beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 9

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

ix

53-1002925-01

Configuring CryptoTarget containers and LUNs . . . . . . . . . . . . . . .201

Redirection zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Deployment with Admin Domains (AD) . . . . . . . . . . . . . . . . . . . . . .202

Do not use DHCP for IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .202

Ensure uniform licensing in HA clusters . . . . . . . . . . . . . . . . . . . . .202

Tape library media changer considerations . . . . . . . . . . . . . . . . . .202

Turn off host-based encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

Avoid double encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

PID failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

Turn off compression on extension switches . . . . . . . . . . . . . . . . .203

Rekeying best practices and policies. . . . . . . . . . . . . . . . . . . . . . . .203

Manual rekey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Latency in rekey operations . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Allow rekey to complete before deleting a container. . . . . . . .204
Rekey operations and firmware upgrades . . . . . . . . . . . . . . . .204
Do not change LUN configuration while rekeying . . . . . . . . . .204
Brocade native mode in LKM/SSKM installations . . . . . . . . .204
Recommendation for Host I/O traffic during online
rekeying and first- time encryption . . . . . . . . . . . . . . . . . . . . . .205

KAC certificate registration expiry . . . . . . . . . . . . . . . . . . . . . . . . . .205

Changing IP addresses in encryption groups . . . . . . . . . . . . . . . . .205

Disabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . .205

Recommendations for Initiator Fan-Ins . . . . . . . . . . . . . . . . . . . . . .206

Best practices for host clusters in an encryption environment . . .207

HA Cluster deployment considerations and best practices . . . . . .207

Key Vault Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Tape Device LUN Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Chapter 6

Maintenance and Troubleshooting

Encryption group and HA cluster maintenance. . . . . . . . . . . . . . . .210

Displaying encryption group configuration
or status information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Removing a member node from an encryption group. . . . . . .210
Deleting an encryption group . . . . . . . . . . . . . . . . . . . . . . . . . .213
Removing an HA cluster member . . . . . . . . . . . . . . . . . . . . . . .213
Displaying the HA cluster configuration . . . . . . . . . . . . . . . . . .214
Replacing an HA cluster member . . . . . . . . . . . . . . . . . . . . . . .215
Deleting an HA cluster member . . . . . . . . . . . . . . . . . . . . . . . . 217
Performing a manual failback of an encryption engine . . . . .218

See also other documents in the category Brocade Computer Accessories: