Brocade Fabric OS Encryption Administrator’s Guide Support Manuel d'utilisateur

53-1002747-0225 March 2013®53-1002747-02Fabric OS EncryptionAdministrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compl

x Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Rekeying best practices and policies. . . . . . . . . . . . . . . . . . . . . . . .238

82 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target disk LUNs for encryption2Adding target disk LUNs for encryptionYou can

Fabric OS Encryption Administrator’s Guide (KMIP) 8353-1002747-02Adding target disk LUNs for encryption2• Encryption Mode• Encrypt Existing Data• Key

84 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target disk LUNs for encryption2FIGURE 75 Select Initiator Port dialog boxThe

Fabric OS Encryption Administrator’s Guide (KMIP) 8553-1002747-02Adding target disk LUNs for encryption2FIGURE 76 Select LUN dialog box The dialog box

86 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target disk LUNs for encryption2NOTEWith the introduction of Fabric OS v7.1.0,

Fabric OS Encryption Administrator’s Guide (KMIP) 8753-1002747-02Adding target tape LUNs for encryption2Configuring storage arraysThe Storage Array co

88 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target tape LUNs for encryption2FIGURE 78 Encryption Targets dialog box3. Sele

Fabric OS Encryption Administrator’s Guide (KMIP) 8953-1002747-02Adding target tape LUNs for encryption2FIGURE 80 Add Encryption Target Tape LUNs dial

90 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Moving Targets2• Enable Read Ahead: When selected, enables read pre-fetching on this

Fabric OS Encryption Administrator’s Guide (KMIP) 9153-1002747-02Configuring encrypted tape storage in a multi-path environment2Configuring encrypted

Fabric OS Encryption Administrator’s Guide (KMIP) xi53-1002747-02General encryption troubleshooting . . . . . . . . . . . . . . . . . . . . . . . .26

92 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape LUN write early and read ahead2Tape LUN write early and read aheadThe tape LUN w

Fabric OS Encryption Administrator’s Guide (KMIP) 9353-1002747-02Tape LUN statistics2FIGURE 82 Encryption Target Tape LUNs dialog box - Setting tape L

94 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape LUN statistics2Viewing and clearing tape container statisticsYou can view LUN st

Fabric OS Encryption Administrator’s Guide (KMIP) 9553-1002747-02Tape LUN statistics2• Tape Session #: The number of the ongoing tape session.• Uncomp

96 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape LUN statistics2FIGURE 85 Target Tape LUNs dialog box4. Select the LUN or LUNs fo

Fabric OS Encryption Administrator’s Guide (KMIP) 9753-1002747-02Tape LUN statistics2• A Refresh button updates the statistics on the display since th

98 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption engine rebalancing2FIGURE 88 Tape LUN Statistics dialog boxThe dialog box

Fabric OS Encryption Administrator’s Guide (KMIP) 9953-1002747-02Master keys2During rebalancing operations, be aware of the following:• You might noti

100 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2The new master key cannot be used (no new data encryption keys can be cr

Fabric OS Encryption Administrator’s Guide (KMIP) 10153-1002747-02Master keys2Refer to the following procedures for more information:- “Saving the mas

xii Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02

102 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 89 Backup Destination (to file) dialog box4. Select File as the B

Fabric OS Encryption Administrator’s Guide (KMIP) 10353-1002747-02Master keys2FIGURE 90 Backup Destination (to key vault) dialog box4. Select Key Vaul

104 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 91 Backup Destination (to smart cards) dialog box4. Select A Reco

Fabric OS Encryption Administrator’s Guide (KMIP) 10553-1002747-02Master keys2Saving a master key to a smart card set - OverviewA card reader must be

106 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 92 Select a Master Key to Restore (from file) dialog box4. Choose

Fabric OS Encryption Administrator’s Guide (KMIP) 10753-1002747-02Master keys2FIGURE 93 Select a Master Key to Restore (from key vault) dialog box4. C

108 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 94 Select a Master Key to Restore (from a recovery set of smart c

Fabric OS Encryption Administrator’s Guide (KMIP) 10953-1002747-02Security Settings2Security Settings Security settings help you identify if system ca

110 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Zeroizing an encryption engine2NOTEZeroizing an engine affects the I/Os, but all tar

Fabric OS Encryption Administrator’s Guide (KMIP) 11153-1002747-02Using the Encryption Targets dialog box2Using the Encryption Targets dialog boxThe E

Fabric OS Encryption Administrator’s Guide (KMIP) xiii53-1002747-02About This DocumentIn this chapter•How this document is organized . . . . . . . .

112 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Redirection zones2Redirection zonesIt is recommended that you configure the host and

Fabric OS Encryption Administrator’s Guide (KMIP) 11353-1002747-02Disk device decommissioning2Provided that the crypto configuration is not left uncom

114 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Disk device decommissioning2In order to delete keys from the key vault, you need to

Fabric OS Encryption Administrator’s Guide (KMIP) 11553-1002747-02Rekeying all disk LUNs manually2Displaying Universal IDsIn order to delete keys from

116 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Rekeying all disk LUNs manually2Setting disk LUN Re-key AllTo rekey all disk LUNs on

Fabric OS Encryption Administrator’s Guide (KMIP) 11753-1002747-02Rekeying all disk LUNs manually2.FIGURE 99 Pending manual rekey operations Viewing d

118 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Rekeying all disk LUNs manually2FIGURE 100 Encryption Target Disk LUNs dialog box4.

Fabric OS Encryption Administrator’s Guide (KMIP) 11953-1002747-02Rekeying all disk LUNs manually2Viewing the progress of manual rekey operationsTo mo

120 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Thin provisioned LUNs2• Current LBA: The Logical Block Address (LBA) of the block th

Fabric OS Encryption Administrator’s Guide (KMIP) 12153-1002747-02Viewing time left for auto rekey2• If you are running a Fabric OS version earlier th

xiv Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02• Chapter 6, “Maintenance and Troubleshooting,” provides information on troubleshoot

122 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing switch encryption properties2The Encryption Target Disk LUNs dia

Fabric OS Encryption Administrator’s Guide (KMIP) 12353-1002747-02Viewing and editing switch encryption properties2FIGURE 103 Encryption Switch Proper

124 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing switch encryption properties2• Encryption Group: The name of the

Fabric OS Encryption Administrator’s Guide (KMIP) 12553-1002747-02Viewing and editing switch encryption properties2• Online• Set State To: Identifies

126 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2FIGURE 104 Import Signed Certificate

Fabric OS Encryption Administrator’s Guide (KMIP) 12753-1002747-02Viewing and editing encryption group properties2The Encryption Group Properties dial

128 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2General tabThe General tab (Figure 1

Fabric OS Encryption Administrator’s Guide (KMIP) 12953-1002747-02Viewing and editing encryption group properties2When the first encryption engine com

130 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2• Not responding• Failed authenticat

Fabric OS Encryption Administrator’s Guide (KMIP) 13153-1002747-02Viewing and editing encryption group properties2• Connection Status: The switch’s co

Fabric OS Encryption Administrator’s Guide (KMIP) xv53-1002747-02Command syntax conventionsCommand syntax in this manual follows these conventions:Not

132 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2Members tab Remove buttonYou can cli

Fabric OS Encryption Administrator’s Guide (KMIP) 13353-1002747-02Viewing and editing encryption group properties2A warning message is displayed when

134 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2FIGURE 108 Encryption Group Properti

Fabric OS Encryption Administrator’s Guide (KMIP) 13553-1002747-02Viewing and editing encryption group properties2• Registered Authentication Cards ta

136 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2• Right- and Left-arrow buttons: You

Fabric OS Encryption Administrator’s Guide (KMIP) 13753-1002747-02Viewing and editing encryption group properties2Tape Pools tabTape pools are managed

138 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2All encryption engines in the encryp

Fabric OS Encryption Administrator’s Guide (KMIP) 13953-1002747-02Viewing and editing encryption group properties24. Based on your selection, do one o

140 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption-related acronyms in log messages2FIGURE 113 Encryption Group Properties D

Fabric OS Encryption Administrator’s Guide (KMIP) 14153-1002747-02Chapter3Configuring Encryption Using the CLIIn this chapter•Overview. . . . . . . .

xvi Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Key termsFor definitions specific to Brocade and Fibre Channel, see the technical gl

142 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Overview3OverviewThis chapter explains how to use the command line interface (CLI) t

Fabric OS Encryption Administrator’s Guide (KMIP) 14353-1002747-02Command RBAC permissions and AD types34. PortMember: allows all control operations o

144 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Command RBAC permissions and AD types3createhaclusterNOMN N N OMN NDisallowedcreatet

Fabric OS Encryption Administrator’s Guide (KMIP) 14553-1002747-02Cryptocfg Help command output3Cryptocfg Help command outputAll encryption operations

146 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Management LAN configuration3switch:admin> cryptocfg --help -nodecfgUsage: crypto

Fabric OS Encryption Administrator’s Guide (KMIP) 14753-1002747-02Configuring cluster links3The following example configures a static IP address and g

148 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Setting encryption node initialization3IP Address change of a node within an encrypt

Fabric OS Encryption Administrator’s Guide (KMIP) 14953-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)3From the standpoint of

150 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)36. Configure the KMIP s

Fabric OS Encryption Administrator’s Guide (KMIP) 15153-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)33. Verify the cluster s

Fabric OS Encryption Administrator’s Guide (KMIP) xvii53-1002747-02For information about the Key Management Interoperability Protocol standard, visit

152 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3h. Aft

Fabric OS Encryption Administrator’s Guide (KMIP) 15353-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Signin

154 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)33. Und

Fabric OS Encryption Administrator’s Guide (KMIP) 15553-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)32. On

156 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Regist

Fabric OS Encryption Administrator’s Guide (KMIP) 15753-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Time o

158 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Notify

Fabric OS Encryption Administrator’s Guide (KMIP) 15953-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3The fo

160 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a member node to an encryption group3 Server SDK Version:

Fabric OS Encryption Administrator’s Guide (KMIP) 16153-1002747-02Adding a member node to an encryption group3CAUTIONAfter adding the member node to t

xviii Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-023. World Wide Name (WWN)Use the licenseIdShow command to display the WWN of the ch

162 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a member node to an encryption group3NOTEIf the maximum number of certificate

Fabric OS Encryption Administrator’s Guide (KMIP) 16353-1002747-02Generating and backing up the master key3Additional Secondary Key Vault Information:

164 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability clusters32. Export the master key to the key vault. Make a note of

Fabric OS Encryption Administrator’s Guide (KMIP) 16553-1002747-02High availability clusters3• It is recommended that the HA cluster configuration be

166 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability clusters3Adding an encryption engine to an HA cluster1. Log in to

Fabric OS Encryption Administrator’s Guide (KMIP) 16753-1002747-02High availability clusters3Number of HA Clusters: 1HA cluster name: dthac - 2 EE ent

168 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability clusters3Policy Configuration ExamplesThe following examples illus

Fabric OS Encryption Administrator’s Guide (KMIP) 16953-1002747-02Re-exporting a master key3Re-exporting a master keyYou can export master keys to the

170 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Re-exporting a master key3Exporting an additional key IDExample: Subsequent master k

Fabric OS Encryption Administrator’s Guide (KMIP) 17153-1002747-02Re-exporting a master key3e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:9ae3:ae:aa:89

Fabric OS Encryption Administrator’s Guide (KMIP) 153-1002747-02Chapter1Encryption OverviewIn this chapter•Host and LUN considerations . . . . . . . .

172 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Enabling the encryption engine3Enabling the encryption engineEnable the encryption e

Fabric OS Encryption Administrator’s Guide (KMIP) 17353-1002747-02Zoning considerations3 No HA cluster membership EE Attributes: Media T

174 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Zoning considerations3Frame redirection zoningName Server-based frame redirection en

Fabric OS Encryption Administrator’s Guide (KMIP) 17553-1002747-02Zoning considerations3 Redirect: No The Local Name Server has 1 entry }The nsshow co

176 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02CryptoTarget container configuration37. Create a zone that includes the initiator an

Fabric OS Encryption Administrator’s Guide (KMIP) 17753-1002747-02CryptoTarget container configuration3FIGURE 118 Relationship between initiator, virt

178 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02CryptoTarget container configuration3• When removing an existing disk or tape target

Fabric OS Encryption Administrator’s Guide (KMIP) 17953-1002747-02CryptoTarget container configuration3FabricAdmin:switch> cryptocfg --create -cont

180 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02CryptoTarget container configuration3zone: red_______base 00:00:00:00:00:00:00:01;

Fabric OS Encryption Administrator’s Guide (KMIP) 18153-1002747-02CryptoTarget container configuration3Deleting a CryptoTarget containerYou may delete

Copyright © 2012- 2013 Brocade Communications Systems, Inc. All Rights Reserved.Brocade, Brocade Assurance, the B-wing symbol, BigIron, DCX, Fabric OS

2 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Terminology1TerminologyThe following are definitions of terms used extensively in this

182 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3NOTEIf a CryptoTarget container is moved in a configuration

Fabric OS Encryption Administrator’s Guide (KMIP) 18353-1002747-02Crypto LUN configuration3Discovering a LUNWhen adding a LUN to a CryptoTarget contai

184 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3NOTEThere is a maximum of 512 disk LUNs per Initiator in a

Fabric OS Encryption Administrator’s Guide (KMIP) 18553-1002747-02Crypto LUN configuration3VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1dNumber o

186 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3TABLE 6 LUN parameters and policies Policy name Command pa

Fabric OS Encryption Administrator’s Guide (KMIP) 18753-1002747-02Crypto LUN configuration3Configuring a tape LUNThis example shows how to configure a

188 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3LUN serial number:Key ID state: Key ID not Applicab

Fabric OS Encryption Administrator’s Guide (KMIP) 18953-1002747-02Crypto LUN configuration3FabricAdmin:switch> cryptocfg --remove -LUN my_disk_tgt

