beautypg.com

Df-compatibility support for tape luns – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 289

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

271

53-1002925-01

DF-compatibility support for tape LUNs

B

DF-compatibility support for tape LUNs

Table 24

and

Table 25

may be used as a reference for establishing tape LUN policies in support of

DataFort firmware versions.

NOTE

On tapes written in DataFort format, the encryption switch or blade cannot read and decrypt files
with a block size of one MB or greater.

TABLE 24

Compatibility matrix for Brocade and DataFort encryption modes for tape LUNs

DataFort firmware versions Brocade handling for DataFort written tapes - Read Brocade handling for DataFort-compatible encryption - Write

DF SAN version 1.x

1.x tape support in DF-compatible mode is not supported in Fabric OS v6.1.1_enc.

DF SAN version 2.x/3.x

The encryption switch supports reading and
decrypting tapes of this format when a
DF-compatible license is present.

The encryption switch supports writing tapes in this version
format when DF-compatible encryption mode is set and a
DF-compatible license is present.

TABLE 25

Compatibility support matrix for tape pools

Tape pool encryption format

Tape pool policy

Metadata present

Results

Native (Brocade)

Encrypt

Brocade metadata

No error. Both read and writes are allowed in Brocade
format. The key from the metadata is used for read. A new
key is generated for write if the key from the metadata has
expired.

Native (Brocade)

Encrypt

DF metadata

Reads are allowed in DF-compatible format using the key
from the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in Brocade format only.

Native (Brocade)

Encrypt

No (new tape)

No error. A new key is generated and both read and write
are allowed in Brocade format.

Native (Brocade)

Cleartext

Brocade metadata

Reads are allowed in Brocade format using the key from
the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in cleartext format (no key generated) only when the tape is
positioned at the beginning of the tape.

Native (Brocade)

Cleartext

DF metadata

Reads are allowed in DF-compatible format using the key
from the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in cleartext format (no key generated) only when the tape is
positioned at the beginning of the tape.

Native (Brocade)

Cleartext

No (new tape)

No error. No key is generated, and both read and writes are
allowed in cleartext format.

DF-compatible

Encrypt

Brocade metadata

Reads are allowed in Brocade format using the key from
the metadata. Writes are rejected if the tape is not
positioned at the beginning of the tape. Writes are allowed
in DF-compatible format only when the tape is positioned
at the beginning of the tape.

DF-compatible

Encrypt

DF metadata

No error. Both read and writes are allowed in
DF-compatible format. The key from the metadata is used
for read. A new key is used for write if the key from the
metadata has expired.

See also other documents in the category Brocade Computer Accessories: