Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 9
Fabric OS Encryption Administrator’s Guide (KMIP)
ix
53-1002747-02
Deployment in Fibre Channel routed fabrics. . . . . . . . . . . . . . . . . .220
Deployment as part of an edge fabric . . . . . . . . . . . . . . . . . . . . . . .222
Deployment with FCIP extension switches . . . . . . . . . . . . . . . . . . .223
VMware ESX server deployments. . . . . . . . . . . . . . . . . . . . . . . . . . .224
Best Practices and Special Topics
Firmware upgrade and downgrade considerations . . . . . . . . . . . .228
General guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Specific guidelines for HA clusters . . . . . . . . . . . . . . . . . . . . . .229
Configuration upload and download considerations . . . . . . . . . . .230
Configuration upload at an encryption group leader node . . .230
Configuration upload at an encryption group member
node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Information not included in an upload . . . . . . . . . . . . . . . . . . .230
Steps before configuration download. . . . . . . . . . . . . . . . . . . .231
Configuration download at the encryption group leader. . . . .231
Configuration download at an encryption group member . . .231
Steps after configuration download . . . . . . . . . . . . . . . . . . . . .232
HP-UX considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
AIX Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Enabling a disabled LUN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Disk metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Tape metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Tape data compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Tape pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Tape block zero handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Tape key expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Configuring CryptoTarget containers and LUNs . . . . . . . . . . . . . . .235
Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236
Deployment with Admin Domains (AD) . . . . . . . . . . . . . . . . . . . . . .237
Do not use DHCP for IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .237
Ensure uniform licensing in HA clusters . . . . . . . . . . . . . . . . . . . . .237
Tape library media changer considerations . . . . . . . . . . . . . . . . . .237
Turn off host-based encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Avoid double encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
PID failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Turn off compression on extension switches . . . . . . . . . . . . . . . . .238