190 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3CAUTIONWhen configuring a LUN with multiple paths, do not c

Fabric OS Encryption Administrator’s Guide (KMIP) 19153-1002747-02Impact of tape LUN configuration changes3Impact of tape LUN configuration changesLUN

Fabric OS Encryption Administrator’s Guide (KMIP) 353-1002747-02Terminology1Opaque Key VaultA storage location that provides untrusted key management

192 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring a multi-path Crypto LUN3Multi-path LUN configuration exampleFigure 119 o

Fabric OS Encryption Administrator’s Guide (KMIP) 19353-1002747-02Configuring a multi-path Crypto LUN3c. Create a CryptoTarget container (CTC2) for ta

194 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring a multi-path Crypto LUN3b. Add the same LUN to the CryptoTarget containe

Fabric OS Encryption Administrator’s Guide (KMIP) 19553-1002747-02Decommissioning LUNs3Decommissioning LUNsA disk device needs to be decommissioned wh

196 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Decommissioning LUNs33. Enter cryptocfg --show -decommissionedkeyids to obtain a lis

Fabric OS Encryption Administrator’s Guide (KMIP) 19753-1002747-02Decommissioning replicated LUNs3Decommissioning replicated LUNsThe following scenari

198 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Force-enabling a decommissioned disk LUN for encryption3NOTEDo not delete the key fr

Fabric OS Encryption Administrator’s Guide (KMIP) 19953-1002747-02Force-enabling a disabled disk LUN for encryption37. En a bl e th e LU N .FabricAd

200 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape pool configuration3Tape pool configurationTape pools are used by tape backup ap

Fabric OS Encryption Administrator’s Guide (KMIP) 20153-1002747-02Tape pool configuration3CommVault Galaxy labelingCommVault uses a storage policy for

4 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02The Brocade Encryption Switch1The Brocade Encryption SwitchThe Brocade Encryption Swit

202 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape pool configuration3Creating a tape poolTake the following steps to create a tap

Fabric OS Encryption Administrator’s Guide (KMIP) 20353-1002747-02Tape pool configuration3Deleting a tape poolThis command does not issue a warning if

204 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02First-time encryption3First-time encryptionFirst-time encryption, also referred to a

Fabric OS Encryption Administrator’s Guide (KMIP) 20553-1002747-02Thin provisioned LUNs3Thin provisioned LUNsWith the introduction of Fabric OS 7.1.0,

206 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Thin provisioned LUNs3Encryption algorithm: AES256-XTSKey ID state: Read

Fabric OS Encryption Administrator’s Guide (KMIP) 20753-1002747-02Data rekeying3• Because windows host utility “sdelete –c” sends WRITE command with z

208 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Data rekeying3Configuring a LUN for automatic rekeyingRekeying options are configure

Fabric OS Encryption Administrator’s Guide (KMIP) 20953-1002747-02Data rekeying3Initiating a manual rekey sessionYou can initiate a rekeying session m

210 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Data rekeying3Current LBA: 488577Operation succeeded.Suspension and resum

Fabric OS Encryption Administrator’s Guide (KMIP) 21153-1002747-02Chapter4Deployment ScenariosIn this chapter•Single encryption switch, two paths from

Fabric OS Encryption Administrator’s Guide (KMIP) 553-1002747-02The FS8-18 blade1The FS8-18 bladeThe FS8-18 blade provides the same features and funct

212 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Single encryption switch, two paths from host to target4Single encryption switch, tw

Fabric OS Encryption Administrator’s Guide (KMIP) 21353-1002747-02Single fabric deployment - HA cluster4Single fabric deployment - HA clusterFigure 12

214 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Single fabric deployment - DEK cluster4In Figure 121, the two encryption switches pr

Fabric OS Encryption Administrator’s Guide (KMIP) 21553-1002747-02Dual fabric deployment - HA and DEK cluster4In Figure 122, two encryption switches a

216 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Multiple paths, one DEK cluster, and two HA clusters4failover for the encryption pat

Fabric OS Encryption Administrator’s Guide (KMIP) 21753-1002747-02Multiple paths, one DEK cluster, and two HA clusters4The configuration details shown

218 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Multiple paths, DEK cluster, no HA cluster4Multiple paths, DEK cluster, no HA cluste

Fabric OS Encryption Administrator’s Guide (KMIP) 21953-1002747-02Multiple paths, DEK cluster, no HA cluster4The configuration details are as follows:

220 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Deployment in Fibre Channel routed fabrics4Deployment in Fibre Channel routed fabric

Fabric OS Encryption Administrator’s Guide (KMIP) 22153-1002747-02Deployment in Fibre Channel routed fabrics4The following is a summary of steps for c

