Srdf pairs, Metadata requirements and remote replication, Metadata requirements and – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 92: Remote replication

Advertising
background image

72

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Adding target disk LUNs for encryption

2

SRDF pairs

Remote replication is implemented by establishing a synchronized pair of SRDF devices connected
by FC or IP links. A local source device is paired with a remote target device while data replication is
taking place. While the SRDF devices are paired, the remote target device is not locally accessible
for read or write operations. When the data replication operation completes, the pair may be split to
enable normal read/write access to both devices. The pair may be restored to restore the data on
the local source device.

Figure 54

shows the placement of encryption switches in an SRDF configuration. When encryption

is enabled for the primary LUN, encrypted data written by the local application server to the primary
LUN is replicated on the secondary LUN. The data is encrypted using a DEK that was generated on
the local encryption switch and stored on the local DPM key vault. When each site has an
independent key vault, as shown in

Figure 54

, the key vaults must be synchronized to ensure the

availability of the DEK at the remote site. Refer to DPM user documentation for information about
how to synchronize the key vaults. Both sites may share the same key vault, which eliminates the
need for synchronization across sites. Depending on distance between sites, sharing a key vault
may add some latency when retrieving a key.

FIGURE 54

Basic SRDF configuration with encryption switches

Metadata requirements and remote replication

When the metadata and key ID are written, the primary metadata on blocks 1–16 is compressed
and encrypted. However, there are scenarios whereby these blocks cannot be compressed, and the
metadata is not written to the media. If blocks 1–16 are not compressible on the local source
device and metadata is not written, obtaining the correct DEK for the remote target device
becomes problematic. This problem is avoided by reserving the last three blocks of the LUN for a
copy of the metadata. These blocks are not exposed to the host initiator. When a host reads the
capacity of the LUN, the size reported is always three blocks less than the actual size. The behavior
is enforced by selecting the New LUN check box on the Select LUN screen of the Add New Path
wizard when adding LUNs for an SRDF pair (for example, R1 and R2 in

Figure 54

).

Advertising