Brocade Fabric OS Encryption Administrator’s Guide Support Uživatelský manuál Strana 1
Procházejte online nebo si stáhněte Uživatelský manuál pro Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support. Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual Uživatelská příručka
- Strana / 332
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
- Fabric OS Encryption 1
- Document History 2
- Document Title iii 3
- 53-1002720-02 3
- Contents 5
- 53-1002922-01 10
- About This Document 15
- What’s new in this document 16
- Document conventions 16
- Command syntax conventions 17
- Notes, cautions, and warnings 17
- Additional information 18
- Getting technical help 19
- Document feedback 20
- Encryption Overview 21
- Terminology 22
- The Brocade Encryption Switch 24
- The FS8-18 blade 25
- FIPS mode 25
- Performance licensing 25
- Usage limitations 26
- FIGURE 2 Encryption overview 27
- FIGURE 3 Frame redirection 28
- IO Sync LAN 29
- FIGURE 5 DEK life cycle 30
- Master key management 31
- Support for virtual fabrics 31
- Encryption Center features 34
- Encryption user privileges 35
- Smart card usage 36
- Using system cards 41
- Deregistering system cards 43
- Using smart cards 43
- Tracking smart cards 44
- Editing smart cards 46
- Network connections 47
- Blade processor links 47
- (KAC) certificate 48
- Encryption preparation 55
- Creating an encryption group 55
- --initnode command 65
- --set -keyvault command 65
- --reg keyvault command 65
- Creating HA clusters 72
- Failback option 74
- Invoking failback 74
- Adding an encryption target 75
- FIGURE 46 Next Steps screen 83
- Configuring storage arrays 91
- Remote replication LUNs 91
- Moving targets 96
- Tape LUN statistics 99
- Encryption engine rebalancing 103
- Master keys 104
- Active master key 105
- Alternate master key 105
- Master key actions 106
- ATTENTION 107
- Creating a master key 113
- Security settings 114
- Setting zeroization 115
- Redirection zones 117
- Disk device decommissioning 117
- Decommissioning disk LUNs 118
- Displaying Universal IDs 120
- Setting disk LUN Re-key All 121
- Thin provisioned LUNs 125
- Thin Provisioning support 126
- General tab 133
- Members tab 135
- Members tab Remove button 136
- Security tab 137
- HA Clusters tab 139
- Tape Pools tab 141
- Adding tape pools 142
- Engine Operations tab 143
- TABLE 3 Encryption acronyms 144
- In this chapter 145
- Overview 146
- Command validation checks 146
- (Continued) 148
- Cryptocfg Help command output 150
- Management LAN configuration 150
- Configuring cluster links 151
- Node is a group leader node 152
- Node is a member node 152
- • FIPS crypto officer 153
- • FIPS user 153
- • Node CP certificate 153
- Submitting the CSR to a CA 156
- • cryptocfg --initEE 163
- • cryptocfg --regEE 163
- • cryptocfg --enableEE 163
- High availability clusters 168
- Creating an HA cluster 169
- Policy Configuration Examples 172
- Re-exporting a master key 173
- Viewing the master key IDs 174
- Zoning considerations 177
- Frame redirection zoning 178
- Gathering information 182
- Crypto LUN configuration 186
- Discovering a LUN 187
- Configuring a Crypto LUN 187
- Configuring a tape LUN 191
- Decommissioning LUNs 195
- SRDF LUNs 199
- SRDF pairs 200
- Adding replication LUNs 201
- Reading metadata after sync 202
- -newLUN option 203
- TF snapshot rekeying details 208
- ID> <initiator PWWN> 209
- -not_ready option of TF 209
- <initiator PWWN> 209
- Tape pool configuration 213
- Tape pool labeling 214
- NetBackup labeling 215
- NetWorker labeling 215
- Creating a tape pool 216
- Deleting a tape pool 216
- Modifying a tape pool 217
- First-time encryption 222
- Data rekeying 225
- Resource allocation 226
- Rekeying modes 226
- Deployment Scenarios 231
- --rdcreate [host wwn] 240
- FIGURE 103 FCIP deployment 242
- Data mirroring deployment 243
- VMware ESX server deployments 245
- General guidelines 248
- Enabling a disabled LUN 253
- HP-UX considerations 253
- AIX considerations 253
- Disk metadata 254
- Tape metadata 254
- Tape data compression 255
- Tape pools 255
- Tape block zero handling 256
- Tape key expiry 256
- Avoid double encryption 258
- PID failover 258
- Manual rekey 259
- Latency in rekey operations 259
- Key vault best practices 263
- Tape device LUN mapping 263
- Deleting an encryption group 269
- Removing an HA cluster member 269
- Deleting an HA cluster member 273
- Failover/failback example 274
- Recovery 275
- -hbmisses and -hbtimeout 280
- Key vault diagnostics 286
- --perfshow 287
- -portperfshow 287
- Command Activity 291
- Problem Resolution 291
- General errors and conditions 292
- LUN policy troubleshooting 299
- MPIO and internal LUN states 301
- Multi-node EG replacement 302
- Single-node EG replacement 304
- Multi-node EG Case 305
- Single-node EG Replacement 308
- Deregistering a DPM key vault 310
- FIGURE 111 DPM Clients page 311
- TABLE 15 Compatibility Matrix 313
- Encryption group Nodes 314
- State and Status Information 317
- Security processor KEK status 318
- Encrypted LUN states 318
- TABLE 22 Tape LUN states 321
Shrnutí obsahu
53-1002922-0126 July 2013®Fabric OS EncryptionAdministrator’s Guide Supporting RSA Data Protection Manager (DPM) EnvironmentsSupporting Fabric OS v7.2
viii Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Impact of tape LUN configuration changes. . . . . . . . . . . . . . . . . . 174Dec
80 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape LUN statistics2FIGURE 61 Tape LUN Statistics dialog boxThe dialog box contains th
Fabric OS Encryption Administrator’s Guide (DPM) 8153-1002922-01Tape LUN statistics23. Select a tape target storage device, then click LUNs.The Target
82 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape LUN statistics2• Host Port WWN: The WWN of the host port that is being used for t
Fabric OS Encryption Administrator’s Guide (DPM) 8353-1002922-01Encryption engine rebalancing2FIGURE 65 Tape LUN Statistics dialog boxThe dialog box c
84 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Master keys2During rebalancing operations, be aware of the following:• You might notic
Fabric OS Encryption Administrator’s Guide (DPM) 8553-1002922-01Master keys2NOTEAny DEK in the key vault that is either compromised, or needs to be de
