Technical data
Fabric OS Encryption Administrator’s Guide (DPM) 177
53-1002720-02
Decommissioning replicated LUNs
3
• If you are running Fabric OS 7.1.0, and you want to downgrade to an earlier Fabric OS version,
(for example, Fabric OS 7.0.x), after decommissioning a disk LUN, it is recommended that you
remove the decommissioned key ID from the key vault before performing the downgrade.
Otherwise, if the LUN is added back for encryption, the LUN will go to the disabled state as the
key state is decommissioned in the key vault.
Decommissioning replicated LUNs
When trying to re-use primary R1 or secondary R2 replicated LUNs, you must first decommission
the LUNs. When trying to re-use a decommissioned LUN, you must:
1. Delete the keys from the key vault.
2. Add the LUN back into the container as cleartext.
3. Modify the LUN to encrypted.
The following scenarios are provided:
• “Decommissioning primary R1 LUNs only”
• “Decommissioning mirror R2 LUNs only”
• “Decommissioning primary R1 and mirror R2 LUN pairs”
Decommissioning primary R1 LUNs only
To decommission the primary LUN and make the secondary LUN the primary LUN, complete the
following steps. Failure to do so could result in the LUN state showing as Disabled.
1. Log in as Admin or FabricAdmin.
2. Split the R1/R2 sync.
3. Make the R2 LUN write-enabled.
4. Execute the rekey command on the R2 LUN.
FabricAdmin:switch> cryptocfg --manual_rekey <crypto target container name>
<LUN Num> <Initiator PWWN>
5. Decommission the primary LUN.
FabricAdmin:switch> cryptocfg --decommission -container <container name>
-initiator <initiator PWWN> -LUN <lun number>
6. Display the decommissioned key IDs.
FabricAdmin:switch> cryptocfg --show –decommissionedkeyids
7. Delete the respective key from the key vault. On the Brocade Encryption Switch, enter the
following command.
FabricAdmin:switch> cryptocfg --delete –decommissionedkeyids