Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
211212213214215216217218219220
Fabric OS Encryption Administrator’s Guide (DPM) 193
53-1002720-02
SRDF/TF/RP manual rekeying procedures
3
Rekeying remote site (R2) SRDF LUNs
To rekey an R2 LUN, you must first do an SRDF role reversal. Complete the following steps to
reverse the R1/R2 LUN functional roles:
1. Issue the SRDF role swap command to change the old R1 LUN to the new R2 LUN and old R2
LUN to the new R1 LUN.
2. Split the SRDF pair.
3. Issue the cryptocfg
--manual_rekey <crypto target container name> <LUN Num> <Initiator
PWWN>
-include_mirror command on the new R1 LUN (old R2 LUN).
NOTE
This command will fail with an error if the -include_mirror option is not provided with the
manual_rekey request.
4. After the rekey is completed, disable the new R2 target ports.
5. Establish the SRDF for replication and wait for the SRDF pair to be fully synchronized.
6. Verify that the DEKs are synched up from the local site key vault cluster to the remote site key
vault cluster.
NOTE
In all operations prior to SRDF establishment, ensure that the DEKs are synchronized between
the local and remote site key vaults.
7. Verify that the Replication LUN type of the new R1 LUN is now “Primary” and the Replication
LUN type of new R2 LUN is now “Mirror”.
NOTE
Verify the DEKs and Replication LUN type for all multi-paths are consistent.
Rekeying LUNs for RP deployments - remote site
To rekey a remote site LUN, you must first do an RP reverse direction. Complete the following steps
to reverse the local LUN and remote LUN RP functional roles:
1. Issue the RP reverse direction command to change the old local LUN to the new remote LUN
and old remote LUN to the new local LUN.
2. Disable the RP source/target LUN consistency group
3. Issue the cryptocfg
--manual_rekey -include_mirror <new local LUN container> < new local
LUN ID> <initiator PWWN> command on the new local LUN (old remote LUN).
NOTE
This CLI command will fail with an error if the -include_mirror option is not provided with the
manual_rekey request
4. After the rekey is completed, disable the new remote target ports.
5. Enable the RP source/target LUN consistency group and wait for the RP pair to be fully
synchronized.