86 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Master keys2Master key actionsNOTEMaster keys belong to the group and are managed from
Fabric OS Encryption Administrator’s Guide (DPM) 8753-1002922-01Master keys2The Master Key Backup dialog box displays, but only if the master key has
88 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Master keys2FIGURE 67 Backup Master Key for Encryption Group dialog box - Backup Desti
Fabric OS Encryption Administrator’s Guide (DPM) 8953-1002922-01Master keys2FIGURE 68 Backup Master Key for Encryption Group dialog box - Backup Desti
Fabric OS Encryption Administrator’s Guide (DPM) ix53-1002922-01Thin provisioned LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
90 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Master keys2Overview of saving a master key to a smart card set A card reader must be
Fabric OS Encryption Administrator’s Guide (DPM) 9153-1002922-01Master keys2FIGURE 69 Restore Master Key for Encryption Group dialog box - Restore fro
92 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Master keys2FIGURE 70 Restore Master Key for Encryption Group dialog box - Restore fro
Fabric OS Encryption Administrator’s Guide (DPM) 9353-1002922-01Master keys2FIGURE 71 Restore Master Key for Encryption Group dialog box - Restore fro
94 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Security settings2Security settings Security settings help you identify if system card
Fabric OS Encryption Administrator’s Guide (DPM) 9553-1002922-01Zeroizing an encryption engine2NOTEZeroizing an engine affects the I/Os, but all targe
96 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Using the Encryption Targets dialog box2Using the Encryption Targets dialog boxThe Enc
Fabric OS Encryption Administrator’s Guide (DPM) 9753-1002922-01Redirection zones2Redirection zonesIt is recommended that you configure the host and t
98 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Disk device decommissioning2Provided that the crypto configuration is not left uncommi
Fabric OS Encryption Administrator’s Guide (DPM) 9953-1002922-01Disk device decommissioning2In order to delete keys from the key vault, you need to kn
x Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Enabling a disabled LUN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
100 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Rekeying all disk LUNs manually2Displaying Universal IDsIn order to delete keys from
Fabric OS Encryption Administrator’s Guide (DPM) 10153-1002922-01Rekeying all disk LUNs manually2Setting disk LUN Re-key AllTo rekey all disk LUNs on
102 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Rekeying all disk LUNs manually2.FIGURE 76 Pending manual rekey operations Viewing di
Fabric OS Encryption Administrator’s Guide (DPM) 10353-1002922-01Rekeying all disk LUNs manually2FIGURE 77 Encryption Target Disk LUNs dialog box4. Cl
104 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Rekeying all disk LUNs manually2Viewing the progress of manual rekey operationsTo mon
Fabric OS Encryption Administrator’s Guide (DPM) 10553-1002922-01Thin provisioned LUNs2• Current LBA: The Logical Block Address (LBA) of the block tha
106 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing time left for auto rekey2• If you are running a Fabric OS version earlier tha
Fabric OS Encryption Administrator’s Guide (DPM) 10753-1002922-01Viewing and editing switch encryption properties23. Select a target disk device from
108 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing switch encryption properties2FIGURE 80 Encryption Switch Properti
Fabric OS Encryption Administrator’s Guide (DPM) 10953-1002922-01Viewing and editing switch encryption properties2• Discovering• Not a member- Encrypt
Fabric OS Encryption Administrator’s Guide (DPM) xi53-1002922-01Chapter 6 Maintenance and Troubleshooting 245In this chapter . . . . . . . . . . . . .
110 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing switch encryption properties2• Operational• need master/link key•
Fabric OS Encryption Administrator’s Guide (DPM) 11153-1002922-01Viewing and editing encryption group properties2Enabling and disabling the encryption
112 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing encryption group properties2FIGURE 82 Encryption Group Properties
Fabric OS Encryption Administrator’s Guide (DPM) 11353-1002922-01Viewing and editing encryption group properties2General tabThe General tab is viewed
114 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing encryption group properties2When the first encryption engine come
Fabric OS Encryption Administrator’s Guide (DPM) 11553-1002922-01Viewing and editing encryption group properties2Members tabThe Members tab lists grou
116 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing encryption group properties2FIGURE 84 Encryption Group Properties
Fabric OS Encryption Administrator’s Guide (DPM) 11753-1002922-01Viewing and editing encryption group properties2The consequences of removing the last
118 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing encryption group properties2FIGURE 85 Encryption Group Properties
Fabric OS Encryption Administrator’s Guide (DPM) 11953-1002922-01Viewing and editing encryption group properties2• Registered Authentication Cards tab
xii Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Brocade Encryption Switch removal and replacement. . . . . . . . . 285Multi-node EG
120 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing encryption group properties2The tab displays the includes the fol
Fabric OS Encryption Administrator’s Guide (DPM) 12153-1002922-01Viewing and editing encryption group properties2Tape Pools tabTape pools are managed
122 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Viewing and editing encryption group properties2All encryption engines in the encrypt
Fabric OS Encryption Administrator’s Guide (DPM) 12353-1002922-01Viewing and editing encryption group properties24. Based on your selection, do one of
124 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption-related acronyms in log messages2FIGURE 90 Encryption Group Properties Dia
Fabric OS Encryption Administrator’s Guide (DPM) 12553-1002922-01Chapter3Configuring Encryption Using the CLIIn this chapter•Overview. . . . . . . . .
126 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Overview3OverviewThis chapter explains how to use the command line interface (CLI) to
Fabric OS Encryption Administrator’s Guide (DPM) 12753-1002922-01Command RBAC permissions and AD types34. PortMember: allows all control operations on
128 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Command RBAC permissions and AD types3createhaclusterNOMN N N OMN NDisallowedcreateta
Fabric OS Encryption Administrator’s Guide (DPM) 12953-1002922-01Command RBAC permissions and AD types3rebalanceNOMN N N OMN NDisallowedreclaimNOMN N
Fabric OS Encryption Administrator’s Guide (DPM) xiii53-1002922-01About This DocumentIn this chapter•How this document is organized . . . . . . . . .
130 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Cryptocfg Help command output3Cryptocfg Help command outputAll encryption operations
Fabric OS Encryption Administrator’s Guide (DPM) 13153-1002922-01Configuring cluster links3Configuring cluster linksEach encryption switch or FS8-18 b
132 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring cluster links3DHCP: Offeth0: 10.33.54.208/20eth1: none/noneGateway: 10.33
Fabric OS Encryption Administrator’s Guide (DPM) 13353-1002922-01Setting encryption node initialization34. Reboot the member node (the node on which t
134 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance3Steps for connecting to a DPM applianceAll sw
Fabric OS Encryption Administrator’s Guide (DPM) 13553-1002922-01Steps for connecting to a DPM appliance3Initializing the Fabric OS encryption engines
136 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance36. Register the encryption engine by entering
Fabric OS Encryption Administrator’s Guide (DPM) 13753-1002922-01Steps for connecting to a DPM appliance33. Request the signed certificate.Generally,
138 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance3Uploading the CA certificate onto the DPM app
Fabric OS Encryption Administrator’s Guide (DPM) 13953-1002922-01Steps for connecting to a DPM appliance3i. Repeat step a through step h for each key
xiv Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Supported hardware and software. The following hardware platforms support data encryp
140 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance3To create a Brocade encryption group, complet
Fabric OS Encryption Administrator’s Guide (DPM) 14153-1002922-01Steps for connecting to a DPM appliance3• Registration File: This file is created as
142 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance3Setting heartbeat signaling valuesEncryption
Fabric OS Encryption Administrator’s Guide (DPM) 14353-1002922-01Adding a member node to an encryption group3Adding a member node to an encryption gro
144 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding a member node to an encryption group35. Use the cryptocfg --import command to
Fabric OS Encryption Administrator’s Guide (DPM) 14553-1002922-01Adding a member node to an encryption group3Encryption Group state: CLUSTER_STATE_CON
146 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Generating and backing up the master key3SecurityAdmin:switch> cryptocfg --reg -ke
Fabric OS Encryption Administrator’s Guide (DPM) 14753-1002922-01Generating and backing up the master key3 IP address: 10.33.54.160 Certi
148 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01High availability clusters3SecurityAdmin:switch> cryptocfg --show -groupmember -al
Fabric OS Encryption Administrator’s Guide (DPM) 14953-1002922-01High availability clusters3• HA clusters of FS8-18 blades should not include blades i
Fabric OS Encryption Administrator’s Guide (DPM) xv53-1002922-01Command syntax conventionsCommand syntax in this manual follows these conventions:Note
150 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01High availability clusters3NOTEAn HA cluster configuration must have two encryption e
Fabric OS Encryption Administrator’s Guide (DPM) 15153-1002922-01High availability clusters3<<old node WWN> [old slot number]><<new
152 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01High availability clusters3Policy Configuration ExamplesThe following examples illust
Fabric OS Encryption Administrator’s Guide (DPM) 15353-1002922-01Re-exporting a master key3Re-exporting a master keyWith the introduction of Fabric OS
154 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Re-exporting a master key3The exported key ID is displayed with the master key ID, as
Fabric OS Encryption Administrator’s Guide (DPM) 15553-1002922-01Re-exporting a master key3The following example lists the exported master key IDs for
156 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Enabling the encryption engine3Enabling the encryption engineEnable the encryption en
Fabric OS Encryption Administrator’s Guide (DPM) 15753-1002922-01Zoning considerations3 No HA cluster membership EE Attributes: Media Ty
158 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Zoning considerations3Frame redirection zoningName Server-based frame redirection ena
Fabric OS Encryption Administrator’s Guide (DPM) 15953-1002922-01Zoning considerations3 The Local Name Server has 1 entry }The nsshow command shows al
xvi Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Key termsFor definitions specific to Brocade and Fibre Channel, see the technical glo
160 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01CryptoTarget container configuration3FabricAdmin:switch> zonecreate itzone, "
Fabric OS Encryption Administrator’s Guide (DPM) 16153-1002922-01CryptoTarget container configuration3FIGURE 91 Relationship between initiator, virtua
162 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01CryptoTarget container configuration3You may be prompted to rebalance during the foll
Fabric OS Encryption Administrator’s Guide (DPM) 16353-1002922-01CryptoTarget container configuration3The following example creates a disk container n
164 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01CryptoTarget container configuration3 10:00:00:00:c9:2b:c9:3a; 20:0c:00:06:2b:0f:7
Fabric OS Encryption Administrator’s Guide (DPM) 16553-1002922-01CryptoTarget container configuration3Deleting a CryptoTarget containerYou may delete
166 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Crypto LUN configuration31. Log in to the group leader as Admin or FabricAdmin.2. Ent
Fabric OS Encryption Administrator’s Guide (DPM) 16753-1002922-01Crypto LUN configuration3Discovering a LUNWhen adding a LUN to a CryptoTarget contain
168 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Crypto LUN configuration3NOTEThere is a maximum of 512 disk LUNs per Initiator in a c
Fabric OS Encryption Administrator’s Guide (DPM) 16953-1002922-01Crypto LUN configuration3Number of host(s): 1Configuration status: committedHost: 10:
Fabric OS Encryption Administrator’s Guide (DPM) xvii53-1002922-01Getting technical helpContact your switch support supplier for hardware, firmware, a
170 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Crypto LUN configuration3Encryption formatDisk LUN: yesTape LUN: yesModify? Yes-encry
Fabric OS Encryption Administrator’s Guide (DPM) 17153-1002922-01Crypto LUN configuration3Configuring a tape LUNThis example shows how to configure a
172 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Crypto LUN configuration3Operation Succeededd. Display the LUN configuration.FabricAd
Fabric OS Encryption Administrator’s Guide (DPM) 17353-1002922-01Crypto LUN configuration3CAUTIONIn case of multiple paths for a LUN, each path is exp
174 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Impact of tape LUN configuration changes3LUN modification considerationsMake sure you
Fabric OS Encryption Administrator’s Guide (DPM) 17553-1002922-01Decommissioning LUNs3Decommissioning LUNsA disk device needs to be decommissioned whe
176 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Decommissioning replicated LUNs3Complete the following procedure to decommission a di
Fabric OS Encryption Administrator’s Guide (DPM) 17753-1002922-01Decommissioning replicated LUNs3• “Decommissioning primary R1 LUNs only”• “Decommissi
178 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Force-enabling a decommissioned disk LUN for encryption3Decommissioning primary R1 an
Fabric OS Encryption Administrator’s Guide (DPM) 17953-1002922-01Force-enabling a disabled disk LUN for encryption36. Modify the LUN to encrypted. Fab
Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved.ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, I
xviii Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Document feedbackQuality is our first concern at Brocade and we have made every eff
180 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01SRDF LUNs3• Adaptive Copy Replication transfers data from the source devices to the r
Fabric OS Encryption Administrator’s Guide (DPM) 18153-1002922-01SRDF LUNs3NOTEWhen Symmetrix arrays are managed in-band, the gatekeeper LUNs must be
182 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Using SRDF, TimeFinder and RecoverPoint with encryption3Be aware that when an individ
Fabric OS Encryption Administrator’s Guide (DPM) 18353-1002922-01Using SRDF, TimeFinder and RecoverPoint with encryption3Initial Configuration Require
184 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring LUNs for SRDF/TF or RP deployments3SecurityAdmin:switch> cryptocfg --r
Fabric OS Encryption Administrator’s Guide (DPM) 18553-1002922-01Configuring LUNs for SRDF/TF or RP deployments3Migrating LUNs with existing data to L
186 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring LUNs for SRDF/TF or RP deployments34. Copy the data from the old LUN to t
Fabric OS Encryption Administrator’s Guide (DPM) 18753-1002922-01Configuring LUNs for SRDF/TF or RP deployments3Alternatively, simply bringing the rem
188 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01SRDF/TF/RP manual rekeying procedures3NOTEIf the target device specified above is a s
Fabric OS Encryption Administrator’s Guide (DPM) 18953-1002922-01SRDF/TF/RP manual rekeying procedures3NOTEDuring all rekeying operations, data synchr
Fabric OS Encryption Administrator’s Guide (DPM) 153-1002922-01Chapter1Encryption OverviewIn this chapter•Host and LUN considerations . . . . . . . .
190 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01SRDF/TF/RP manual rekeying procedures33. During the rekeying operation, if desired, y
Fabric OS Encryption Administrator’s Guide (DPM) 19153-1002922-01SRDF/TF/RP manual rekeying procedures3Rekeying LUNs for RP deployments - local siteMa
192 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01SRDF/TF/RP manual rekeying procedures3Alternatively, simply bringing the remote site
Fabric OS Encryption Administrator’s Guide (DPM) 19353-1002922-01Tape pool configuration3Rekeying LUNs for RP deployments - remote siteTo rekey a remo
194 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape pool configuration3NOTETape pool configurations must be committed to take effect
Fabric OS Encryption Administrator’s Guide (DPM) 19553-1002922-01Tape pool configuration33. Edit the dbo.CommCellStoragePolicyquery as follows:a. Righ
196 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape pool configuration3Creating a tape poolComplete the following steps to create a
Fabric OS Encryption Administrator’s Guide (DPM) 19753-1002922-01Tape pool configuration3Operation succeeded.3. Commit the transactionFabricAdmin:swit
198 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring a multi-path Crypto LUN3Configuring a multi-path Crypto LUNA single LUN m
Fabric OS Encryption Administrator’s Guide (DPM) 19953-1002922-01Configuring a multi-path Crypto LUN3Multi-path LUN configuration exampleFigure 93 on
2 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Terminology1TerminologyThe following are definitions of terms used extensively in this
200 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring a multi-path Crypto LUN3b. Create a CryptoTarget container (CTC2) for tar
Fabric OS Encryption Administrator’s Guide (DPM) 20153-1002922-01Configuring a multi-path Crypto LUN3b. Add the same LUN to the CryptoTarget container
202 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01First-time encryption3First-time encryptionFirst-time encryption, also referred to as
Fabric OS Encryption Administrator’s Guide (DPM) 20353-1002922-01Thin provisioned LUNs3Thin provisioned LUNsWith the introduction of Fabric OS 7.1.0,
204 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Thin provisioned LUNs3Encryption format: nativeEncrypt existing data: disabledR
Fabric OS Encryption Administrator’s Guide (DPM) 20553-1002922-01Data rekeying3Space reclamationWhen a block that was provisioned is no longer needed,
206 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Data rekeying3Rekeying is only applicable to disk array LUNs or fixed block devices.
Fabric OS Encryption Administrator’s Guide (DPM) 20753-1002922-01Data rekeying3Configuring a LUN for automatic rekeyingRekeying options are configured
208 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Data rekeying3Initiating a manual rekey session You can initiate a rekeying session m
Fabric OS Encryption Administrator’s Guide (DPM) 20953-1002922-01Data rekeying3Current LBA: 488577Operation succeeded.Suspension and resump
Fabric OS Encryption Administrator’s Guide (DPM) 353-1002922-01Terminology1Opaque Key VaultA storage location that provides untrusted key management f
210 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Data rekeying3
Fabric OS Encryption Administrator’s Guide (DPM) 21153-1002922-01Chapter4Deployment ScenariosIn this chapter•Single encryption switch, two paths from
212 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Single encryption switch, two paths from host to target4Single encryption switch, two
Fabric OS Encryption Administrator’s Guide (DPM) 21353-1002922-01Single fabric deployment - HA cluster4Single fabric deployment - HA clusterFigure 95
214 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Single fabric deployment - DEK cluster4In Figure 95, the two encryption switches prov
Fabric OS Encryption Administrator’s Guide (DPM) 21553-1002922-01Dual fabric deployment - HA and DEK cluster4In Figure 96, two encryption switches are
216 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Multiple paths, one DEK cluster, and two HA clusters4failover for the encryption path
Fabric OS Encryption Administrator’s Guide (DPM) 21753-1002922-01Multiple paths, DEK cluster, no HA cluster4The configuration details shown in Figure
218 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Multiple paths, DEK cluster, no HA cluster4The configuration details are as follows:•
Fabric OS Encryption Administrator’s Guide (DPM) 21953-1002922-01Deployment in Fibre Channel routed fabrics4Deployment in Fibre Channel routed fabrics
4 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01The Brocade Encryption Switch1The Brocade Encryption SwitchThe Brocade Encryption Switc
220 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Deployment in Fibre Channel routed fabrics4The following is a summary of steps for cr
Fabric OS Encryption Administrator’s Guide (DPM) 22153-1002922-01Deployment as part of an edge fabric4Deployment as part of an edge fabricIn this depl
222 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Deployment with FCIP extension switches4Deployment with FCIP extension switchesEncryp
Fabric OS Encryption Administrator’s Guide (DPM) 22353-1002922-01Data mirroring deployment4Data mirroring deploymentFigure 104 shows a data mirroring
224 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Data mirroring deployment4If metadata is not present on the LUNBeginning with Fabric
Fabric OS Encryption Administrator’s Guide (DPM) 22553-1002922-01VMware ESX server deployments4VMware ESX server deploymentsVMware ESX servers may hos
226 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01VMware ESX server deployments4Figure 106 shows a VMware ESX server with two guest ope
Fabric OS Encryption Administrator’s Guide (DPM) 22753-1002922-01Chapter5Best Practices and Special TopicsIn this chapter•Firmware upgrade and downgra
228 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Firmware upgrade and downgrade considerations5Firmware upgrade and downgrade consider
Fabric OS Encryption Administrator’s Guide (DPM) 22953-1002922-01Firmware upgrade and downgrade considerations5Guidelines for firmware upgrade of encr
Fabric OS Encryption Administrator’s Guide (DPM) 553-1002922-01The FS8-18 blade1The FS8-18 bladeThe FS8-18 blade provides the same features and functi
230 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuration upload and download considerations53. Ensure that these CryptoTarget Co
Fabric OS Encryption Administrator’s Guide (DPM) 23153-1002922-01Configuration upload and download considerations5Configuration upload at an encryptio
232 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuration upload and download considerations5Configuration download at the encryp
Fabric OS Encryption Administrator’s Guide (DPM) 23353-1002922-01HP-UX considerations5HP-UX considerationsThe HP-UX OS requires LUN 0 to be present. L
234 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Decommissioning in an EG containing mixed modes5Decommissioning in an EG containing m
Fabric OS Encryption Administrator’s Guide (DPM) 23553-1002922-01Tape data compression5Tape data compressionData is compressed by the encryption switc
236 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape block zero handling5Tape block zero handlingThe block zero of the tape media is
Fabric OS Encryption Administrator’s Guide (DPM) 23753-1002922-01Redirection zones5• To enable host MPIO, LUNs must also be available through a second
238 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Ensure uniform licensing in HA clusters5Ensure uniform licensing in HA clustersLicens
Fabric OS Encryption Administrator’s Guide (DPM) 23953-1002922-01Turn off compression on extension switches5Turn off compression on extension switches
6 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Recommendation for connectivity1Recommendation for connectivityIn order to achieve high
240 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01KAC certificate registration expiry5Do not change LUN configuration while rekeyingNev
Fabric OS Encryption Administrator’s Guide (DPM) 24153-1002922-01Changing IP addresses in encryption groups5Changing IP addresses in encryption groups
242 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Recommendations for Initiator Fan-Ins5FIGURE 107 Fan-in ratios with performance licen
Fabric OS Encryption Administrator’s Guide (DPM) 24353-1002922-01Best practices for host clusters in an encryption environment5Best practices for host
244 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape device LUN mapping5
Fabric OS Encryption Administrator’s Guide (DPM) 24553-1002922-01Chapter6Maintenance and TroubleshootingIn this chapter•Encryption group and HA cluste
246 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group and HA cluster maintenance6Encryption group and HA cluster maintenan
Fabric OS Encryption Administrator’s Guide (DPM) 24753-1002922-01Encryption group and HA cluster maintenance6FIGURE 108 Removing a node from an encryp
248 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group and HA cluster maintenance6 IP Address: 10.32.33.
