Encryption overview, In this chapter, Host and lun considerations – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 21: Chapter 1, Chapter 1, “encryption overview
Fabric OS Encryption Administrator’s Guide (SKM/ESKM)
1
53-1002923-01
Chapter
1
Encryption Overview
In this chapter
•
•
•
•
•
•
•
•
•
Brocade encryption solution overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
•
Data encryption key life cycle management . . . . . . . . . . . . . . . . . . . . . . . . . . 9
•
•
•
NOTE
If you want to register a KMIP-compliant server on the Brocade Encryption Switch, refer to the Fabric
OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP)
Key-Compliant Environments for configuration instructions. Only new installations are allowed to use
key vault type KMIP.
Host and LUN considerations
Encrypting data-at-rest provides peace of mind in terms of protecting data from loss or theft, but
very careful planning must be done to ensure encrypted data is handled correctly. Much of the
planning must come from careful evaluation of host application and LUN resources, and of the
path that the data will take to get from one or more hosts to a LUN.
CAUTION
When implementing encryption for data-at-rest, all hosts that access a LUN that is to hold
encrypted data need to be configured for encryption to avoid data corruption. If a host, possibly in
another fabric, writes cleartext to an encrypted LUN, the data on the LUN will be lost. The user
must ensure that all hosts that can access a LUN are configured in the same manner.