Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

161

162

163

164

165

166

167

168

169

170

148 Encryption Administrator’s Guide

53-1001201-04

Crypto LUN configuration

Encryption

format

Disk LUN: yes

Tape LUN: yes

Modify? Yes

-encryption_format native |

DF_compatible

Sets the encryption format. Valid values are:

• Native - The LUN is encrypted or decrypted using the Brocade

encryption format (metadata format and algorithm). This is

the default setting.

• DF_compatible - The LUN is encrypted or decrypted using the

NetApp DataFort encryption format (metadata format and

algorithm). Use of this format requires a NetApp

DataFort-compatible license.

NOTE: On tapes written in DataFort format, the encryption switch

or blade cannot read and decrypt files with a block size of

one MB or greater.

Encryption

policy

Disk LUN: yes

Tape LUN: Yes

Modify? Yes

-encrypt | -cleartext Enables or disables a LUN for encryption. Valid values are:

• cleartext - Encryption is disabled. This is the default setting.

When the LUN policy is set to cleartext the following policy

parameters are invalid and generate errors when executed:

-enable_encexistingdata -enable_rekey, and -key_lifespan.

When a LUN is added in DataFort- compatible encryption

format, cleartext is not a valid policy option.

• encrypt - The LUN is enabled to perform encryption.

Existing data

encryption

Disk LUN: yes

Tape LUN: No

Modify? Yes

-enable_encexistingdata |

-disable_encexistingdata

Specifies whether or not existing data on the LUN should be

encrypted. By default, encryption of existing data is disabled.

Encryption policy must be set to -enable_encexistingdata, and the

LUN state must be set to cleartext (default). If the encryption policy

is cleartext, the existing data on the LUN will be overwritten.

Re-key policy

Disk LUN: yes

Tape LUN: No

Modify? Yes

-enable_rekey time_period

<days>| -disable_rekey

Enables or disables the auto re-keying feature on a specified disk

LUN. This policy is not valid for tape LUNs. By Default, the

automatic re-key feature is disabled. Enabling automatic re-keying

is valid only if the LUN policy is set to -encrypt. You must specify a

time period in days when enabling Auto Re-keying to indicate the

interval at which automatic re-keying should take place.

Key lifespan

Disk LUN: No

Tape LUN: Yes

Modify? Disks

only. Tape: No

-key_lifespan time_in_days

| none

Specifies the life span of the encryption key in days. The key will

expire after the specified number of days. Accepted values are

integers from 1 to 2982616. The default value is none, which

means the key does not expire. On tape LUNs, the key life span

cannot be modified after it is set.

TABLE 9 LUN parameters and policies (Continued)

Policy name Command parameters Description