch to an encryption group2All configuration items have green check m

56 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Replacing an encryption engine in an encryption group2Replacing an encryption eng

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 5753-1002923-01High availability clusters2High availability clusters A high availability (HA) cl

58 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01High availability clusters2Creating HA clustersFor the initial encryption node, p

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 5953-1002923-01High availability clusters23. Click the right arrow to add the encryption engine

vi Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Rekeying all disk LUNs manually . . . . . . . . . . . . . . . . . . . . . . . . .

60 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring encryption storage targets2Failback optionThe Failback option determi

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 6153-1002923-01Configuring encryption storage targets25. Confirmation6. Configuration Status7. I

62 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring encryption storage targets2FIGURE 35 Configure Storage Encryption - w

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 6353-1002923-01Configuring encryption storage targets2The dialog box contains the following info

64 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring encryption storage targets26. Select a target from the list. (The Tar

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 6553-1002923-01Configuring encryption storage targets2NOTEYou must enter the host node world wid

66 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring encryption storage targets2FIGURE 39 Name Container dialog box10. Ent

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 6753-1002923-01Configuring encryption storage targets2The screen contains the following informat

68 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring encryption storage targets213. Review any post-configuration instruct

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 6953-1002923-01Configuring hosts for encryption targets2Configuring hosts for encryption targets

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) vii53-1002923-01Steps for connecting to an SKM or ESKM appliance . . . . . . . . . . .136Configu

70 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Configuring hosts for encryption targets2FIGURE 44 Encryption Target Hosts dialog

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 7153-1002923-01Adding target disk LUNs for encryption2Adding target disk LUNs for encryptionYou

72 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Adding target disk LUNs for encryption2• Encryption path table: Should be LUN/Pat

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 7353-1002923-01Adding target disk LUNs for encryption24. Select the target port from the Target

74 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Adding target disk LUNs for encryption2FIGURE 48 Select LUN dialog box The dialog

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 7553-1002923-01Adding target disk LUNs for encryption2NOTEThe maximum number of uncommitted conf

76 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Adding target tape LUNs for encryption2NOTEThe controller LUN (LUN 0) must be add

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 7753-1002923-01Adding target tape LUNs for encryption2FIGURE 51 Encryption Target Tape LUNs dial

78 Fabric OS Encryption Administrator’s Guide (SKM/ESKM)53-1002923-01Adding target tape LUNs for encryption2When you select a specific host, only the

Fabric OS Encryption Administrator’s Guide (SKM/ESKM) 7953-1002923-01Moving targets2Moving targetsThe Move Targets dialog box is used to redistribute