53-1002747-0225 March 2013®53-1002747-02Fabric OS EncryptionAdministrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compl
x Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Rekeying best practices and policies. . . . . . . . . . . . . . . . . . . . . . . .238
82 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target disk LUNs for encryption2Adding target disk LUNs for encryptionYou can
Fabric OS Encryption Administrator’s Guide (KMIP) 8353-1002747-02Adding target disk LUNs for encryption2• Encryption Mode• Encrypt Existing Data• Key
84 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target disk LUNs for encryption2FIGURE 75 Select Initiator Port dialog boxThe
Fabric OS Encryption Administrator’s Guide (KMIP) 8553-1002747-02Adding target disk LUNs for encryption2FIGURE 76 Select LUN dialog box The dialog box
86 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target disk LUNs for encryption2NOTEWith the introduction of Fabric OS v7.1.0,
Fabric OS Encryption Administrator’s Guide (KMIP) 8753-1002747-02Adding target tape LUNs for encryption2Configuring storage arraysThe Storage Array co
88 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding target tape LUNs for encryption2FIGURE 78 Encryption Targets dialog box3. Sele
Fabric OS Encryption Administrator’s Guide (KMIP) 8953-1002747-02Adding target tape LUNs for encryption2FIGURE 80 Add Encryption Target Tape LUNs dial
90 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Moving Targets2• Enable Read Ahead: When selected, enables read pre-fetching on this
Fabric OS Encryption Administrator’s Guide (KMIP) 9153-1002747-02Configuring encrypted tape storage in a multi-path environment2Configuring encrypted
Fabric OS Encryption Administrator’s Guide (KMIP) xi53-1002747-02General encryption troubleshooting . . . . . . . . . . . . . . . . . . . . . . . .26
92 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape LUN write early and read ahead2Tape LUN write early and read aheadThe tape LUN w
Fabric OS Encryption Administrator’s Guide (KMIP) 9353-1002747-02Tape LUN statistics2FIGURE 82 Encryption Target Tape LUNs dialog box - Setting tape L
94 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape LUN statistics2Viewing and clearing tape container statisticsYou can view LUN st
Fabric OS Encryption Administrator’s Guide (KMIP) 9553-1002747-02Tape LUN statistics2• Tape Session #: The number of the ongoing tape session.• Uncomp
96 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape LUN statistics2FIGURE 85 Target Tape LUNs dialog box4. Select the LUN or LUNs fo
Fabric OS Encryption Administrator’s Guide (KMIP) 9753-1002747-02Tape LUN statistics2• A Refresh button updates the statistics on the display since th
98 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption engine rebalancing2FIGURE 88 Tape LUN Statistics dialog boxThe dialog box
Fabric OS Encryption Administrator’s Guide (KMIP) 9953-1002747-02Master keys2During rebalancing operations, be aware of the following:• You might noti
100 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2The new master key cannot be used (no new data encryption keys can be cr
Fabric OS Encryption Administrator’s Guide (KMIP) 10153-1002747-02Master keys2Refer to the following procedures for more information:- “Saving the mas
xii Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02
102 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 89 Backup Destination (to file) dialog box4. Select File as the B
Fabric OS Encryption Administrator’s Guide (KMIP) 10353-1002747-02Master keys2FIGURE 90 Backup Destination (to key vault) dialog box4. Select Key Vaul
104 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 91 Backup Destination (to smart cards) dialog box4. Select A Reco
Fabric OS Encryption Administrator’s Guide (KMIP) 10553-1002747-02Master keys2Saving a master key to a smart card set - OverviewA card reader must be
106 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 92 Select a Master Key to Restore (from file) dialog box4. Choose
Fabric OS Encryption Administrator’s Guide (KMIP) 10753-1002747-02Master keys2FIGURE 93 Select a Master Key to Restore (from key vault) dialog box4. C
108 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Master keys2FIGURE 94 Select a Master Key to Restore (from a recovery set of smart c
Fabric OS Encryption Administrator’s Guide (KMIP) 10953-1002747-02Security Settings2Security Settings Security settings help you identify if system ca
110 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Zeroizing an encryption engine2NOTEZeroizing an engine affects the I/Os, but all tar
Fabric OS Encryption Administrator’s Guide (KMIP) 11153-1002747-02Using the Encryption Targets dialog box2Using the Encryption Targets dialog boxThe E
Fabric OS Encryption Administrator’s Guide (KMIP) xiii53-1002747-02About This DocumentIn this chapter•How this document is organized . . . . . . . .
