Deployment With Admin Domains (Ad); Do Not Use Dhcp For Ip Interfaces; Ensure Uniform Licensing In Ha Clusters; Tape Library Media Changer Considerations - Brocade Communications Systems Brocade 8/12c Administrator's Manual

Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs Also See for Brocade 8/12c:
Table of Contents

Advertisement

Deployment with Admin Domains (AD)

Virtual devices created by the encryption device do not support the AD feature in this release. All
virtual devices are part of AD0 and AD255. Targets for which virtual targets are created and hosts
for which virtual initiators are created must also be in AD0 and AD255. If they are not, access from
the hosts and targets to the virtual targets and virtual initiators is denied, leading to denial of
encryption services.

Do not use DHCP for IP interfaces

Do not use DHCP for either the GbE management interface or the Ge0 and Ge1 interfaces. Assign
static IP addresses.

Ensure uniform licensing in HA clusters

Licenses installed on the nodes should allow for identical performance numbers between HA
cluster members.

Tape library media changer considerations

In tape libraries where the media changer unit is addressed by a target port that is separate from
the actual tape SCSI I/O ports, create a CryptoTarget container for the media changer unit and
CryptoTarget containers for the SCSI I/O ports. If a CryptoTarget container is created only for the
media changer unit target port, no encryption is performed on this device.
In tape libraries where the media changer unit is addressed by separate LUN at the same target
port as the actual tape SCSI I/O LUN, create a CryptoTarget container for the target port, and add
both the media changer unit LUN and one or more tape SCSI I/O LUNs to that CryptoTarget
container. If only a media changer unit LUN is added to the CryptoTarget container, no encryption is
performed on this device.

Turn off host-based encryption

If a host has an encryption capability of any kind, be sure it is turned it off before using the
encryption engine on the encryption switch or blade. Encryption and decryption at the host may
make it impossible to successfully decrypt the data.

Avoid double encryption

Encryption and decryption at tape drives does not affect the encryption switch or blade
capabilities, and does not cause problems with decrypting the data. However, double encryption
adds the unnecessary need to manage two sets of encryption keys, increases the risk of losing
data, may reduce performance, and does not add security.
Fabric OS Encryption Administrator's Guide
53-1002159-03

Deployment with Admin Domains (AD)

5
199

Advertisement

Table of Contents
loading

This manual is also suitable for:

Fabric os encryption

Table of Contents