Data mirroring deployment – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 243
Fabric OS Encryption Administrator’s Guide (DPM)
223
53-1002922-01
Data mirroring deployment
4
Data mirroring deployment
shows a data mirroring deployment. In this configuration, the host only knows about
target1 and LUN1, and the I/O path to target1 and LUN1. When data is sent to target1, it is written
to LUN1, and also sent on to LUN2 for replication. Target1 acts as an initiator to enable the
replication I/O path. When an encryption switch is added to the configuration, it introduces another
virtual target and LUN, and a virtual initiator in the I/O path in front of target1. The virtual target
and LUN provided by the encryption switch is mapped to target1 and LUN1. Data is encrypted and
the cipher text is sent to target1, written to LUN1, and replicated on LUN2.
Only one DEK is used to create the cipher text written to both LUNs. A key ID is stored in metadata
written to both LUNs. If possible, the metadata is written to every block with the LBA range of 1 to
16. This ensures that the encryption engine will be able to retrieve the correct DEK from the key
vault when retrieving data from either LUN1 or LUN2.
FIGURE 104
Data mirroring deployment