6 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Recommendation for connectivity1Recommendation for connectivityIn order to achieve hig

222 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Deployment as part of an edge fabric4Deployment as part of an edge fabricIn this dep

Fabric OS Encryption Administrator’s Guide (KMIP) 22353-1002747-02Deployment with FCIP extension switches4Deployment with FCIP extension switchesEncry

224 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02VMware ESX server deployments4VMware ESX server deploymentsVMware ESX servers may ho

Fabric OS Encryption Administrator’s Guide (KMIP) 22553-1002747-02VMware ESX server deployments4Figure 131 shows a VMware ESX server with two guest op

226 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02VMware ESX server deployments4

Fabric OS Encryption Administrator’s Guide (KMIP) 22753-1002747-02Chapter5Best Practices and Special TopicsIn this chapter•Firmware upgrade and downgr

228 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Firmware upgrade and downgrade considerations5Firmware upgrade and downgrade conside

Fabric OS Encryption Administrator’s Guide (KMIP) 22953-1002747-02Firmware upgrade and downgrade considerations5• Guidelines for firmware upgrade of e

230 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuration upload and download considerations58. Check that CryptoTarget Containe

Fabric OS Encryption Administrator’s Guide (KMIP) 23153-1002747-02Configuration upload and download considerations5• Certificates generated internally

Fabric OS Encryption Administrator’s Guide (KMIP) 753-1002747-02Brocade encryption solution overview1Brocade encryption solution overviewThe loss of s

232 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02HP-UX considerations5Steps after configuration downloadFor all opaque key vaults, re

Fabric OS Encryption Administrator’s Guide (KMIP) 23353-1002747-02AIX Considerations5Best practices are as follows:• Create a cryptoTarget container f

234 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape metadata5Tape metadataOne kilobyte of metadata is added per tape block for both

Fabric OS Encryption Administrator’s Guide (KMIP) 23553-1002747-02Tape block zero handling5Tape pool configuration is used only when labeling of tape

236 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Redirection zones5• Before committing CryptoTarget container or LUN configurations o

Fabric OS Encryption Administrator’s Guide (KMIP) 23753-1002747-02Deployment with Admin Domains (AD)5Deployment with Admin Domains (AD)Virtual devices

238 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02PID failover5PID failover Virtual device PIDs do not persist upon failover within a

Fabric OS Encryption Administrator’s Guide (KMIP) 23953-1002747-02KAC certificate registration expiry5Allow rekey to complete before deleting a contai

240 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Changing IP addresses in encryption groups5Changing IP addresses in encryption group

Fabric OS Encryption Administrator’s Guide (KMIP) 24153-1002747-02Best practices for host clusters in an encryption environment5FIGURE 132 Fan-in rati

8 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Brocade encryption solution overview1Data flow from server to storageThe Brocade Encry

242 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02HA Cluster deployment considerations and best practices5• For AIX-based Power HA Sys

Fabric OS Encryption Administrator’s Guide (KMIP) 24353-1002747-02Chapter6Maintenance and TroubleshootingIn this chapter•Encryption group and HA clust

244 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6Encryption group and HA cluster maintena

Fabric OS Encryption Administrator’s Guide (KMIP) 24553-1002747-02Encryption group and HA cluster maintenance6FIGURE 133 Removing a node from an encry

246 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6 IP Address: 10.32.33

Fabric OS Encryption Administrator’s Guide (KMIP) 24753-1002747-02Encryption group and HA cluster maintenance6Deleting an encryption groupYou can dele

248 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6Displaying the HA cluster configurationN

Fabric OS Encryption Administrator’s Guide (KMIP) 24953-1002747-02Encryption group and HA cluster maintenance6Replacing an HA cluster member1. Log in

250 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6FIGURE 134 Replacing a failed encryption

Fabric OS Encryption Administrator’s Guide (KMIP) 25153-1002747-02Encryption group and HA cluster maintenance6Case 2: Replacing a “live” encryption en

Fabric OS Encryption Administrator’s Guide (KMIP) 953-1002747-02Data encryption key life cycle management1Data encryption key life cycle managementDat

252 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6Performing a manual failback of an encry

Fabric OS Encryption Administrator’s Guide (KMIP) 25353-1002747-02Encryption group merge and split use cases6• After the failback completes, the crypt

254 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6NOTEWhen attempting to reclaim a failed B

Fabric OS Encryption Administrator’s Guide (KMIP) 25553-1002747-02Encryption group merge and split use cases6RecoveryIf auto failback policy is set, n

256 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6• The isolation of N3 from the group lead

Fabric OS Encryption Administrator’s Guide (KMIP) 25753-1002747-02Encryption group merge and split use cases6Recovery1. Restore the connection between

258 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6NOTEThe collective time allowed (the hear

Fabric OS Encryption Administrator’s Guide (KMIP) 25953-1002747-02Encryption group merge and split use cases6NOTEIf one or more EG status displays as

260 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6Display the encryption group state again.

Fabric OS Encryption Administrator’s Guide (KMIP) 26153-1002747-02Encryption group merge and split use cases6If you now perform a cryptocfg --show -gr

10 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Data encryption key life cycle management1FIGURE 5 DEK life cycle

262 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases66. Verify your encryption group is re-con

Fabric OS Encryption Administrator’s Guide (KMIP) 26353-1002747-02Encryption group database manual operations6Encryption group database manual operati

264 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Key vault diagnostics6Use the --sync -securitydb command to distribute the security

Fabric OS Encryption Administrator’s Guide (KMIP) 26553-1002747-02Measuring encryption performance6• Key class and format on the KV configured for the

266 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Measuring encryption performance6FabricAdmin:switch> cryptocfg --perfshow [slot]

Fabric OS Encryption Administrator’s Guide (KMIP) 26753-1002747-02General encryption troubleshooting6General encryption troubleshootingTable 9 lists t

268 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02General encryption troubleshooting6A backup fails because the LUN is always in the i

Fabric OS Encryption Administrator’s Guide (KMIP) 26953-1002747-02General encryption troubleshooting6A performance drop occurs when using DPM on a Mic

270 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Troubleshooting examples using the CLI6Troubleshooting examples using the CLIEncrypt

Fabric OS Encryption Administrator’s Guide (KMIP) 27153-1002747-02Troubleshooting examples using the CLI6Encryption Disabled CryptoTarget LUNIf the LU

Fabric OS Encryption Administrator’s Guide (KMIP) 1153-1002747-02Master key management1Master key managementCommunications with opaque key vaults are

272 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Management application encryption wizard troubleshooting6Management application encr

Fabric OS Encryption Administrator’s Guide (KMIP) 27353-1002747-02Management application encryption wizard troubleshooting6Errors related to adding a

274 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Management application encryption wizard troubleshooting6General errors related to t

Fabric OS Encryption Administrator’s Guide (KMIP) 27553-1002747-02LUN policy troubleshooting6LUN policy troubleshootingTable 14 may be used as an aid

276 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Loss of encryption group leader after power outage6Loss of encryption group leader a

Fabric OS Encryption Administrator’s Guide (KMIP) 27753-1002747-02MPIO and internal LUN states65. Synchronize the crypto configurations across all mem

278 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02FS8-18 blade removal and replacement61. Enter the cryptocfg --resume_rekey command,

Fabric OS Encryption Administrator’s Guide (KMIP) 27953-1002747-02FS8-18 blade removal and replacement63. If the replaced FS8-18 blade is in member no

280 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02FS8-18 blade removal and replacement6NOTEBecause the FS8-18 blade was inserted in th

Fabric OS Encryption Administrator’s Guide (KMIP) 28153-1002747-02Brocade Encryption Switch removal and replacement611. If a master key is not present

Fabric OS Encryption Administrator’s Guide (KMIP) iii53-1002747-02ContentsAbout This DocumentIn this chapter . . . . . . . . . . . . . . . . . . . . .

12 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Cisco Fabric Connectivity support1Cisco Fabric Connectivity supportThe Brocade Encryp

282 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Brocade Encryption Switch removal and replacement68. Power on the new Brocade Encryp

Fabric OS Encryption Administrator’s Guide (KMIP) 28353-1002747-02Brocade Encryption Switch removal and replacement621. Import the signed CSR/Cert ont

284 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Brocade Encryption Switch removal and replacement631. If HA cluster membership for t

Fabric OS Encryption Administrator’s Guide (KMIP) 28553-1002747-02Brocade Encryption Switch removal and replacement611. Invoke the following command t

286 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Reclaiming the WWN base of a failed Brocade Encryption Switch627. Verify that defzon

Fabric OS Encryption Administrator’s Guide (KMIP) 28753-1002747-02Removing stale rekey information for a LUN6NOTEWhen attempting to reclaim a failed B

288 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Splitting an encryption group into two encryption groups6NOTEYou should not join a F

Fabric OS Encryption Administrator’s Guide (KMIP) 28953-1002747-02Moving an encryption blade from one EG to another in the same fabric6a. Create the g

290 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Moving an encryption switch from one EG to another in the same fabric6Moving an encr

Fabric OS Encryption Administrator’s Guide (KMIP) 29153-1002747-02AppendixAState and Status InformationIn this appendix•Encryption engine security pro

Fabric OS Encryption Administrator’s Guide (KMIP) 1353-1002747-02Chapter2Configuring Encryption Using the Management ApplicationIn this chapter•Encryp

292 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Security processor KEK statusASecurity processor KEK statusTable 19 lists security p

Fabric OS Encryption Administrator’s Guide (KMIP) 29353-1002747-02Encrypted LUN statesALUN_1ST_TIME_REKEY_IN_PROG First time rekey is in progress.LUN_

294 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encrypted LUN statesALUN_DIS_WR_META_DONE_ERR Disabled (Write metadata done with fai

Fabric OS Encryption Administrator’s Guide (KMIP) 29553-1002747-02Encrypted LUN statesATABLE 21 Tape LUN statesInternal Names Console String Explanati

296 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encrypted LUN statesALUN_ENCRYPT Encryption enabled The tape medium is present, and

Fabric OS Encryption Administrator’s Guide (KMIP) 29753-1002747-02IndexAadd commands--add -haclustermember, 166--add -initiator, 179, 187, 193--add -L

298 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUNadding to CryptoTarget container using the CLI, 182configuring, 182, 183mo

Fabric OS Encryption Administrator’s Guide (KMIP) 29953-1002747-02disk lunsdecommissioning, 113rekeying manually, 115setting rekey all, 116viewing rek

300 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02encryption nodesetting initialization, 28encryption nodessetting initialization, 148

Fabric OS Encryption Administrator’s Guide (KMIP) 30153-1002747-02Iimport commands, --import, 161initialize commands--initEE, 254initEE, 158--initnode

14 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption Center features2•Viewing and editing encryption group properties . . . . .

302 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02member nodesadding to an encryption group, 160members tab, 130remove button, 132modi

Fabric OS Encryption Administrator’s Guide (KMIP) 30353-1002747-02set commands--set -failback, 168--set -keyvault LKM, 159show commands--show, 162, 17

304 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02troubleshootingcfgshow command, 267configshow, 267cryptocfg --show -groupcfg command

Fabric OS Encryption Administrator’s Guide (KMIP) 1553-1002747-02Encryption user privileges2Encryption user privilegesIn BNA, resource groups are assi

16 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2Smart card usageSmart Cards are credit card-sized cards that contain

Fabric OS Encryption Administrator’s Guide (KMIP) 1753-1002747-02Smart card usage2• Establishing a trusted link with the NetApp LKM key vault.• Decomm

18 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage23. Locate the Authentication Card Quorum Size and select the quorum

Fabric OS Encryption Administrator’s Guide (KMIP) 1953-1002747-02Smart card usage2Registering authentication cards from the databaseSmart cards that a

20 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2Deregistering an authentication cardAuthentication cards can be remo

Fabric OS Encryption Administrator’s Guide (KMIP) 2153-1002747-02Smart card usage2Using system cardsSystem cards are smart cards that can be used to c

iv Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Support for virtual fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2Enabling or disabling the system card requirementTo use a system car

Fabric OS Encryption Administrator’s Guide (KMIP) 2353-1002747-02Smart card usage2Deregistering system cardsSystem cards can be removed from the datab

24 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2FIGURE 12 Smart Card asset tracking dialog boxThe Smart Cards table

Fabric OS Encryption Administrator’s Guide (KMIP) 2553-1002747-02Smart card usage2• Save As button: Saves the entire list of smart cards to a file. Th

26 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Network connections22. Insert the smart card into the card reader.3. After the card’s

Fabric OS Encryption Administrator’s Guide (KMIP) 2753-1002747-02Blade processor links2Blade processor linksEach encryption switch or blade has two Gb

28 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption node initialization and certificate generation23. Enter the link IP addres

Fabric OS Encryption Administrator’s Guide (KMIP) 2953-1002747-02Key Management Interoperability Protocol2Key Management Interoperability Protocol The

30 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2NOTEIf you are configuri

Fabric OS Encryption Administrator’s Guide (KMIP) 3153-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Setting FIPS compliance1

Fabric OS Encryption Administrator’s Guide (KMIP) v53-1002747-02High availability (HA) clusters . . . . . . . . . . . . . . . . . . . . . . . . . . .

32 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Creating a local CA1. Fr

Fabric OS Encryption Administrator’s Guide (KMIP) 3353-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Creating a server certif

34 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 19 KeySecure Cert

Fabric OS Encryption Administrator’s Guide (KMIP) 3553-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)25. Copy the certificate

36 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)28. Select Server as the

Fabric OS Encryption Administrator’s Guide (KMIP) 3753-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 24 KeySecure Cert

38 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Creating a cluster1. Fro

Fabric OS Encryption Administrator’s Guide (KMIP) 3953-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 27 KeySecure Clus

40 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Configuring a Brocade gr

Fabric OS Encryption Administrator’s Guide (KMIP) 4153-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Registering the KeySecur

vi Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Disk device decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . .

42 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Signing the encryption n

Fabric OS Encryption Administrator’s Guide (KMIP) 4353-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 31 Certificate an

44 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 32 Import Signed

Fabric OS Encryption Administrator’s Guide (KMIP) 4553-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 34 Backup and Res

46 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Configuring the KMIP ser

Fabric OS Encryption Administrator’s Guide (KMIP) 4753-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Adding a node to the clu

48 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 38 KeySecure Clus

Fabric OS Encryption Administrator’s Guide (KMIP) 4953-1002747-02Encryption preparation28. Under Restore Backup, select Upload from browser, then ente

50 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2• An external host is available on the LAN to facilitate

Fabric OS Encryption Administrator’s Guide (KMIP) 5153-1002747-02Creating an encryption group25. Select Security Settings.6. Confirm the configuration

Fabric OS Encryption Administrator’s Guide (KMIP) vii53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure). . . . . . . . . . . .

52 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2FIGURE 43 Designate Switch Membership dialog box 5. For

Fabric OS Encryption Administrator’s Guide (KMIP) 5353-1002747-02Creating an encryption group2The dialog box contains the following information:• Encr

54 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2Using this dialog box, you can select a key vault for th

Fabric OS Encryption Administrator’s Guide (KMIP) 5553-1002747-02Creating an encryption group2Configuring key vault settings for Key Management Intero

56 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group24. (Optional) Enter a Backup Key Vault IP address or hos

Fabric OS Encryption Administrator’s Guide (KMIP) 5753-1002747-02Creating an encryption group2FIGURE 48 Specify Master Key File Name dialog box9. Ente

58 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2FIGURE 49 Select Security Settings dialog box12. Set quo

Fabric OS Encryption Administrator’s Guide (KMIP) 5953-1002747-02Creating an encryption group2FIGURE 50 Confirm Configuration dialog box14. Confirm th

60 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2All configuration items have green check marks if the co

Fabric OS Encryption Administrator’s Guide (KMIP) 6153-1002747-02Adding a switch to an encryption group23. Register the key vault. BNA registers the k

viii Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

62 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a switch to an encryption group2FIGURE 53 Configure Switch Encryption wizard -

Fabric OS Encryption Administrator’s Guide (KMIP) 6353-1002747-02Adding a switch to an encryption group2The dialog box contains the following informat

64 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a switch to an encryption group2FIGURE 56 Specify Public Key Certificate (KAC)

Fabric OS Encryption Administrator’s Guide (KMIP) 6553-1002747-02Adding a switch to an encryption group2FIGURE 58 Configuration Status dialog boxAll c

66 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a switch to an encryption group2FIGURE 59 Error Instructions dialog box8. Revi

Fabric OS Encryption Administrator’s Guide (KMIP) 6753-1002747-02Replacing an encryption engine in an encryption group2Replacing an encryption engine

68 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability (HA) clusters2High availability (HA) clusters A high availability (

Fabric OS Encryption Administrator’s Guide (KMIP) 6953-1002747-02High availability (HA) clusters2Creating HA clusters For the initial encryption node,

70 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability (HA) clusters23. Click the right arrow to add the encryption engine

Fabric OS Encryption Administrator’s Guide (KMIP) 7153-1002747-02Configuring encryption storage targets2Failback optionThe Failback option determines

Fabric OS Encryption Administrator’s Guide (KMIP) ix53-1002747-02Deployment in Fibre Channel routed fabrics. . . . . . . . . . . . . . . . . .220Deplo

72 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets26. Configuration Status7. Important Instructio

Fabric OS Encryption Administrator’s Guide (KMIP) 7353-1002747-02Configuring encryption storage targets2FIGURE 63 Configure Storage Encryption welcome

74 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets2The dialog box contains the following informat

Fabric OS Encryption Administrator’s Guide (KMIP) 7553-1002747-02Configuring encryption storage targets26. Select a target from the list. (The Target

76 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets2NOTENote: You must enter the host node world w

Fabric OS Encryption Administrator’s Guide (KMIP) 7753-1002747-02Configuring encryption storage targets2FIGURE 67 Name Container dialog box10. Enter t

78 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets2The screen contains the following information:

Fabric OS Encryption Administrator’s Guide (KMIP) 7953-1002747-02Configuring encryption storage targets213. Review any post-configuration instructions

80 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring hosts for encryption targets2Configuring hosts for encryption targetsUse

Fabric OS Encryption Administrator’s Guide (KMIP) 8153-1002747-02Configuring hosts for encryption targets2FIGURE 72 Encryption Target Hosts dialog box