Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
182 Encryption Administrator’s Guide
53-1001201-04
Multiple paths, DEK cluster, no HA cluster
4
Use the following procedure to set up encryption for the LUNs on the Target from these four paths
using two encryption switches and two host ports:
1. Disable all four target ports.
2. Configure Encryption Switch 1 and Encryption Switch 2 to form Encryption Group
3. Enable the Target Port1 and Target Port3 only.
4. On Encryption Switch 1, configure CTC1 (crypto target container) for target port1. Add Host
Port1 to the CTC1.
5. On Encryption Switch 2, configure CTC3 for target port3. Add Host Port 2 to CTC3.
6. Add the LUNs for CTC1 and CTC3 for Target Port 1 and Target Port 3 with current LUN
state=clear-text and Policy=Encrypt.
7. Enable the first time encryption option (refer to “Configuring a LUN for first time encryption” on
page 165).
8. Commit the operation.
The first time encryption operation will start on active path (CTC1 or CTC3). In case Path 1
(Target Port1 -CTC1) fails, first time encryption can failover to Path3 (Target Port3-CTC3) in the
DEK Cluster.
9. Configure CTC2 for Target Port2 on Encryption Switch 1. Add Host Port1 to CTC2.
10. Configure CTC4 for Target Port4 on Encryption Switch 2. Add Host Port2 to CTC4.
11. Add the LUNs for CTC2 and CTC4 for Target Port2 and Target Port4 with current LUN
state="encrypted" and policy="Encrypt". The First Time Encryption option should not be
enabled as LUN is already encrypted from Paths 1 or 3.
12. Commit the operation.
13. After first time encryption finishes for all LUNs, enable Target Port2 and Target Port4.
When the LUN needs to rekeyed using Manual Rekey, again the one of the target port in each
fabric should be disabled as described in “First time encryption” on page 165. Please note that
only Manual Rekey must be used in the above configuration and LUN must not be configured for
Auto Rekey.