Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

151

152

153

154

155

156

157

158

159

160

136 Encryption Administrator’s Guide

53-1001201-04

CryptoTarget container configuration

• The failed EE2 has come back online, Failover is still active:

SecurityAdmin:switch>cryptocfg --show -hacluster -all

Encryption Group Name: brocade

Number of HA Clusters: 1

HA cluster name: HAC3 - 2 EE entries

Status: Committed

WWN Slot Number Status

EE1 => 10:00:00:05:1e:53:89:dd 0 Online - Failover active

EE2 => 10:00:00:05:1e:53:fc:8a 0 Online

• A manual failback is issued.

SecurityAdmin:switch>cryptocfg --failback -EE 10:00:00:05:1e:53:89:dd 0 \

10:00:00:05:1e:53:fc:8a 0

Operation succeeded.

• After the failback completes, the -cryptocfg --show -hacluster -all command no longer reports

active failover.

SecurityAdmin:switch>cryptocfg --show -hacluster -all

Encryption Group Name: brocade_1

Number of HA Clusters: 1

HA cluster name: HAC3 - 2 EE entries

Status: Committed

WWN Slot Number Status

EE1 => 10:00:00:05:1e:53:89:dd 0 Online

EE2 => 10:00:00:05:1e:53:fc:8a 0 Online

CryptoTarget container configuration

A CryptoTarget container is a configuration of “virtual devices” that is created for each target port

hosted on a Brocade Encryption Switch or FS8-18 blade. The container holds the configuration

information for a single target, including associated hosts and LUN settings. A CryptoTarget

container interfaces between the encryption engine, the external storage devices (targets), and the

initiators (hosts) that can access the storage devices through the target ports. Virtual devices

redirect the traffic between host and target/LUN to encryption engines so they can perform

cryptographic operations.

Virtual targets: Any given physical target port is hosted on one encryption switch or blade. If the

target LUN is accessible from multiple target ports, each target port is hosted on a separate

encryption switch or blade. There is a one-to-one mapping between virtual target and physical

target to the fabric whose LUNs are being enabled for cryptographic operations.

Virtual initiators: For each physical host configured to access a given physical target LUN, a virtual

initiator (VI) is generated on the encryption switch or blade that hosts the target port. If a physical

host has access to multiple targets hosted on different encryption switches or blades, you must

configure one virtual initiator on each encryption switch or blade that is hosting one of the targets.

The mapping between physical host and virtual initiator in a fabric is one-to-n, where n is the

number of encryption switches or blades that are hosting targets.