112 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Redirection zones2Redirection zonesIt is recommended that you configure the host and
Fabric OS Encryption Administrator’s Guide (KMIP) 11353-1002747-02Disk device decommissioning2Provided that the crypto configuration is not left uncom
114 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Disk device decommissioning2In order to delete keys from the key vault, you need to
Fabric OS Encryption Administrator’s Guide (KMIP) 11553-1002747-02Rekeying all disk LUNs manually2Displaying Universal IDsIn order to delete keys from
116 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Rekeying all disk LUNs manually2Setting disk LUN Re-key AllTo rekey all disk LUNs on
Fabric OS Encryption Administrator’s Guide (KMIP) 11753-1002747-02Rekeying all disk LUNs manually2.FIGURE 99 Pending manual rekey operations Viewing d
118 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Rekeying all disk LUNs manually2FIGURE 100 Encryption Target Disk LUNs dialog box4.
Fabric OS Encryption Administrator’s Guide (KMIP) 11953-1002747-02Rekeying all disk LUNs manually2Viewing the progress of manual rekey operationsTo mo
120 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Thin provisioned LUNs2• Current LBA: The Logical Block Address (LBA) of the block th
Fabric OS Encryption Administrator’s Guide (KMIP) 12153-1002747-02Viewing time left for auto rekey2• If you are running a Fabric OS version earlier th
xiv Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02• Chapter 6, “Maintenance and Troubleshooting,” provides information on troubleshoot
122 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing switch encryption properties2The Encryption Target Disk LUNs dia
Fabric OS Encryption Administrator’s Guide (KMIP) 12353-1002747-02Viewing and editing switch encryption properties2FIGURE 103 Encryption Switch Proper
124 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing switch encryption properties2• Encryption Group: The name of the
Fabric OS Encryption Administrator’s Guide (KMIP) 12553-1002747-02Viewing and editing switch encryption properties2• Online• Set State To: Identifies
126 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2FIGURE 104 Import Signed Certificate
Fabric OS Encryption Administrator’s Guide (KMIP) 12753-1002747-02Viewing and editing encryption group properties2The Encryption Group Properties dial
128 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2General tabThe General tab (Figure 1
Fabric OS Encryption Administrator’s Guide (KMIP) 12953-1002747-02Viewing and editing encryption group properties2When the first encryption engine com
130 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2• Not responding• Failed authenticat
Fabric OS Encryption Administrator’s Guide (KMIP) 13153-1002747-02Viewing and editing encryption group properties2• Connection Status: The switch’s co
Fabric OS Encryption Administrator’s Guide (KMIP) xv53-1002747-02Command syntax conventionsCommand syntax in this manual follows these conventions:Not
132 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2Members tab Remove buttonYou can cli
Fabric OS Encryption Administrator’s Guide (KMIP) 13353-1002747-02Viewing and editing encryption group properties2A warning message is displayed when
134 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2FIGURE 108 Encryption Group Properti
Fabric OS Encryption Administrator’s Guide (KMIP) 13553-1002747-02Viewing and editing encryption group properties2• Registered Authentication Cards ta
136 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2• Right- and Left-arrow buttons: You
Fabric OS Encryption Administrator’s Guide (KMIP) 13753-1002747-02Viewing and editing encryption group properties2Tape Pools tabTape pools are managed
138 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Viewing and editing encryption group properties2All encryption engines in the encryp
Fabric OS Encryption Administrator’s Guide (KMIP) 13953-1002747-02Viewing and editing encryption group properties24. Based on your selection, do one o
140 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption-related acronyms in log messages2FIGURE 113 Encryption Group Properties D
Fabric OS Encryption Administrator’s Guide (KMIP) 14153-1002747-02Chapter3Configuring Encryption Using the CLIIn this chapter•Overview. . . . . . . .
