Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
201202203204205206207208209210
Fabric OS Encryption Administrator’s Guide (DPM) 185
53-1002720-02
Configuring LUNs for SRDF/TF or RP deployments
3
Steps for dealing with these scenarios are described in the following sections devoted to using
SRDF, TimeFinder (TF) and RecoverPoint (RP) with the Brocade encryption solution.
Creating new source LUNs that can later be replicated
Use the following command to create a new source LUN capable of later replication. This command
must be completed once for every path/container that has access to the source LUN:
1. Log in as Admin or FabricAdmin.
2. Create the new source LUN with the
-newLUN option and -encrypt policy
FabricAdmin:switch> cryptocfg --add -LUN <source_container> <new LUN num>
<initiator PWWN & NWWN> -newLUN -lunstate cleartext -encrypt
NOTE
This command assumes there is no valid user data on the LUN. Therefore, this command will
have the effect of destroying any existing user data on the LUN.
3. Commit the configuration
FabricAdmin:switch> cryptocfg --commit
Migrating LUNs with existing data to LUNs that can be replicated
As part of the encryption replication solution, if a SRDF/TF/RP source LUN contains valid customer
data (cleartext or encrypted), prior to replicating the LUN, the existing user data must be migrated
to a new LUN that is at least three blocks larger than the current source LUN.
If your setup has an existing target LUN, it too will need to be deleted and then recreated as a LUN
that is identical in size to the new larger source LUN.
The steps for migrating data from the existing source LUN to a larger and replication-capable LUN
depend on whether or not the existing LUN contains encrypted data or cleartext data. The two
options are described below.
NOTE
R1 and R2 devices must be of the same size. If the LUNs are of different sizes and R1 does not have
primary metadata, encryption of R2 LUNs will fail and the LUN becomes disabled. This is because
the location of the secondary metadata differs for R1 and R2 LUNs that are not the same size.
Normally, R1 writes secondary metadata at its last three blocks, but because R2 is a different size,
its last three blocks do not contain metadata, causing the encryption setup to fail.
OPTION 1 (data migration for encrypted source LUNs)
1. Log in as Admin or FabricAdmin.
2. Create a new LUN with
-newLUN option and -encrypt policy.
FabricAdmin:switch> cryptocfg --add -LUN <source_container> <new LUN num>
<initiator PWWN & NWWN> -newLUN -lunstate cleartext -encrypt