Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch

201

202

203

204

205

206

207

208

209

210

184 Fabric OS Encryption Administrator’s Guide (DPM)

53-1002720-02

Configuring LUNs for SRDF/TF or RP deployments

4. Make a note of the master key's ID. The master key ID can be obtained by running the following

command:

SecurityAdmin:switch> cryptocfg --show -localEE

NOTE

The master key is being exported from the local site so it can be recovered and utilized by the EG at

the remote site. If the local and remote sites are both part of the same encryption group and

therefore share the same DPM cluster, this step is not required.

SRDF/RecoverPoint remote target (R2) site

Replication mode needs to be enabled before replicated LUNs can be added to the Brocade

Encryption Switch, and the master key configured on encryption group at the source (R1) site must

be recovered for use on encryption group at the remote (R2) site.

1. Log in as Admin or SecurityAdmin.

2. Enable EG wide replication mode.

SecurityAdmin:switch> cryptocfg --set -replication enable

3. Recover the master key configured on the local site EG to the remote site EG.

SecurityAdmin:switch> cryptocfg --recovermasterkey currentMK -keyid <key ID of

master key from R1's EG>

Recovery of the master key at the remote site needs to be accomplished before adding

replicated LUNs to the encryption group configuration at the remote/target site.

Configuring LUNs for SRDF/TF or RP deployments

There are two possible LUN configuration scenarios LUNs to consider in SRDF/TF or RP

deployments:

• Creating new source LUNs that can later be replicated.

• Migrating data from existing encrypted or cleartext source LUNs to LUNs that can be replicated.

For each of these scenarios, the following rules and notes apply:

• It is assumed that CryptoTarget containers (CTCs) have been created for all target ports at the

local site (and at the remote site if one exists) and that the appropriate initiators have been

added to each.

• SRDF R1 and R2 LUNs must be the same size.

• TimeFinder (TF) source and target devices (LUNs) must be the same size.

• RecoverPoint (RP) source and target devices (LUNs) must be the same size.

• When changing encryption policies for the source LUN, the same policies must be applied to

the target LUN.

• Once the LUN is added to the container using the -newLUN option, it must not be resized.

• Auto/Key expiry rekey is not allowed for SRDF/TF/RP LUNs. Therefore the -newLUN option is

not compatible with the

-enable_rekey option.