xvi Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Key termsFor definitions specific to Brocade and Fibre Channel, see the technical gl
142 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Overview3OverviewThis chapter explains how to use the command line interface (CLI) t
Fabric OS Encryption Administrator’s Guide (KMIP) 14353-1002747-02Command RBAC permissions and AD types34. PortMember: allows all control operations o
144 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Command RBAC permissions and AD types3createhaclusterNOMN N N OMN NDisallowedcreatet
Fabric OS Encryption Administrator’s Guide (KMIP) 14553-1002747-02Cryptocfg Help command output3Cryptocfg Help command outputAll encryption operations
146 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Management LAN configuration3switch:admin> cryptocfg --help -nodecfgUsage: crypto
Fabric OS Encryption Administrator’s Guide (KMIP) 14753-1002747-02Configuring cluster links3The following example configures a static IP address and g
148 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Setting encryption node initialization3IP Address change of a node within an encrypt
Fabric OS Encryption Administrator’s Guide (KMIP) 14953-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)3From the standpoint of
150 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)36. Configure the KMIP s
Fabric OS Encryption Administrator’s Guide (KMIP) 15153-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)33. Verify the cluster s
Fabric OS Encryption Administrator’s Guide (KMIP) xvii53-1002747-02For information about the Key Management Interoperability Protocol standard, visit
152 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3h. Aft
Fabric OS Encryption Administrator’s Guide (KMIP) 15353-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Signin
154 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)33. Und
Fabric OS Encryption Administrator’s Guide (KMIP) 15553-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)32. On
156 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Regist
Fabric OS Encryption Administrator’s Guide (KMIP) 15753-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Time o
158 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3Notify
Fabric OS Encryption Administrator’s Guide (KMIP) 15953-1002747-02Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)3The fo
160 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a member node to an encryption group3 Server SDK Version:
Fabric OS Encryption Administrator’s Guide (KMIP) 16153-1002747-02Adding a member node to an encryption group3CAUTIONAfter adding the member node to t
xviii Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-023. World Wide Name (WWN)Use the licenseIdShow command to display the WWN of the ch
162 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a member node to an encryption group3NOTEIf the maximum number of certificate
Fabric OS Encryption Administrator’s Guide (KMIP) 16353-1002747-02Generating and backing up the master key3Additional Secondary Key Vault Information:
164 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability clusters32. Export the master key to the key vault. Make a note of
Fabric OS Encryption Administrator’s Guide (KMIP) 16553-1002747-02High availability clusters3• It is recommended that the HA cluster configuration be
166 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability clusters3Adding an encryption engine to an HA cluster1. Log in to
Fabric OS Encryption Administrator’s Guide (KMIP) 16753-1002747-02High availability clusters3Number of HA Clusters: 1HA cluster name: dthac - 2 EE ent
168 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability clusters3Policy Configuration ExamplesThe following examples illus
Fabric OS Encryption Administrator’s Guide (KMIP) 16953-1002747-02Re-exporting a master key3Re-exporting a master keyYou can export master keys to the
170 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Re-exporting a master key3Exporting an additional key IDExample: Subsequent master k
Fabric OS Encryption Administrator’s Guide (KMIP) 17153-1002747-02Re-exporting a master key3e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:9ae3:ae:aa:89
Fabric OS Encryption Administrator’s Guide (KMIP) 153-1002747-02Chapter1Encryption OverviewIn this chapter•Host and LUN considerations . . . . . . . .
172 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Enabling the encryption engine3Enabling the encryption engineEnable the encryption e
Fabric OS Encryption Administrator’s Guide (KMIP) 17353-1002747-02Zoning considerations3 No HA cluster membership EE Attributes: Media T
174 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Zoning considerations3Frame redirection zoningName Server-based frame redirection en
Fabric OS Encryption Administrator’s Guide (KMIP) 17553-1002747-02Zoning considerations3 Redirect: No The Local Name Server has 1 entry }The nsshow co
176 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02CryptoTarget container configuration37. Create a zone that includes the initiator an
Fabric OS Encryption Administrator’s Guide (KMIP) 17753-1002747-02CryptoTarget container configuration3FIGURE 118 Relationship between initiator, virt
178 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02CryptoTarget container configuration3• When removing an existing disk or tape target
Fabric OS Encryption Administrator’s Guide (KMIP) 17953-1002747-02CryptoTarget container configuration3FabricAdmin:switch> cryptocfg --create -cont
180 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02CryptoTarget container configuration3zone: red_______base 00:00:00:00:00:00:00:01;
Fabric OS Encryption Administrator’s Guide (KMIP) 18153-1002747-02CryptoTarget container configuration3Deleting a CryptoTarget containerYou may delete
Copyright © 2012- 2013 Brocade Communications Systems, Inc. All Rights Reserved.Brocade, Brocade Assurance, the B-wing symbol, BigIron, DCX, Fabric OS
