Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

121

122

123

124

125

126

127

128

129

130

Encryption Administrator’s Guide 103

53-1001341-02

CryptoTarget container configuration

Gathering information

Before you begin, have the following information ready:

• The switch WWNs of all nodes in the encryption group. Use the cryptocfg --show

-groupmember -all command to gather this information.

• The port WWNs of the targets whose LUNs are being enabled for data-at-rest encryption.

• The port WWNs of the hosts (initiators) which should gain access to the LUNs hosted on the

targets.

Any given target may have multiple ports through which a given LUN is accessible and the ports are

connected to different fabrics for redundancy purposes. Any given target port through which the

LUNs are accessible must be hosted on only one Encryption switch (or pair in case of HA

deployment). Another such target port should be hosted on a different encryption switch either in

the same fabric or in a different fabric based on host MPIO configuration.

A given host port through which the LUNs are accessible is hosted on the same encryption switch

on which the target port (CryptoTarget container) of the LUNs is hosted.

NOTE

It is recommended you complete the encryption group and HA cluster configuration before

configuring the CryptoTarget containers.

Frame redirection

Name Server-based frame redirection enables the Brocade encryption switch or blade to be

deployed transparently to hosts and Targets in the fabric.

NS-based frame redirection is enabled as follows:

• You first create a zone that includes host (H) and target (T). This may cause temporary traffic

disruption to the host.

• You then create a CryptoTarget container for the target and configure the container to allow

access to the initiator.

• When you commit the transaction, a special zone called a “redirection zone” is generated

automatically. The redirection zone includes the host (H), the virtual target (VT), the virtual

initiator (VI), and the target (T).

• When configuring multi-path LUNs do not commit the CryptoTarget container configuration

before you have performed the following steps in sequence to prevent data corruption. Refer to

the section “Configuring a multi-path Crypto LUN” on page 117 for more information.

• Complete all zoning for ALL hosts that should gain access to the targets.

• Complete the CryptoTarget container configuration for ALL target ports in sequence,

including adding the hosts that should gain access to these targets.

Host-target zoning must precede any CryptoTarget configuration.

NOTE

To enable frame redirection, the host and target edge switches must run Fabric OS v6.1.1 and

Fabric OS v5.3.1.b or later firmware to ensure host and target connectivity with legacy platforms. In

McDATA fabrics, the hosts and the switches hosting the targets require firmware versions M-EOSc

9.8 and M-EOSn 9.8. Only the M6140, M4700F, McDATA 4400, and the Brocade Intrepid 10000

support frame redirection. Refer to Appendix E, Table 25 on page 201 for more information.