Async replication and enablement of 'fast' encryption method

Resolving The Problem

Choose any one of the following two options and execute the steps mentioned:

A) Switch async replication to use 'strong' encryption method (IBM recommended)
Re-configure the async replication for each filesystem having 'fast' encryption method to 'strong' encryption method using GUI or CLI. This procedure needs to be executed on the IBM Storwize V7000 Unified system which is the async replication source for one or more filesystems.

Procedure to switch to 'strong' encryption method:
Using GUI:
Go to Copy services-> File copy services, Right click the replication and select Edit, From 'Encryption Method' drop down menu select 'Strong' and press 'OK'.


Using CLI:
Change the async replication encryption method configured as 'fast' for each filesystem to 'strong' by using CLI 'cfgreplfs'

$ cfgreplfs <source filesytem name> <target cluster name> <target filesystem name> --encryption <type> --cluster <cluster_id>
Example:
$ cfgreplfs 'nl-01' '7802140.ibm' '/ibm/gpfs0' --encryption strong --cluster 10632285293271790597

NOTE:
1) Using 'strong' encryption method may have performance impact on the system (depending on other load on the system) as it may add more load on the system when async replication is run. The system administrator must monitor the system load / performance after this change is made to make sure the system is able to handle the overall workload.
2) For an IBM Storwize V7000 Unified system which is the async replication source for one or more filesystems, repeat this procedure for each filesystem.

OR

B) Re-enable 'fast' encryption on IBM Storwize V7000 Unified by using GUI or CLI.
Refer to the warning statement at the end of this note. If you choose to explicitly re-enable the fast encryption for async replication, this procedure needs to be executed from the IBM Storwize V7000 Unified system which is the async replication target for one or more filesystems. The system is required to be running V1.6.2.1 or later.

Procedure to re-enable 'fast' encryption method:

Using GUI:
Go to Copy services-> File copy services, click 'Actions' -> 'Configure' and select 'The current system is the target', then select the check box 'Enable Fast Encryption' and press 'Yes' in the warning banner.


Using CLI:
Enable 'fast' encryption method by using CLI 'cfgrepl'

Example:
$ cfgrepl --encryption fast
EFSSG1201W Enabling fast encryption will deploy cipher 'arcfour' for SSH on the public network of the V7000 Unified system. Please be aware of certain security vulnerability exposures with this. Refer to http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009686 for more details
Do you really want to perform the operation (yes/no - default no): yes

To check if 'fast' encryption method is enabled in the system, use CLI 'lsrepltarget'
Example:
$lsrepltarget
EFSSG1198C Local cluster supports 'fast' and 'strong' encryption for async replication.
SourceClusterId TargetPath
18151646033450082748 /ibm/pg-1
EFSSG1000I The command completed successfully.

Note:
For an IBM Storwize V7000 Unified system which is acting as an async replication target for one or more filesystems, execute this procedure just once.

WARNING:
Before choosing to use 'fast' encryption method, which enables cipher 'arcfour', please review CVE-2016-2183 (link below), which describes details of security vulnerability.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183