Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

121

122

123

124

125

126

127

128

129

130

Encryption Administrator’s Guide 111

53-1001341-02

Crypto LUN configuration

Log into the group leader as Admin or FabricAdmin.

3. Enter the cryptocfg

--add -LUN command followed by the CryptoTarget container Name, the

LUN number or a range of LUN numbers, the PWWN and NWWN of the initiators that should be

able to access the LUN. If you are using Datafort encryption format, you can use the

-encryption_format option to set the format to DF_compatible (the default is Native). The

following example adds a disk LUN enabled for encryption.

FabricAdmin:switch>cryptocfg --add -LUN my_disk_tgt 0x0 \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt

Operation Succeeded

4. Commit the configuration.

FabricAdmin:switch>cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a LUN with multiple paths, do not commit the configuration before you have

added all the LUNs with identical policy settings and in sequence to each of the Crypto Target

containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.

Refer to the section “Configuring a multi-path Crypto LUN” on page 117.

5. Display the LUN configuration. The following example shows default values.

FabricAdmin:switch>cryptocfg --show -LUN my_disk_tgt0 \

10:00:00:00:c9:2b:c9:3a -cfg

EE node: 10:00:00:05:1e:41:9a:7e

EE slot: 0

Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d

Number of host(s): 1

Configuration status: committed

Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

VI: 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d

LUN number: 0x0

LUN type: disk

LUN status: 0

Encryption mode: encrypt

Encryption format: native

Encrypt existing data: enabled

Rekey: disabled

Key ID: not available

Operation Succeeded

Removing a LUN from a CryptoTarget container

You can remove a LUN from a given CryptoTarget container if it is no longer needed. Stop all traffic

I/O from the initiators accessing the LUN before removing the LUN to avoid I/O failure between the

initiators and the LUN. If the LUN is exposed to more than one initiator under different LUN

Numbers, remove all exposed LUN Numbers.

1. Log into the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--remove -LUN command followed by the CryptoTarget container name,

the LUN Number, and the initiator PWWN.