2 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Terminology1TerminologyThe following are definitions of terms used extensively in this
182 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3NOTEIf a CryptoTarget container is moved in a configuration
Fabric OS Encryption Administrator’s Guide (KMIP) 18353-1002747-02Crypto LUN configuration3Discovering a LUNWhen adding a LUN to a CryptoTarget contai
184 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3NOTEThere is a maximum of 512 disk LUNs per Initiator in a
Fabric OS Encryption Administrator’s Guide (KMIP) 18553-1002747-02Crypto LUN configuration3VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1dNumber o
186 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3TABLE 6 LUN parameters and policies Policy name Command pa
Fabric OS Encryption Administrator’s Guide (KMIP) 18753-1002747-02Crypto LUN configuration3Configuring a tape LUNThis example shows how to configure a
188 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3LUN serial number:Key ID state: Key ID not Applicab
Fabric OS Encryption Administrator’s Guide (KMIP) 18953-1002747-02Crypto LUN configuration3FabricAdmin:switch> cryptocfg --remove -LUN my_disk_tgt
190 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration3CAUTIONWhen configuring a LUN with multiple paths, do not c
Fabric OS Encryption Administrator’s Guide (KMIP) 19153-1002747-02Impact of tape LUN configuration changes3Impact of tape LUN configuration changesLUN
Fabric OS Encryption Administrator’s Guide (KMIP) 353-1002747-02Terminology1Opaque Key VaultA storage location that provides untrusted key management
192 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring a multi-path Crypto LUN3Multi-path LUN configuration exampleFigure 119 o
Fabric OS Encryption Administrator’s Guide (KMIP) 19353-1002747-02Configuring a multi-path Crypto LUN3c. Create a CryptoTarget container (CTC2) for ta
194 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring a multi-path Crypto LUN3b. Add the same LUN to the CryptoTarget containe
Fabric OS Encryption Administrator’s Guide (KMIP) 19553-1002747-02Decommissioning LUNs3Decommissioning LUNsA disk device needs to be decommissioned wh
196 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Decommissioning LUNs33. Enter cryptocfg --show -decommissionedkeyids to obtain a lis
Fabric OS Encryption Administrator’s Guide (KMIP) 19753-1002747-02Decommissioning replicated LUNs3Decommissioning replicated LUNsThe following scenari
198 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Force-enabling a decommissioned disk LUN for encryption3NOTEDo not delete the key fr
Fabric OS Encryption Administrator’s Guide (KMIP) 19953-1002747-02Force-enabling a disabled disk LUN for encryption37. En a bl e th e LU N .FabricAd
200 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape pool configuration3Tape pool configurationTape pools are used by tape backup ap
Fabric OS Encryption Administrator’s Guide (KMIP) 20153-1002747-02Tape pool configuration3CommVault Galaxy labelingCommVault uses a storage policy for
4 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02The Brocade Encryption Switch1The Brocade Encryption SwitchThe Brocade Encryption Swit
202 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape pool configuration3Creating a tape poolTake the following steps to create a tap
Fabric OS Encryption Administrator’s Guide (KMIP) 20353-1002747-02Tape pool configuration3Deleting a tape poolThis command does not issue a warning if
204 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02First-time encryption3First-time encryptionFirst-time encryption, also referred to a
Fabric OS Encryption Administrator’s Guide (KMIP) 20553-1002747-02Thin provisioned LUNs3Thin provisioned LUNsWith the introduction of Fabric OS 7.1.0,
206 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Thin provisioned LUNs3Encryption algorithm: AES256-XTSKey ID state: Read
Fabric OS Encryption Administrator’s Guide (KMIP) 20753-1002747-02Data rekeying3• Because windows host utility “sdelete –c” sends WRITE command with z
208 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Data rekeying3Configuring a LUN for automatic rekeyingRekeying options are configure
Fabric OS Encryption Administrator’s Guide (KMIP) 20953-1002747-02Data rekeying3Initiating a manual rekey sessionYou can initiate a rekeying session m
210 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Data rekeying3Current LBA: 488577Operation succeeded.Suspension and resum
Fabric OS Encryption Administrator’s Guide (KMIP) 21153-1002747-02Chapter4Deployment ScenariosIn this chapter•Single encryption switch, two paths from
Fabric OS Encryption Administrator’s Guide (KMIP) 553-1002747-02The FS8-18 blade1The FS8-18 bladeThe FS8-18 blade provides the same features and funct
212 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Single encryption switch, two paths from host to target4Single encryption switch, tw
Fabric OS Encryption Administrator’s Guide (KMIP) 21353-1002747-02Single fabric deployment - HA cluster4Single fabric deployment - HA clusterFigure 12
214 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Single fabric deployment - DEK cluster4In Figure 121, the two encryption switches pr
Fabric OS Encryption Administrator’s Guide (KMIP) 21553-1002747-02Dual fabric deployment - HA and DEK cluster4In Figure 122, two encryption switches a
216 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Multiple paths, one DEK cluster, and two HA clusters4failover for the encryption pat
Fabric OS Encryption Administrator’s Guide (KMIP) 21753-1002747-02Multiple paths, one DEK cluster, and two HA clusters4The configuration details shown
218 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Multiple paths, DEK cluster, no HA cluster4Multiple paths, DEK cluster, no HA cluste
Fabric OS Encryption Administrator’s Guide (KMIP) 21953-1002747-02Multiple paths, DEK cluster, no HA cluster4The configuration details are as follows:
220 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Deployment in Fibre Channel routed fabrics4Deployment in Fibre Channel routed fabric
