beautypg.com

Initial configuration requirements, Srdf/rp initial setup at the source (r1) site, Srdf/recoverpoint remote target (r2) site – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 203

background image

Fabric OS Encryption Administrator’s Guide (DPM)

183

53-1002922-01

Using SRDF, TimeFinder and RecoverPoint with encryption

3

Initial Configuration Requirements

The following are initial configuration requirements for SRDF, TF, and RP:

For SRDF and RP, it is assumed that there is a clustered pair of DPMs at the local site and a
clustered pair of DPMs at the remote site. The clustered pairs must then be configured as part
of the same key vault group

For TimeFinder, the source device (LUN) and the target device (LUN) must be located on the
same storage array.

NOTE

If replication is enabled, firmware downgrades to earlier Fabric OS releases will be disallowed until
the replication feature is disabled. The replication feature cannot be disabled if there are LUNs in
the Encryption Group (EG) configured with the

-

newLUN option.

SRDF/RP initial setup at the source (R1) site

Replication mode needs to be enabled before replicated LUNs can be added to the Brocade
Encryption Switch, and the master key must be exported.

1. Log in as Admin or SecurityAdmin.

2. Use the following command to enable EG wide replication mode:

SecurityAdmin:switch> cryptocfg --set -replication enable

3. Export the master key.

SecurityAdmin:switch> cryptocfg -exportmasterkey

4. Make a note of the master key's ID. The master key ID can be obtained by running the following

command:

SecurityAdmin:switch> cryptocfg --show -localEE

NOTE

The master key is being exported from the local site so it can be recovered and utilized by the EG at
the remote site. If the local and remote sites are both part of the same encryption group and
therefore share the same DPM cluster, this step is not required.

SRDF/RecoverPoint remote target (R2) site

Replication mode needs to be enabled before replicated LUNs can be added to the Brocade
Encryption Switch, and the master key configured on encryption group at the source (R1) site must
be recovered for use on encryption group at the remote (R2) site.

1. Log in as Admin or SecurityAdmin.

2. Enable EG wide replication mode.

SecurityAdmin:switch> cryptocfg --set -replication enable

3. Recover the master key configured on the local site EG to the remote site EG.

See also other documents in the category Brocade Computer Accessories: