Ensure Uniform Licensing In Ha Clusters; Tape Library Media Changer Considerations; Turn Off Host-Based Encryption; Avoid Double Encryption - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual

5

Ensure uniform licensing in HA clusters

Ensure uniform licensing in HA clusters

Licenses installed on the nodes should allow for identical performance numbers between HA
cluster members.

Tape library media changer considerations

In tape libraries where the media changer unit is addressed by a target port that is separate from
the actual tape SCSI I/O ports, create a CryptoTarget container for the media changer unit and
CryptoTarget containers for the SCSI I/O ports. If a CryptoTarget container is created only for the
media changer unit target port, no encryption is performed on this device.
In tape libraries where the media changer unit is addressed by separate LUN at the same target
port as the actual tape SCSI I/O LUN, create a CryptoTarget container for the target port, and add
both the media changer unit LUN and one or more tape SCSI I/O LUNs to that CryptoTarget
container. If only a media changer unit LUN is added to the CryptoTarget container, no encryption is
performed on this device.

Turn off host-based encryption

If a host has an encryption capability of any kind, be sure it is turned it off before using the
encryption engine on the encryption switch or blade. Encryption and decryption at the host may
make it impossible to successfully decrypt the data.

Avoid double encryption

Encryption and decryption at tape drives does not affect the encryption switch or blade
capabilities, and does not cause problems with decrypting the data. However, double encryption
adds the unnecessary need to manage two sets of encryption keys, increases the risk of losing
data, may reduce performance, and does not add security.

PID failover

Virtual device PIDs do not persist upon failover within a single fabric HA cluster. Upon failover, the
virtual device is s assigned a different PID on the standby encryption switch or blade.
Some operating systems view the PID change as an indication of path failure, and will switch over
to redundant path in another fabric. In these cases, HA clusters should not be implemented. These
operating systems include the following:
•
•
•
294
HP-UX prior to 11.x. The issue is not present beginning with 11.31 and later releases.
All versions of IBM AIX, unless dynamic tracking is enabled.
Solaris 2.x releases, Solaris 7, and later releases.
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01