Fabric OS Encryption Administrator’s Guide (DPM) 24953-1002922-01Encryption group and HA cluster maintenance6Deleting an encryption groupYou can delet
Fabric OS Encryption Administrator’s Guide (DPM) 753-1002922-01Brocade encryption solution overview1Brocade encryption solution overviewThe loss of st
250 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group and HA cluster maintenance6Displaying the HA cluster configurationNO
Fabric OS Encryption Administrator’s Guide (DPM) 25153-1002922-01Encryption group and HA cluster maintenance6Replacing an HA cluster member1. Log in t
252 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group and HA cluster maintenance6FIGURE 109 Replacing a failed encryption
Fabric OS Encryption Administrator’s Guide (DPM) 25353-1002922-01Encryption group and HA cluster maintenance6Case 2: Replacing a “live” encryption eng
254 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group and HA cluster maintenance6Performing a manual failback of an encryp
Fabric OS Encryption Administrator’s Guide (DPM) 25553-1002922-01Encryption group merge and split use cases6• After the failback completes, the crypto
256 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group merge and split use cases6NOTEWhen attempting to reclaim a failed Br
Fabric OS Encryption Administrator’s Guide (DPM) 25753-1002922-01Encryption group merge and split use cases6RecoveryIf auto failback policy is set, no
258 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group merge and split use cases6• The isolation of N3 from the group leade
Fabric OS Encryption Administrator’s Guide (DPM) 25953-1002922-01Encryption group merge and split use cases6Recovery1. Restore the connection between
8 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Brocade encryption solution overview1Data flow from server to storageThe Brocade Encryp
260 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group merge and split use cases6NOTEThe collective time allowed (the heart
Fabric OS Encryption Administrator’s Guide (DPM) 26153-1002922-01Encryption group merge and split use cases6NOTEIf one or more EG status displays as C
262 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group merge and split use cases6Display the encryption group state again.N
Fabric OS Encryption Administrator’s Guide (DPM) 26353-1002922-01Encryption group merge and split use cases6If you now perform a cryptocfg --show -gro
264 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption group merge and split use cases66. Verify your encryption group is re-conv
Fabric OS Encryption Administrator’s Guide (DPM) 26553-1002922-01Encryption group database manual operations6Encryption group database manual operatio
266 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Key vault diagnostics6Use the --sync -securitydb command to distribute the security d
Fabric OS Encryption Administrator’s Guide (DPM) 26753-1002922-01Measuring encryption performance6• Key class and format on the KV configured for the
268 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Measuring encryption performance6For example:FabricAdmin:switch> cryptocfg --perfs
Fabric OS Encryption Administrator’s Guide (DPM) 26953-1002922-01Measuring encryption performance6b. The user port on which a particular virtual entit
Fabric OS Encryption Administrator’s Guide (DPM) 953-1002922-01Data encryption key life cycle management1Data encryption key life cycle managementData
270 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Measuring encryption performance6In a DCX Backbone, the slot number is also displayed
Fabric OS Encryption Administrator’s Guide (DPM) 27153-1002922-01General encryption troubleshooting6General encryption troubleshootingTable 9 lists th
272 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01General encryption troubleshooting6A backup fails because the LUN is always in the in
Fabric OS Encryption Administrator’s Guide (DPM) 27353-1002922-01General encryption troubleshooting6Decommissioning an R2 LUN (remote replication LUN)
274 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Troubleshooting examples using the CLI6Troubleshooting examples using the CLIEncrypti
Fabric OS Encryption Administrator’s Guide (DPM) 27553-1002922-01Troubleshooting examples using the CLI6Encryption Disabled CryptoTarget LUNIf the LUN
276 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Management application encryption wizard troubleshooting6Management application encry
Fabric OS Encryption Administrator’s Guide (DPM) 27753-1002922-01Management application encryption wizard troubleshooting6Errors related to adding a s
278 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Management application encryption wizard troubleshooting6General errors related to th
Fabric OS Encryption Administrator’s Guide (DPM) 27953-1002922-01LUN policy troubleshooting6LUN policy troubleshootingTable 14 may be used as an aid i
Document Title iii53-1002720-02
10 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Data encryption key life cycle management1FIGURE 5 DEK life cycle
280 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Loss of encryption group leader after power outage6Loss of encryption group leader af
Fabric OS Encryption Administrator’s Guide (DPM) 28153-1002922-01MPIO and internal LUN states65. Synchronize the crypto configurations across all memb
282 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01FS8-18 blade removal and replacement61. Enter the cryptocfg --resume_rekey command, f
Fabric OS Encryption Administrator’s Guide (DPM) 28353-1002922-01FS8-18 blade removal and replacement63. If the replaced FS8-18 blade is in member nod
284 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01FS8-18 blade removal and replacement6NOTEBecause the FS8-18 blade was inserted in the
Fabric OS Encryption Administrator’s Guide (DPM) 28553-1002922-01Brocade Encryption Switch removal and replacement611. If a master key is not present,
286 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Brocade Encryption Switch removal and replacement66. Replace the old Brocade Encrypti
Fabric OS Encryption Administrator’s Guide (DPM) 28753-1002922-01Brocade Encryption Switch removal and replacement620. Export the KAC CSR from the new
288 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Brocade Encryption Switch removal and replacement632. If HA cluster membership for th
Fabric OS Encryption Administrator’s Guide (DPM) 28953-1002922-01Brocade Encryption Switch removal and replacement612. Recreate the EG with the same n
Fabric OS Encryption Administrator’s Guide (DPM) 1153-1002922-01Master key management1Master key managementCommunications with opaque key vaults are e
290 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Deregistering a DPM key vault630. Verify that defzone is set as no access.31. If HA c
Fabric OS Encryption Administrator’s Guide (DPM) 29153-1002922-01Reclaiming the WWN base of a failed Brocade Encryption Switch6Type: DPMSec
292 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Removing stale rekey information for a LUN6NOTEWhen attempting to reclaim a failed Br
Fabric OS Encryption Administrator’s Guide (DPM) 29353-1002922-01Fabric OS and DPM Compatibility Matrix6If a device decommission firmware consistency
294 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Splitting an encryption group into two encryption groups6Splitting an encryption grou
Fabric OS Encryption Administrator’s Guide (DPM) 29553-1002922-01Moving an encryption blade from one EG to another in the same fabric6When prompted, e
296 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Moving an encryption switch from one EG to another in the same fabric6Moving an encry
Fabric OS Encryption Administrator’s Guide (DPM) 29753-1002922-01AppendixAState and Status InformationIn this appendix•Encryption engine security proc
298 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Security processor KEK statusASecurity processor KEK statusTable 20 lists security pr
Fabric OS Encryption Administrator’s Guide (DPM) 29953-1002922-01Encrypted LUN statesALUN_1ST_TIME_REKEY_IN_PROG First time rekey is in progress.LUN_K
12 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Cisco Fabric Connectivity support1Cisco Fabric Connectivity supportThe Brocade Encrypt
300 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encrypted LUN statesALUN_DIS_WR_META_DONE_ERR Disabled (Write metadata done with fail
Fabric OS Encryption Administrator’s Guide (DPM) 30153-1002922-01Encrypted LUN statesATABLE 22 Tape LUN statesInternal Names Console String Explanatio
302 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encrypted LUN statesALUN_ENCRYPT Encryption enabled The tape medium is present, and i
Fabric OS Encryption Administrator’s Guide (DPM) 30353-1002922-01IndexAadd commands--add -haclustermember, 150--add -initiator, 163, 171, 200--add -LU
304 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01create commands--create -container, 162, 171, 199--create -encgroup, 140--create -hac
Fabric OS Encryption Administrator’s Guide (DPM) 30553-1002922-01DEK (data encryption keys), 9DEK life cycle, 10delete commands--delete -container, 16
306 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01encryption groupadding a member node to using the CLI, 143adding a switch using the m
Fabric OS Encryption Administrator’s Guide (DPM) 30753-1002922-01Ggeneral tabencryption group propertiesgeneral tab, 113generate commands--genmasterke
308 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01licensingbest practices, 5LUNadding Crypto LUN to CryptoTarget container, 167adding t
Fabric OS Encryption Administrator’s Guide (DPM) 30953-1002922-01PPID failover, 238policiesconfiguration examples, 152for Crypto LUN, 169impact of LUN
Fabric OS Encryption Administrator’s Guide (DPM) 1353-1002922-01Chapter2Configuring Encryption Using the Management ApplicationIn this chapter•Encrypt
310 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01SRDF pairs, 72, 180statesencrypted LUN, 298storage arraysconfiguring, 71storage encry
Fabric OS Encryption Administrator’s Guide (DPM) 31153-1002922-01Uuniversal IDsdisplaying, 100user privilegesdefined, 15resource groups, 15using from
312 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01
14 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption Center features2Encryption Center featuresThe Encryption Center dialog box
Fabric OS Encryption Administrator’s Guide (DPM) 1553-1002922-01Encryption user privileges2Encryption user privilegesIn Brocade Network Advisor, resou
16 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Smart card usage2Smart card usageSmart cards are credit card-sized cards that contain
Fabric OS Encryption Administrator’s Guide (DPM) 1753-1002922-01Smart card usage2• Establishing a trusted link with the NetApp LKM key vault.• Decommi
18 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Smart card usage23. Locate the Authentication Card Quorum Size and select the quorum s
Fabric OS Encryption Administrator’s Guide (DPM) 1953-1002922-01Smart card usage2Registering authentication cards from the databaseSmart cards that ar
iv Document Title53-1002720-02
20 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Smart card usage2Deregistering an authentication cardAuthentication cards can be remov
Fabric OS Encryption Administrator’s Guide (DPM) 2153-1002922-01Smart card usage2Using system cardsSystem cards are smart cards that can be used to co
22 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Smart card usage2Enabling or disabling the system card requirementTo use a system card
Fabric OS Encryption Administrator’s Guide (DPM) 2353-1002922-01Smart card usage2Deregistering system cardsSystem cards can be removed from the databa
24 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Smart card usage2Tracking smart cards1. Select Configure > Encryption from the menu
Fabric OS Encryption Administrator’s Guide (DPM) 2553-1002922-01Smart card usage2FIGURE 12 Smart Card asset tracking dialog box3. Select a smart card
26 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Smart card usage2Editing smart cardsSmart cards can be used for user authentication, m
Fabric OS Encryption Administrator’s Guide (DPM) 2753-1002922-01Network connections2Network connectionsBefore you use the encryption setup wizard for
28 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Encryption node initialization and certificate generation2Configuring blade processor
Fabric OS Encryption Administrator’s Guide (DPM) 2953-1002922-01Steps for connecting to a DPM appliance2Setting encryption node initializationEncrypti
Fabric OS Encryption Administrator’s Guide (DPM) iii53-1002922-01ContentsAbout This DocumentIn this chapter . . . . . . . . . . . . . . . . . . . . .