Fabric OS Encryption Administrator’s Guide (KMIP) 22153-1002747-02Deployment in Fibre Channel routed fabrics4The following is a summary of steps for c
6 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Recommendation for connectivity1Recommendation for connectivityIn order to achieve hig
222 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Deployment as part of an edge fabric4Deployment as part of an edge fabricIn this dep
Fabric OS Encryption Administrator’s Guide (KMIP) 22353-1002747-02Deployment with FCIP extension switches4Deployment with FCIP extension switchesEncry
224 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02VMware ESX server deployments4VMware ESX server deploymentsVMware ESX servers may ho
Fabric OS Encryption Administrator’s Guide (KMIP) 22553-1002747-02VMware ESX server deployments4Figure 131 shows a VMware ESX server with two guest op
226 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02VMware ESX server deployments4
Fabric OS Encryption Administrator’s Guide (KMIP) 22753-1002747-02Chapter5Best Practices and Special TopicsIn this chapter•Firmware upgrade and downgr
228 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Firmware upgrade and downgrade considerations5Firmware upgrade and downgrade conside
Fabric OS Encryption Administrator’s Guide (KMIP) 22953-1002747-02Firmware upgrade and downgrade considerations5• Guidelines for firmware upgrade of e
230 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuration upload and download considerations58. Check that CryptoTarget Containe
Fabric OS Encryption Administrator’s Guide (KMIP) 23153-1002747-02Configuration upload and download considerations5• Certificates generated internally
Fabric OS Encryption Administrator’s Guide (KMIP) 753-1002747-02Brocade encryption solution overview1Brocade encryption solution overviewThe loss of s
232 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02HP-UX considerations5Steps after configuration downloadFor all opaque key vaults, re
Fabric OS Encryption Administrator’s Guide (KMIP) 23353-1002747-02AIX Considerations5Best practices are as follows:• Create a cryptoTarget container f
234 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Tape metadata5Tape metadataOne kilobyte of metadata is added per tape block for both
Fabric OS Encryption Administrator’s Guide (KMIP) 23553-1002747-02Tape block zero handling5Tape pool configuration is used only when labeling of tape
236 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Redirection zones5• Before committing CryptoTarget container or LUN configurations o
Fabric OS Encryption Administrator’s Guide (KMIP) 23753-1002747-02Deployment with Admin Domains (AD)5Deployment with Admin Domains (AD)Virtual devices
238 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02PID failover5PID failover Virtual device PIDs do not persist upon failover within a
Fabric OS Encryption Administrator’s Guide (KMIP) 23953-1002747-02KAC certificate registration expiry5Allow rekey to complete before deleting a contai
240 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Changing IP addresses in encryption groups5Changing IP addresses in encryption group
Fabric OS Encryption Administrator’s Guide (KMIP) 24153-1002747-02Best practices for host clusters in an encryption environment5FIGURE 132 Fan-in rati
8 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Brocade encryption solution overview1Data flow from server to storageThe Brocade Encry
242 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02HA Cluster deployment considerations and best practices5• For AIX-based Power HA Sys
Fabric OS Encryption Administrator’s Guide (KMIP) 24353-1002747-02Chapter6Maintenance and TroubleshootingIn this chapter•Encryption group and HA clust
244 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6Encryption group and HA cluster maintena
Fabric OS Encryption Administrator’s Guide (KMIP) 24553-1002747-02Encryption group and HA cluster maintenance6FIGURE 133 Removing a node from an encry
246 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6 IP Address: 10.32.33
Fabric OS Encryption Administrator’s Guide (KMIP) 24753-1002747-02Encryption group and HA cluster maintenance6Deleting an encryption groupYou can dele
248 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6Displaying the HA cluster configurationN
Fabric OS Encryption Administrator’s Guide (KMIP) 24953-1002747-02Encryption group and HA cluster maintenance6Replacing an HA cluster member1. Log in
250 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6FIGURE 134 Replacing a failed encryption
Fabric OS Encryption Administrator’s Guide (KMIP) 25153-1002747-02Encryption group and HA cluster maintenance6Case 2: Replacing a “live” encryption en
Fabric OS Encryption Administrator’s Guide (KMIP) 953-1002747-02Data encryption key life cycle management1Data encryption key life cycle managementDat
252 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group and HA cluster maintenance6Performing a manual failback of an encry
Fabric OS Encryption Administrator’s Guide (KMIP) 25353-1002747-02Encryption group merge and split use cases6• After the failback completes, the crypt
254 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6NOTEWhen attempting to reclaim a failed B
Fabric OS Encryption Administrator’s Guide (KMIP) 25553-1002747-02Encryption group merge and split use cases6RecoveryIf auto failback policy is set, n
256 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6• The isolation of N3 from the group lead
Fabric OS Encryption Administrator’s Guide (KMIP) 25753-1002747-02Encryption group merge and split use cases6Recovery1. Restore the connection between
258 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6NOTEThe collective time allowed (the hear
Fabric OS Encryption Administrator’s Guide (KMIP) 25953-1002747-02Encryption group merge and split use cases6NOTEIf one or more EG status displays as
260 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases6Display the encryption group state again.
Fabric OS Encryption Administrator’s Guide (KMIP) 26153-1002747-02Encryption group merge and split use cases6If you now perform a cryptocfg --show -gr
10 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Data encryption key life cycle management1FIGURE 5 DEK life cycle
262 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption group merge and split use cases66. Verify your encryption group is re-con
Fabric OS Encryption Administrator’s Guide (KMIP) 26353-1002747-02Encryption group database manual operations6Encryption group database manual operati
264 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Key vault diagnostics6Use the --sync -securitydb command to distribute the security
Fabric OS Encryption Administrator’s Guide (KMIP) 26553-1002747-02Measuring encryption performance6• Key class and format on the KV configured for the
266 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Measuring encryption performance6FabricAdmin:switch> cryptocfg --perfshow [slot]
Fabric OS Encryption Administrator’s Guide (KMIP) 26753-1002747-02General encryption troubleshooting6General encryption troubleshootingTable 9 lists t
268 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02General encryption troubleshooting6A backup fails because the LUN is always in the i
Fabric OS Encryption Administrator’s Guide (KMIP) 26953-1002747-02General encryption troubleshooting6A performance drop occurs when using DPM on a Mic
270 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Troubleshooting examples using the CLI6Troubleshooting examples using the CLIEncrypt
Fabric OS Encryption Administrator’s Guide (KMIP) 27153-1002747-02Troubleshooting examples using the CLI6Encryption Disabled CryptoTarget LUNIf the LU
Fabric OS Encryption Administrator’s Guide (KMIP) 1153-1002747-02Master key management1Master key managementCommunications with opaque key vaults are
272 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Management application encryption wizard troubleshooting6Management application encr
Fabric OS Encryption Administrator’s Guide (KMIP) 27353-1002747-02Management application encryption wizard troubleshooting6Errors related to adding a
274 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Management application encryption wizard troubleshooting6General errors related to t
Fabric OS Encryption Administrator’s Guide (KMIP) 27553-1002747-02LUN policy troubleshooting6LUN policy troubleshootingTable 14 may be used as an aid
276 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Loss of encryption group leader after power outage6Loss of encryption group leader a
Fabric OS Encryption Administrator’s Guide (KMIP) 27753-1002747-02MPIO and internal LUN states65. Synchronize the crypto configurations across all mem
278 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02FS8-18 blade removal and replacement61. Enter the cryptocfg --resume_rekey command,
Fabric OS Encryption Administrator’s Guide (KMIP) 27953-1002747-02FS8-18 blade removal and replacement63. If the replaced FS8-18 blade is in member no
280 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02FS8-18 blade removal and replacement6NOTEBecause the FS8-18 blade was inserted in th
Fabric OS Encryption Administrator’s Guide (KMIP) 28153-1002747-02Brocade Encryption Switch removal and replacement611. If a master key is not present
Fabric OS Encryption Administrator’s Guide (KMIP) iii53-1002747-02ContentsAbout This DocumentIn this chapter . . . . . . . . . . . . . . . . . . . . .
12 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Cisco Fabric Connectivity support1Cisco Fabric Connectivity supportThe Brocade Encryp
282 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Brocade Encryption Switch removal and replacement68. Power on the new Brocade Encryp
Fabric OS Encryption Administrator’s Guide (KMIP) 28353-1002747-02Brocade Encryption Switch removal and replacement621. Import the signed CSR/Cert ont
284 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Brocade Encryption Switch removal and replacement631. If HA cluster membership for t
Fabric OS Encryption Administrator’s Guide (KMIP) 28553-1002747-02Brocade Encryption Switch removal and replacement611. Invoke the following command t
286 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Reclaiming the WWN base of a failed Brocade Encryption Switch627. Verify that defzon
Fabric OS Encryption Administrator’s Guide (KMIP) 28753-1002747-02Removing stale rekey information for a LUN6NOTEWhen attempting to reclaim a failed B
288 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Splitting an encryption group into two encryption groups6NOTEYou should not join a F
Fabric OS Encryption Administrator’s Guide (KMIP) 28953-1002747-02Moving an encryption blade from one EG to another in the same fabric6a. Create the g
290 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Moving an encryption switch from one EG to another in the same fabric6Moving an encr
Fabric OS Encryption Administrator’s Guide (KMIP) 29153-1002747-02AppendixAState and Status InformationIn this appendix•Encryption engine security pro
Fabric OS Encryption Administrator’s Guide (KMIP) 1353-1002747-02Chapter2Configuring Encryption Using the Management ApplicationIn this chapter•Encryp
292 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Security processor KEK statusASecurity processor KEK statusTable 19 lists security p
Fabric OS Encryption Administrator’s Guide (KMIP) 29353-1002747-02Encrypted LUN statesALUN_1ST_TIME_REKEY_IN_PROG First time rekey is in progress.LUN_
294 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encrypted LUN statesALUN_DIS_WR_META_DONE_ERR Disabled (Write metadata done with fai
Fabric OS Encryption Administrator’s Guide (KMIP) 29553-1002747-02Encrypted LUN statesATABLE 21 Tape LUN statesInternal Names Console String Explanati
296 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encrypted LUN statesALUN_ENCRYPT Encryption enabled The tape medium is present, and
Fabric OS Encryption Administrator’s Guide (KMIP) 29753-1002747-02IndexAadd commands--add -haclustermember, 166--add -initiator, 179, 187, 193--add -L
298 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUNadding to CryptoTarget container using the CLI, 182configuring, 182, 183mo
Fabric OS Encryption Administrator’s Guide (KMIP) 29953-1002747-02disk lunsdecommissioning, 113rekeying manually, 115setting rekey all, 116viewing rek
300 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02encryption nodesetting initialization, 28encryption nodessetting initialization, 148
Fabric OS Encryption Administrator’s Guide (KMIP) 30153-1002747-02Iimport commands, --import, 161initialize commands--initEE, 254initEE, 158--initnode
14 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption Center features2•Viewing and editing encryption group properties . . . . .
