beautypg.com

Sskm recommendations – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 256

background image

238

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

SSKM recommendations

6

SSKM recommendations

SafeNet’s KeySecure hosting NetApp’s LKM (SSKM) is supported for data encryption operations.
Use of SSKM with the Brocade encryption solution is only supported for SSKM operating in PVM
mode. Refer to the SSKM documentation for details when operating in PVM mode. Operation in
HVM mode is not supported.

It is recommended to use a Tight VNC connection to access the management console for SSKM
and LKM key vaults instead of remote desktop. If remote desktop is used, you may encounter the
following errors related to the smart card reader:

Error communicating with smart card reader.

Card reader already in use by default key.

Unable to complete TEP/TAP process, as window for selecting card and entering password
does not appear.

Refer to the SafeNet KeySecure installation documentation when setting up and initially
configuring the SSKM key vaults. There are some changes between setting up the SSKMs and the
LKMs.

Refer to the SafeNet or NetApp documentation for any LKM to SSKM migration procedures. This
migration is not tested or supported with Fabric OS v7.0.1 or later.

If a key query is made on the LKM/SSKM servers using the
DataFort Management Console (DMC), any putkey or
getkey operations from this LKM/SSKM KV timeout. As a
result, you might observe the errors on an FS8-18 or
Brocade Encryption Switch during rekey/add/modify LUN
operations.

If the LUN comes online, you can ignore the error, because an automatic retry
will correct the problem. If the LUN does not come online and the error is
continuously returned, then check for connection or configuration issues, or
check if the number of LKM/SSKM clients connected to and trying to access
the key vault server are more than supported.

When a Brocade 7600 application platform is in the data
path, I/O errors may be encountered before reaching the
scalability limit of 512 LUNs with 16 outstanding I/Os.

There is no workaround other than reconfiguring so that the 7600 and the
encryption switch/blade are not in the same data path.

A performance drop occurs when using DPM on a Microsoft
Windows system to back up to a Scalar 500i tape library.

Change the DPM behavior to send one request at a time by adding DWORD
“BufferQueueSize” under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection
Manager\Agent, and set the value to 1.

Then restart DPM servers: MSDPM, DPMLA, DPMRA.

When attempting to add a LUN to a container, the error
message “Commit failed (db propagation).” is returned.

If you are using Fabric OS version 6.3.x, you may be attempting to add a LUN
after you have reached the limit of 512 LUNs per initiator in a container.
Beginning with Fabric OS version 6.4.0, you will receive an error message that
informs you that the maximum limit has been reached.

In an HA cluster after failover, when using the cryptocfg
--

show -hacluster -all command, the failover status

displays on one cluster member, but does not display on
the other cluster member.

In this particular case, the correct status is displayed when group leader node
is queried. If the other node is queried, the status not consistent with the
actual HA status. To be sure of the correct status issue the cryptocfg --show
-

hacluster -all command on the group leader node.

TABLE 10

General errors and conditions

Problem

Resolution

See also other documents in the category Brocade Computer Accessories: