Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
191192193194195196197198199200
Fabric OS Encryption Administrator’s Guide (DPM) 179
53-1002720-02
Force-enabling a decommissioned disk LUN for encryption
3
Force-enabling a decommissioned disk LUN for encryption
When trying to re-use primary or secondary replicated LUNs, you must first decommission the
LUNs. When trying to re-use a decommissioned LUN, you must:
1. Delete the keys from the key vault.
2. Log in as Admin or FabricAdmin.
3. Delete the decommissioned LUN IDs from the Brocade Encryption Switch.
e. Display the decommissioned key IDs.
FabricAdmin:switch> cryptocfg --show –decommissionedkeyids
f. Delete the respective key from the Brocade Encryption Switch. Enter the following
command.
FabricAdmin:switch> cryptocfg --delete –decommissionedkeyids
4. Add the LUN back into the container as cleartext.
FabricAdmin:switch> cryptocfg --add –LUN <crypto target container name> <LUN
Num | LUN Num Range> <Initiator PWWN> <Initiator NWWN> -lunstate cleartext
5. Enable the LUN.
FabricAdmin:switch> cryptocfg --enable -LUN <crypto target container name>
<LUN Num> <Initiator PWWN>
6. Modify the LUN to encrypted.
FabricAdmin:switch> cryptocfg --modify -LUN <crypto target container name>
<LUN Num> <Initiator PWWN> 0 -lunstate encrypted -encryption_format native
-encrypt
7. En te r t h e cryptocfg --enable -LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
Force-enabling a disabled disk LUN for encryption
You can force a disk LUN to become enabled for encryption when encryption is disabled on the
LUN. A LUN may become disabled for various reasons, such as a change in policy from encrypt to
cleartext when encrypted data (and metadata) exist on the LUN, a conflict between LUN policy and
LUN state, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN
may result in a loss of data and should be exercised with caution. Refer to Chapter 6, “LUN policy
troubleshooting” on page 275 for a description of conditions under which a LUN may be disabled,
and for recommendations on re-enabling the LUN while minimizing the risk of data loss.
This procedure must be performed on the local switch that is hosting the LUN. No commit is
required to force-enable after executing this command.