302 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02member nodesadding to an encryption group, 160members tab, 130remove button, 132modi
Fabric OS Encryption Administrator’s Guide (KMIP) 30353-1002747-02set commands--set -failback, 168--set -keyvault LKM, 159show commands--show, 162, 17
304 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02troubleshootingcfgshow command, 267configshow, 267cryptocfg --show -groupcfg command
Fabric OS Encryption Administrator’s Guide (KMIP) 1553-1002747-02Encryption user privileges2Encryption user privilegesIn BNA, resource groups are assi
16 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2Smart card usageSmart Cards are credit card-sized cards that contain
Fabric OS Encryption Administrator’s Guide (KMIP) 1753-1002747-02Smart card usage2• Establishing a trusted link with the NetApp LKM key vault.• Decomm
18 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage23. Locate the Authentication Card Quorum Size and select the quorum
Fabric OS Encryption Administrator’s Guide (KMIP) 1953-1002747-02Smart card usage2Registering authentication cards from the databaseSmart cards that a
20 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2Deregistering an authentication cardAuthentication cards can be remo
Fabric OS Encryption Administrator’s Guide (KMIP) 2153-1002747-02Smart card usage2Using system cardsSystem cards are smart cards that can be used to c
iv Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Support for virtual fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2Enabling or disabling the system card requirementTo use a system car
Fabric OS Encryption Administrator’s Guide (KMIP) 2353-1002747-02Smart card usage2Deregistering system cardsSystem cards can be removed from the datab
24 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Smart card usage2FIGURE 12 Smart Card asset tracking dialog boxThe Smart Cards table
Fabric OS Encryption Administrator’s Guide (KMIP) 2553-1002747-02Smart card usage2• Save As button: Saves the entire list of smart cards to a file. Th
26 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Network connections22. Insert the smart card into the card reader.3. After the card’s
Fabric OS Encryption Administrator’s Guide (KMIP) 2753-1002747-02Blade processor links2Blade processor linksEach encryption switch or blade has two Gb
28 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Encryption node initialization and certificate generation23. Enter the link IP addres
Fabric OS Encryption Administrator’s Guide (KMIP) 2953-1002747-02Key Management Interoperability Protocol2Key Management Interoperability Protocol The
30 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2NOTEIf you are configuri
Fabric OS Encryption Administrator’s Guide (KMIP) 3153-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Setting FIPS compliance1
Fabric OS Encryption Administrator’s Guide (KMIP) v53-1002747-02High availability (HA) clusters . . . . . . . . . . . . . . . . . . . . . . . . . . .
32 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Creating a local CA1. Fr
Fabric OS Encryption Administrator’s Guide (KMIP) 3353-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Creating a server certif
34 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 19 KeySecure Cert
Fabric OS Encryption Administrator’s Guide (KMIP) 3553-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)25. Copy the certificate
36 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)28. Select Server as the
Fabric OS Encryption Administrator’s Guide (KMIP) 3753-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 24 KeySecure Cert
38 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Creating a cluster1. Fro
Fabric OS Encryption Administrator’s Guide (KMIP) 3953-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 27 KeySecure Clus
40 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Configuring a Brocade gr
Fabric OS Encryption Administrator’s Guide (KMIP) 4153-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Registering the KeySecur
vi Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Disk device decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . .
42 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Signing the encryption n
Fabric OS Encryption Administrator’s Guide (KMIP) 4353-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 31 Certificate an
44 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 32 Import Signed
Fabric OS Encryption Administrator’s Guide (KMIP) 4553-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 34 Backup and Res
46 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Configuring the KMIP ser
Fabric OS Encryption Administrator’s Guide (KMIP) 4753-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2Adding a node to the clu
48 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure)2FIGURE 38 KeySecure Clus
Fabric OS Encryption Administrator’s Guide (KMIP) 4953-1002747-02Encryption preparation28. Under Restore Backup, select Upload from browser, then ente
50 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2• An external host is available on the LAN to facilitate
Fabric OS Encryption Administrator’s Guide (KMIP) 5153-1002747-02Creating an encryption group25. Select Security Settings.6. Confirm the configuration
Fabric OS Encryption Administrator’s Guide (KMIP) vii53-1002747-02Steps for connecting to a KMIP appliance (SafeNet KeySecure). . . . . . . . . . . .
52 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2FIGURE 43 Designate Switch Membership dialog box 5. For
Fabric OS Encryption Administrator’s Guide (KMIP) 5353-1002747-02Creating an encryption group2The dialog box contains the following information:• Encr
54 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2Using this dialog box, you can select a key vault for th
Fabric OS Encryption Administrator’s Guide (KMIP) 5553-1002747-02Creating an encryption group2Configuring key vault settings for Key Management Intero
56 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group24. (Optional) Enter a Backup Key Vault IP address or hos
Fabric OS Encryption Administrator’s Guide (KMIP) 5753-1002747-02Creating an encryption group2FIGURE 48 Specify Master Key File Name dialog box9. Ente
58 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2FIGURE 49 Select Security Settings dialog box12. Set quo
Fabric OS Encryption Administrator’s Guide (KMIP) 5953-1002747-02Creating an encryption group2FIGURE 50 Confirm Configuration dialog box14. Confirm th
60 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Creating an encryption group2All configuration items have green check marks if the co
Fabric OS Encryption Administrator’s Guide (KMIP) 6153-1002747-02Adding a switch to an encryption group23. Register the key vault. BNA registers the k
viii Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a switch to an encryption group2FIGURE 53 Configure Switch Encryption wizard -
Fabric OS Encryption Administrator’s Guide (KMIP) 6353-1002747-02Adding a switch to an encryption group2The dialog box contains the following informat
64 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a switch to an encryption group2FIGURE 56 Specify Public Key Certificate (KAC)
Fabric OS Encryption Administrator’s Guide (KMIP) 6553-1002747-02Adding a switch to an encryption group2FIGURE 58 Configuration Status dialog boxAll c
66 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Adding a switch to an encryption group2FIGURE 59 Error Instructions dialog box8. Revi
Fabric OS Encryption Administrator’s Guide (KMIP) 6753-1002747-02Replacing an encryption engine in an encryption group2Replacing an encryption engine
68 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability (HA) clusters2High availability (HA) clusters A high availability (
Fabric OS Encryption Administrator’s Guide (KMIP) 6953-1002747-02High availability (HA) clusters2Creating HA clusters For the initial encryption node,
70 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02High availability (HA) clusters23. Click the right arrow to add the encryption engine
Fabric OS Encryption Administrator’s Guide (KMIP) 7153-1002747-02Configuring encryption storage targets2Failback optionThe Failback option determines
Fabric OS Encryption Administrator’s Guide (KMIP) ix53-1002747-02Deployment in Fibre Channel routed fabrics. . . . . . . . . . . . . . . . . .220Deplo
72 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets26. Configuration Status7. Important Instructio
Fabric OS Encryption Administrator’s Guide (KMIP) 7353-1002747-02Configuring encryption storage targets2FIGURE 63 Configure Storage Encryption welcome
74 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets2The dialog box contains the following informat
Fabric OS Encryption Administrator’s Guide (KMIP) 7553-1002747-02Configuring encryption storage targets26. Select a target from the list. (The Target
76 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets2NOTENote: You must enter the host node world w
Fabric OS Encryption Administrator’s Guide (KMIP) 7753-1002747-02Configuring encryption storage targets2FIGURE 67 Name Container dialog box10. Enter t
78 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring encryption storage targets2The screen contains the following information:
Fabric OS Encryption Administrator’s Guide (KMIP) 7953-1002747-02Configuring encryption storage targets213. Review any post-configuration instructions
80 Fabric OS Encryption Administrator’s Guide (KMIP)53-1002747-02Configuring hosts for encryption targets2Configuring hosts for encryption targetsUse
Fabric OS Encryption Administrator’s Guide (KMIP) 8153-1002747-02Configuring hosts for encryption targets2FIGURE 72 Encryption Target Hosts dialog box
Commentaires sur ces manuels