30 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance2Exporting the KAC certificate signing request
Fabric OS Encryption Administrator’s Guide (DPM) 3153-1002922-01Steps for connecting to a DPM appliance2KAC certificate registration expiryIt is impor
32 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance2Uploading the CA certificate onto the DPM appl
Fabric OS Encryption Administrator’s Guide (DPM) 3353-1002922-01Steps for connecting to a DPM appliance2h. Click Next.i. Repeat step a through step h
34 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Steps for connecting to a DPM appliance2Loading the CA certificate onto the encryption
Fabric OS Encryption Administrator’s Guide (DPM) 3553-1002922-01Encryption preparation2Encryption preparationBefore you use the encryption setup wizar
36 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Creating an encryption group22. Select a switch from the <NO GROUP DEFINED> encr
Fabric OS Encryption Administrator’s Guide (DPM) 3753-1002922-01Creating an encryption group24. From the Configure Switch Encryption welcome screen, c
38 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Creating an encryption group2FIGURE 20 Create a New Encryption Group dialog boxThe dia
Fabric OS Encryption Administrator’s Guide (DPM) 3953-1002922-01Creating an encryption group2FIGURE 21 Select Key Vault dialog boxUsing this dialog bo
iv Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Support for virtual fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Creating an encryption group2Configuring key vault settings for RSA Data Protection Ma
Fabric OS Encryption Administrator’s Guide (DPM) 4153-1002922-01Creating an encryption group2FIGURE 23 Specify Certificate Signing Request File Name d
42 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Creating an encryption group2FIGURE 24 Specify Master Key File Name dialog box7. Enter
Fabric OS Encryption Administrator’s Guide (DPM) 4353-1002922-01Creating an encryption group2FIGURE 25 Select Security Settings dialog box10. Set quor
44 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Creating an encryption group2FIGURE 26 Confirm Configuration dialog boxThe Configurati
Fabric OS Encryption Administrator’s Guide (DPM) 4553-1002922-01Creating an encryption group2FIGURE 28 Next Steps dialog box13. Review the post-config
46 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding a switch to an encryption group2Adding a switch to an encryption groupThe setup
Fabric OS Encryption Administrator’s Guide (DPM) 4753-1002922-01Adding a switch to an encryption group2FIGURE 30 Designate Switch Membership dialog bo
48 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding a switch to an encryption group2FIGURE 31 Add Switch to Existing Encryption Gro
Fabric OS Encryption Administrator’s Guide (DPM) 4953-1002922-01Adding a switch to an encryption group26. Enter the location where you want to store t
Fabric OS Encryption Administrator’s Guide (DPM) v53-1002922-01High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Replacing an encryption engine in an encryption group2All configuration items have gre
Fabric OS Encryption Administrator’s Guide (DPM) 5153-1002922-01High availability clusters2FIGURE 36 Engine Operations tab3. Select the engine to repl
52 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01High availability clusters2NOTEIn Fabric OS 6.3.0 and later, HA cluster creation is bl
Fabric OS Encryption Administrator’s Guide (DPM) 5353-1002922-01High availability clusters2FIGURE 37 Encryption Group Properties dialog box - HA Clust
54 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01High availability clusters2Swapping engines in an HA clusterSwapping engines is useful
Fabric OS Encryption Administrator’s Guide (DPM) 5553-1002922-01Configuring encryption storage targets2Configuring encryption storage targetsAdding an
56 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring encryption storage targets2FIGURE 38 Encryption Targets dialog box3. Click
Fabric OS Encryption Administrator’s Guide (DPM) 5753-1002922-01Configuring encryption storage targets2FIGURE 40 Select Encryption Engine dialog boxTh
58 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring encryption storage targets2FIGURE 41 Select Target dialog boxThe dialog bo
Fabric OS Encryption Administrator’s Guide (DPM) 5953-1002922-01Configuring encryption storage targets2FIGURE 42 Select Hosts dialog boxThe dialog box
vi Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Disk device decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring encryption storage targets2• Right arrow button: Moves a host from the Hos
Fabric OS Encryption Administrator’s Guide (DPM) 6153-1002922-01Configuring encryption storage targets2FIGURE 44 Confirmation dialog boxThe screen con
62 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring encryption storage targets2FIGURE 45 Configuration Status screenThe screen
Fabric OS Encryption Administrator’s Guide (DPM) 6353-1002922-01Configuring hosts for encryption targets2FIGURE 46 Next Steps screenThe screen contain
64 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Configuring hosts for encryption targets2NOTEYou can also select a group, switch, or e
Fabric OS Encryption Administrator’s Guide (DPM) 6553-1002922-01Configuring hosts for encryption targets2NOTEBoth the Hosts in Fabric table and the Se
66 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding target disk LUNs for encryption2Adding target disk LUNs for encryptionYou can a
Fabric OS Encryption Administrator’s Guide (DPM) 6753-1002922-01Adding target disk LUNs for encryption2• Encryption path table: Should be LUN/Path ide
68 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding target disk LUNs for encryption24. Select the target port from the Target Port
Fabric OS Encryption Administrator’s Guide (DPM) 6953-1002922-01Adding target disk LUNs for encryption2FIGURE 52 Select LUN dialog box The dialog box
Fabric OS Encryption Administrator’s Guide (DPM) vii53-1002922-01Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . 134Ini
70 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding target disk LUNs for encryption28. If REPL Support was enabled by the Configure
Fabric OS Encryption Administrator’s Guide (DPM) 7153-1002922-01Adding target disk LUNs for encryption2Configuring storage arraysThe Storage Array con
72 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding target disk LUNs for encryption2SRDF pairsRemote replication is implemented by
Fabric OS Encryption Administrator’s Guide (DPM) 7353-1002922-01Adding target tape LUNs for encryption2Note the following when using the New LUN optio
74 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Adding target tape LUNs for encryption2FIGURE 55 Encryption Targets dialog box3. Selec
Fabric OS Encryption Administrator’s Guide (DPM) 7553-1002922-01Adding target tape LUNs for encryption2FIGURE 57 Add Encryption Target Tape LUNs dialo
76 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Moving targets2• Enable Write Early Ack: When selected, enables tape write pipelining
Fabric OS Encryption Administrator’s Guide (DPM) 7753-1002922-01Tape LUN write early and read ahead2Tape LUN write early and read aheadThe tape LUN wr
78 Fabric OS Encryption Administrator’s Guide (DPM)53-1002922-01Tape LUN write early and read ahead2FIGURE 59 Encryption Target Tape LUNs dialog box -
Fabric OS Encryption Administrator’s Guide (DPM) 7953-1002922-01Tape LUN statistics2Tape LUN statisticsThis feature enables you to view and clear stat
Další dokumenty pro Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support
Související produkty a manuály pro Počítačové příslušenství Brocade Fabric OS Encryption Administrator’s Guide Support
(324 stránky)
(322 stránky)
(12 stránky)
(127 stránky)
(58 stránky)
(300 stránky)
(34 stránky)
(130 stránky)
(116 stránky)
(90 stránky)
(114 stránky)
(64 stránky)
(126 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.047 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce