Steps after configuration download, Hp-ux considerations – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 250

Advertising
background image

232

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

HP-UX considerations

5

Steps after configuration download

For all opaque key vaults, restore or generate and backup the master key. In a multiple node
encryption group, the master key is propagated from the group leader node.

1. Use the following command to enable the encryption engine.

Admin:switch> cryptocfg --enableEE [slot num]

2. Commit the configuration.

Admin:switch> cryptocfg --commit

3. If there are containers that belonged to the old encryption switch or blade, then after

configdownload is run, use the following command to change the ownership of containers to
the new encryption switch or blade, assuming the host and target physical zone exists.

Admin:switch> cryptocfg --replace <old EE WWN> <new EE WWN>

4. Commit the configuration.

Admin:switch> cryptocfg --commit

5. Use the following command to check if the switch or blade has the master key.

Admin:switch> cryptocfg --show -groupmember <switch WWN>

6. If a master key is not present, restore the master key from backed up copy. Procedures will

differ depending on the backup media used (from recovery smart cards, from the key vault,
from a file on the network or a file on a USB-attached device). If new master key needs to be
generated, generate the master key and back it up.

If authentication cards are used, set the authentication quorum size from the encryption group
leader node after importing and registering the necessary number of Authentication Card
certificates.

HP-UX considerations

The HP-UX OS requires LUN 0 to be present. LUNs are scanned differently based on the type value
returned for LUN 0 by the target device.

If the type is 0, then HP-UX only scans LUNs from 0 to 7. That is the maximum limit allowed by
HP-UX for device type for type 0.

If the type is 0xC, then HP-UX scans all LUNs.

For HP-UX multi-path configurations:

Add LUN 0 as a cleartext LUN.

Make sure to configure a dummy LUN 0 for each host accessing multi-path LUNs through CTCs
in the encryption switch.

cryptocfg -–add –LUN <crypto target container name> 0 <initiator PWWN>
<initiator NWWN>

Advertising
Popular Brands
Popular manuals