Brocade Communications Systems Brocade 300 Release Notes page 34


Hot Code Load from FOS v6.4.1a to FOS v7.0 or later is supported. Cryptographic operations and I/O
will be disrupted but other layer 2 FC traffic will not be disrupted.

When disk and tape CTCs are hosted on the same encryption engine, re-keying cannot be done while
tape backup or restore operations are running. Re-keying operations must be scheduled at a time that
does not conflict with normal tape I/O operations. The LUNs should not be configured with auto rekey
option when single EE has disk and tape CTCs.

Gatekeeper LUNs used by SYMAPI on the host for configuring SRDF/TF using in-band management
must be added to their containers with LUN state as "cleartext", encryption policy as "cleartext" and
without "-newLUN" option.

FOS 7.1.0 introduces support for "disk device decommissioning" to following key vault types: ESKM,
TEKA, TKLM and KMIP. To use disk device decommissioning feature for these KVs, all the nodes in the
encryption group must be running FOS v7.1.0 or later. Firmware downgrade will be prevented from
FOS v7.1.0 to a lower version if this feature is in use. Disk Device decommissioning for DPM and LKM
key vaults will continue to work as with previous firmware versions.

FOS7.1.0 introduces a new KMIP keyvault type for Safenet KeySecure SW v6.1 KMIP server. Firmware
downgrade will be prevented from FOS v7.1.0 to a lower version if key vault type is set to KMIP. Please
refer to the KMIP Encryption Admin Guide for more details.

FOS 7.1.0 mandates regular zones for Hosts and Targets must be defined in the effective
configuration before adding an initiator into a crypto container. If crypto commit operation is
performed without regular zones for Host and Target, frame redirection zones will not be created.
Hosts and targets must be zoned together by worldwide port name (WWPN) rather than worldwide
node name (WWNN) in configurations where frame redirection will be used

In FOS 7.1.0 the encryption FPGA has been upgraded to include parity protection of lookup memory
(ROM) within the AES engine. This change enhances parity error detection capability of the FPGA.

Special Notes for HP Data Protector backup/restore application

Tape Pool encryption policy specification:

For other options, behavior defaults to Tape LUN encryption policy.


Tape LUN encryption policy specification:


BES/FS8-18 will reject the SCSI commands WRITE SAME, ATS(Compare and Write/Vendor Specific
opcode 0xF1) and EXTENDED COPY, which are related to VAAI (vStorage APIs for Array Integration)
hardware acceleration in vSphere 4.1/5.x. This will result in non-VAAI methods of data transfer for the
underlying arrays, and may affect the performance of VM related operations.

VMware VMFS5 uses ATS commands with arrays that support ATS. BES/FS8-18 does not support this
command set and therefore VMFS5 with ATS is not supported. It is recommended to use VMFS3.
Fabric OS v7.1.0a Release Notes v1.0
On Windows Systems, HP Data Protector can be used with tape pool encryption
specification only if the following pool label options are used:
 Pick from Barcode
 User Supplied – Only 9 characters or less
On HP-UX systems, HP Data Protector cannot be used with tape pool encryption
specification for any of the pool options. The behavior defaults to Tape LUN
Encryption Policy.
No restrictions, tape LUN encryption policy specification can be used with HP Data
Protector on HP-UX and Windows systems.
Page 34 of 41