Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
158 Encryption Administrator’s Guide
53-1001201-04
Tape pool configuration
3
NetBackup labeling
NetBackup uses numbers to label tape pools. If you are using NetBackup as your application,
follow these steps to obtain the tape pool number.
1. Log into the NetBackup application Windows host.
2. Select Start > run, and type cmd in the dialog box.
3. Navigate to C:\Program Files\VERITAS\Volmgr\bin and enter the following command:
C:\Program Files\VERITAS\Volmgr\bin>vmpool -listall
===========================================================
pool number: 0
pool name: None
description: the None pool
pool host: ANYHOST
pool user: ANY
pool group: NONE
===========================================================
4. Note down the pool number. This is the number that you use as the tape pool number when
creating the tape pool on the encryption switch or blade.
NetWorker labeling
If you use NetWorker as your backup application, be aware of possible naming restrictions. For
example, NetWorker does not allow underscore characters in tape pool names. To ensure that you
can use the same tape pool name on your encryption platform and on your backup application,
create the tape pool on NetWorker first before creating the tape pool on your encryption switch.
Creating a tape pool
Take the following steps to create a tape pool:
1. Log into the group leader as FabricAdmin.
2. Create a tape pool by entering the cryptocfg
--create -tapepool command. Provide a label or
numeric ID for the tape pool and specify the encryption policies. For policies not specified at
this time, LUN-level settings apply.
• Set the tape pool policy to either encrypt or cleartext (default).
• Set the encryption format to DF_compatible or Brocade native (default)
NOTE
To encrypt tapes in DataFort-compatible encryption format (both metadata and encryption
algorithm), the DataFort-compatible encryption format needs to be set both at the
LUN-level (tape drive) and at the tape pool-level. This ensures that the latest version of
DataFort (v2.x/3.x or later) can read and decrypt these tapes.
• Optionally set an expiration date in days for the key (default is no expiration). If the
key_lifespan parameter is set at the tape pool level to other than none (default), the tape
value is used over any LUN-level settings. If the key_lifespan parameter is not set at the
tape level (default of none), LUN level settings apply.
The following example creates a tape pool named “my_tapepool” with encryption enabled and
a key lifespan of 90 days.