Measuring Encryption Performance - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual

The key vault client SDK version, and timeout and retry policy for the client SDK could differ across
encryption nodes, depending on the firmware versions they are running.
This feature also reports the results of a vault connectivity check and the results of a validation
check on key operations. These results are specific to each encryption node. The operations done
as part of this are:
•
•
•
•
•
•
For additional command information, refer to the Fabris OS Command Reference v7.0.0.

Measuring encryption performance

With the introduction of Fabric OS v7.1.0, you can monitor the throughput of redirected I/O flow
through an encryption engine (EE). In support of this functionality, the cryptocfg
command is used.
The cryptocfg
ports and the internal cryptographic processing modules, similar to the way that
displays throughput performance at the external port. Throughput is measured as Bytes/second.
For example:
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
•
Time of day on the switch
•
Key Vault client SDK version
•
Timeout and retry policy for the client SDK
Connects to the key vault and performs a connectivity check, reports any possible issues in
case of failure, for example, certificate issues, username or password issues, or connectivity
issues.
Attempts to retrieve a key and indicates any possible issues in case of failure.
Attempts to store a key on the vault and indicates any possible issues in case of failure.
Verifies if a key written is synchronized across the vaults in a cluster.
This check indicates only the synchronization capability at a given point of time, and does not
mean all keys on the vault are synchronized. The need for manual synchronization of keys
depends on the point of key vault connectivity failure or user-initiated operations (for example,
reboot) and is not identified by the KV diagnostics report. However if such a failure occurs
when diagnostics tests are run, failures will be identified and indicated.
Displays any errors returned from the key vault and indicates the possible issue with
configuration or setup that needs manual intervention, such as synchronization of keys or
reissuing certificates.
In a situation whereby a key cannot be created on the vault, (for example, an error message
shows "key exists," "not enough permissions," or "key creation failure"), verifies the failure and
provides additional information. The information shown will vary based on the key vault type.
perfshow command displays the throughput performance between the external
--
FabricAdmin:switch> cryptocfg --perfshow [slot] [-rx | -tx | -tx -rx]
[-interval <time in seconds>]
Whereby:
•
Slot displays the throughput of redirected I/O flow through the EE in a given slot of the
chassis.
•
tx displays the transmit throughput of the redirected I/O.
-
•
rx displays the receive throughput of the redirected I/O.
-

Measuring encryption performance

6
perfshow
--
portperfshow
-
323