Measuring encryption performance – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Fabric OS Encryption Administrator’s Guide (KMIP)

265

53-1002747-02

Measuring encryption performance

6

•

Key class and format on the KV configured for the user group

•

Client session timeout

•

Encryption node scope

•

Node KAC certificate and its validity (for example, valid header and expiry date)

•

Username/password

•

User group

•

Time of day on the switch

•

Key Vault client SDK version

•

Timeout and retry policy for the client SDK

The key vault client SDK version, and timeout and retry policy for the client SDK could differ across
encryption nodes, depending on the firmware versions they are running.

This feature also reports the results of a vault connectivity check and the results of a validation
check on key operations. These results are specific to each encryption node. The operations done
as part of this are:

•

Connects to the key vault and performs a connectivity check, reports any possible issues in
case of failure, for example, certificate issues, username or password issues, or connectivity
issues.

•

Attempts to retrieve a key and indicates any possible issues in case of failure.

•

Attempts to store a key on the vault and indicates any possible issues in case of failure.

•

Verifies if a key written is synchronized across the vaults in a cluster.

This check indicates only the synchronization capability at a given point of time, and does not
mean all keys on the vault are synchronized. The need for manual synchronization of keys
depends on the point of key vault connectivity failure or user-initiated operations (for example,
reboot) and is not identified by the KV diagnostics report. However if such a failure occurs
when diagnostics tests are run, failures will be identified and indicated.

•

Displays any errors returned from the key vault and indicates the possible issue with
configuration or setup that needs manual intervention, such as synchronization of keys or
reissuing certificates.

•

In a situation whereby a key cannot be created on the vault, (for example, an error message
shows “key exists,” “not enough permissions,” or “key creation failure”), verifies the failure and
provides additional information. The information shown will vary based on the key vault type.

For additional command information, refer to the Fabris OS Command Reference v7.0.0.

Measuring encryption performance

With the introduction of Fabric OS v7.1.0, you can monitor the throughput of redirected I/O flow
through an encryption engine (EE). In support of this functionality, the cryptocfg

--

perfshow

command is used.

The cryptocfg

--

perfshow command displays the throughput performance between the external

ports and the internal cryptographic processing modules, similar to the way that

-

portperfshow

displays throughput performance at the external port. Throughput is measured as Bytes/second.

For example: