Brocade Communications Systems Encryption Switch Service Manual Page 143
- Page / 326
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Fabric OS Encryption Administrator’s Guide (DPM) 125
53-1002720-02
Chapter
3
Configuring Encryption Using the CLI
In this chapter
•Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
•Command validation checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
•Command RBAC permissions and AD types . . . . . . . . . . . . . . . . . . . . . . . . 127
•Cryptocfg Help command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
•Management LAN configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
•Configuring cluster links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
•Setting encryption node initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
•Steps for connecting to a DPM appliance . . . . . . . . . . . . . . . . . . . . . . . . . . 134
•Generating and backing up the master key. . . . . . . . . . . . . . . . . . . . . . . . . 146
•High availability clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
•Re-exporting a master key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
•Enabling the encryption engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
•Zoning considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
•CryptoTarget container configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
•Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
•Impact of tape LUN configuration changes . . . . . . . . . . . . . . . . . . . . . . . . . 175
•Decommissioning LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
•Decommissioning replicated LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
•Force-enabling a decommissioned disk LUN for encryption . . . . . . . . . . . 179
•Force-enabling a disabled disk LUN for encryption. . . . . . . . . . . . . . . . . . . 179
•SRDF LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
•Using SRDF, TimeFinder and RecoverPoint with encryption. . . . . . . . . . . . 183
•Configuring LUNs for SRDF/TF or RP deployments. . . . . . . . . . . . . . . . . . . 184
•SRDF/TF/RP manual rekeying procedures . . . . . . . . . . . . . . . . . . . . . . . . . 189
•Tape pool configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
•Configuring a multi-path Crypto LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
•First-time encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
•Thin provisioned LUNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
•Data rekeying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
- Fabric OS Encryption 1
- Document History 2
- Contents 3
- 53-1002720-02 10
- About This Document 13
- What’s new in this document 14
- Document conventions 14
- Command syntax conventions 15
- Notes, cautions, and warnings 15
- Additional information 16
- Getting technical help 17
- Document feedback 18
- Encryption Overview 19
- Terminology 20
- The Brocade Encryption Switch 22
- The FS8-18 blade 23
- FIPS mode 23
- Performance licensing 23
- Usage limitations 24
- FIGURE 2 Encryption overview 25
- FIGURE 3 Frame redirection 26
- IO Sync LAN 27
- FIGURE 5 DEK life cycle 28
- Master key management 29
- Support for virtual fabrics 29
- Encryption Center features 32
- Encryption user privileges 33
- Smart card usage 34
- Using system cards 39
- Deregistering system cards 41
- Using smart cards 41
- Tracking smart cards 42
- Editing smart cards 44
- Network connections 45
- Blade processor links 45
- (KAC) certificate 46
- Encryption preparation 53
- Creating an encryption group 53
- Creating HA clusters 70
- Failback option 72
- Invoking failback 72
- Adding an encryption target 73
- FIGURE 46 Next Steps screen 81
- Configuring storage arrays 89
- Remote replication LUNs 89
- SRDF pairs 90
- Moving targets 94
- Tape LUN statistics 97
- Encryption engine rebalancing 102
- Master keys 103
- Active master key 104
- Alternate master key 104
- Master key actions 104
- ATTENTION 106
- Creating a master key 111
- Security Settings 112
- Setting zeroization 113
- Redirection zones 115
- Disk device decommissioning 115
- Decommissioning disk LUNs 116
- Displaying Universal IDs 118
- Setting disk LUN Re-key All 119
- Thin provisioned LUNs 123
- Thin Provisioning support 124
- Time left for auto rekey 125
- General tab 131
- Members tab 133
- Members tab Remove button 134
- Security tab 135
- HA Clusters tab 137
- Tape Pools tab 139
- Adding tape pools 140
- Engine Operations tab 141
- TABLE 3 Encryption acronyms 142
- In this chapter 143
- Overview 144
- Command validation checks 144
- (Continued) 146
- Cryptocfg Help command output 148
- Management LAN configuration 148
- Configuring cluster links 149
- Node is a group leader node 150
- Node is a member node 150
- • FIPS crypto officer 151
- • FIPS user 151
- • Node CP certificate 151
- Submitting the CSR to a CA 154
- • cryptocfg --initEE 161
- • cryptocfg --regEE 161
- • cryptocfg --enableEE 161
- High availability clusters 166
- Creating an HA cluster 167
- Policy Configuration Examples 170
- Re-exporting a master key 171
- Viewing the master key IDs 172
- Zoning considerations 175
- Frame redirection zoning 176
- Gathering information 180
- Crypto LUN configuration 184
- Discovering a LUN 185
- Configuring a Crypto LUN 186
- Configuring a tape LUN 189
- Decommissioning LUNs 193
- SRDF LUNs 198
- --set -replication enable 199
- Adding replication LUNs 200
- Reading metadata after sync 200
- -newLUN option 201
- TF snapshot rekeying details 207
- -not_ready option of TF 208
- <initiator PWWN> 208
- ID> <initiator PWWN> 210
- Tape pool configuration 212
- CommVault Galaxy labeling 213
- NetBackup labeling 213
- Creating a tape pool 214
- Deleting a tape pool 215
- Modifying a tape pool 215
- First-time encryption 220
- Space reclamation 222
- Data rekeying 223
- Deployment Scenarios 227
- --rdcreate [host wwn] 236
- FIGURE 103 FCIP deployment 238
- Data mirroring deployment 239
- VMware ESX server deployments 241
- General guidelines 244
- HP-UX considerations 248
- Enabling a disabled LUN 249
- AIX Considerations 249
- Disk metadata 250
- Tape metadata 250
- Tape data compression 251
- Tape pools 251
- Tape block zero handling 252
- Tape key expiry 252
- Avoid double encryption 254
- PID failover 254
- Manual rekey 255
- Latency in rekey operations 255
- Key Vault Best Practices 259
- Tape Device LUN Mapping 259
- Deleting an encryption group 265
- Removing an HA cluster member 265
- Deleting an HA cluster member 269
- Failover/failback example 270
- Recovery 271
- -hbmisses and -hbtimeout 276
- Key vault diagnostics 282
- Command Activity 285
- Problem Resolution 285
- General errors and conditions 286
- LUN policy troubleshooting 293
- MPIO and internal LUN states 295
- Multi-node EG replacement 296
- Single-node EG replacement 298
- Multi-node EG Case 299
- Single-node EG Replacement 302
- Deregistering a DPM key vault 305
- TABLE 15 Compatibility Matrix 308
- State and Status Information 311
- Security processor KEK status 312
- Encrypted LUN states 312
- TABLE 22 Tape LUN states 315
Related products and manuals for Network switches Brocade Communications Systems Encryption Switch
(34 pages)
(120 pages)© 2020, manymanuals.com. All rights reserved. | 0.384 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals