Deployment with fcip extension switches – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 235
Fabric OS Encryption Administrator’s Guide (SKM/ESKM)
215
53-1002923-01
Deployment with FCIP extension switches
4
Deployment with FCIP extension switches
Encryption switches may be deployed in configurations that use extension switches or extension
blades within a DCX or DCX 8510 Backbone to enable long distance connections.
shows an encryption switch deployment in a Fibre Channel over IP (FCIP) configuration. Refer to the
Fabric OS Administrator’s Guide for information about creating FCIP configurations.
NOTE
We recommend disabling data compression on FCIP links that might carry encrypted traffic to avoid
potential performance issues as compression of encrypted data might not yield the desired
compression ratio. We also recommend that tape pipelining and fastwrite also be disabled on the
FCIP link if it is transporting encrypted traffic.
When an encryption switch is deployed with an extension switch or blade in the same chassis or
fabric, the encryption switch can use the FCIP functionality provided by the extension switch.
In
, the host is using the remote target for remote data mirroring or backup across the
FCIP link. If the encryption services are enabled for the host and the remote target, the encryption
switch can take clear text from the host and send cipher text over the FCIP link. For FCIP on the
extension switch, this traffic is same as rest of the FCIP traffic between any two FCIP end points.
The traffic is encrypted traffic. FCIP provides a data compression option. Data compression should
not be enabled on the FCIP link. If compression is enabled on FCIP link, then encrypted traffic going
through FCIP compression may not provide the best compression ratio.
FIGURE 100
FCIP deployment