Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
180 Encryption Administrator’s Guide
53-1001201-04
Multiple paths, one DEK cluster, and two HA clusters
4
The configuration details shown in Figure 77 are as follows:
• There are two fabrics.
• There are four paths to the target device, two paths in each fabric.
• There are two host ports, one in each fabric.
• Host port 1 is zoned to target port 1 and target port 2 in fabric 1.
• Host port 2 is zoned to target port 3and target port 4 in fabric 2.
• There are four Brocade encryption switches organized in HA clusters.
• HA cluster 1 is in fabric 1, and HA cluster 2 is in fabric 2.
• There is one DEK cluster, and one encryption group.
Use the following procedure to set up encryption for the LUNs on the target device shown in
Figure 77 on the four paths using four encryption switches and two host ports.
1. Disable all four target ports.
2. Configure Encryption Switch 1 and Encryption Switch 2 in HA Cluster1 in fabric 1.
3. Similarly configure Encryption Switch 3 and Encryption Switch 4 in HA Cluster2 in fabric 2.
4. Enable the Target Port1 and Target Port3 only.
5. On Encryption Switch 1, configure CTC1 (crypto target container) for target port1. Add Host
Port1 to the CTC1.
6. On Encryption Switch 3, configure CTC3 for target port3. Add Host Port 2 to CTC3.
7. Add the LUNs for CTC1 and CTC3 for Target Port 1 and Target Port 3 with current LUN
state=clear-text and Policy=Encrypt.
8. Enable the first time encryption option (refer to “Configuring a LUN for first time encryption” on
page 165).
9. Commit the operation.
The first time encryption operation will start on active path (CTC1 or CTC3). In case Path 1
(Target Port1 -CTC1) fails, first time encryption can failover to Path3 (Target Port3-CTC3) in the
DEK Cluster.
10. Configure CTC2 for Target Port2 on Encryption Switch 2. Add Host Port1 to CTC2.
11. Configure CTC4 for Target Port4 on Encryption Switch 4. Add Host Port2 to CTC4.
12. Add the LUNs for CTC2 and CTC4 for Target Port2 and Target Port4 with current LUN
state=encrypted and policy=Encrypt. The first time encryption option should not be enabled as
LUN is already encrypted from Paths 1 or 3.
13. Commit the operation.
After the above steps, Encryption Switch 1 and Encryption Switch 2 are in HA Cluster 1 with
CTC1 on Encryption Switch 1 and CTC2 on Encryption Switch 2 and each BES acting as
standby for other BES. Similarly the case for Encryption Switch 3 and Encryption Switch 4 in HA
Cluster 2 with CTC3 on Encryption Switch 3 and CTC4 on Encryption Switch 4.
14. After First Time Encryption finishes for all LUNs, enable Target Port2 and Target Port4.
When the LUN needs to rekeyed using Manual Rekey, again the one of the target port in each
fabric should be disabled as described in “First time encryption” on page 165. Please note that
only Manual Rekey must be used in the above configuration and LUN must not be configured for
Auto Rekey.