Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
121122123124125126127128129130
112 Encryption Administrator’s Guide
53-1001341-02
Crypto LUN configuration
3
FabricAdmin:switch>cryptocfg --remove -LUN my_disk_tgt 0x0
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
3. Commit the configuration with the -force option to completely remove the LUN and all
associated configuration data in the configuration database. The data remains on the
removed LUN in an encrypted state.
FabricAdmin:switch>cryptocfg --commit -force
Operation Succeeded
CAUTION
In case of multiple paths for a LUN, each path is exposed as a CryptoTarget container in the
same encryption switch or blade or on different encryption switches or blades within the
encryption group. In this scenario you must remove the LUNs from all exposed CryptoTarget
containers before you commit the transaction. Failure to do so may result in a potentially
catastrophic situation where one path ends up being exposed through the encryption switch and
another path has direct access to the device from a host outside the protected realm of the
encryption platform. Refer to the section “Configuring a multi-path Crypto LUN” on page 117 for
more information.
Crypto LUN parameters and policies
Table 8 shows the encryption parameters and policies that can be specified for a disk or tape LUN,
during LUN configuration (with the cryptocfg
--add LUN command). Some policies are applicable
only to disk LUNs, and some policies are applicable only to tape LUNs. It is recommended that you
plan to configure all the LUN state and encryption policies with the cryptocfg
--add LUN
command. You can use the cryptocfg
--modify -LUN command to change some of the settings, but
not all options are modifiable.
NOTE
LUN policies are configured at the LUN-level but apply to the entire HA or DEK cluster. For multi-path
LUNs exposed through multiple target ports and thus configured on multiple Crypto Target
containers on different encryption engines in an HA cluster or DEK cluster, the same LUN policies
must be configured. Failure to do so results in unexpected behavior and may lead to data corruption.
The tape policies specified at the LUN configuration level take effect if you do not create tape pools
or configure policies at the tape pool level.