Changing ip addresses in encryption groups, Disabling the encryption engine, Recommendations for initiator fan-ins – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 258
240
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Changing IP addresses in encryption groups
5
Changing IP addresses in encryption groups
Generally, when IP addresses are assigned to the Ge0 and Ge1 ports, they should not be changed.
If an encryption group member node IP address must be changed, refer to
node within an encryption group”
Disabling the encryption engine
The disable encryption engine interface command cryptocfg
--
disableEE [slot number]
should be
used only during firmware download, and when the encryption and security capabilities of the
encryption engine have been compromised. When disabling the encryption capabilities of the
encryption engine, be sure the encryption engine is not hosting any CryptoTarget containers. All
CryptoTarget containers hosted on the encryption switch or FS8-18 blade must either be removed
from the encryption engine, or be moved to different encryption engine in an HA Cluster or
encryption group before disabling the encryption and security capabilities.
Recommendations for Initiator Fan-Ins
For optimal performance at reasonable scaling factors of initiators, targets, and LUNs accessed,
Brocade Encryption Engines (EEs) are designed to support a fan-in ratio of between four and eight
initiator ports to one target port, in terms of the number of distinct initiator ports to a Crypto
Container (i.e., a virtual target port corresponding to the physical target port).
An encryption engine has 6 distinct encryption blocks with 4 ports, each port operating at 4 Gbps.
The architecture of the encryption blocks provides the potential for an aggregate 96 Gbps of full
duplex encryption bandwidth, if the performance license is installed.
shows the
encryption blocks within an encryption engine, and the host initiator to target port fan-ins. Each
encryption engine can host up to 256 distinct targets with a mapping of 1024 initiators accessing
all the targets. This brings the fan-in ratio for each target to be 1:4 initiators.