Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

141

142

143

144

145

146

147

148

149

150

124 Encryption Administrator’s Guide

53-1001341-02

Tape pool configuration

Deleting a tape pool

This command does not issue a warning if the tape pool being deleted has tape media or volumes

that are currently accessed by the host. Be sure the tape media is not currently in use.

1. Log into the group leader as FabricAdmin.

2. Enter the cryptocfg

--delete -tapepool command followed by a tape pool label or number. Use

cryptocfg

--show -tapepool -all to display all configured tape pool names and numbers.

FabricAdmin:switch>cryptocfg --delete -tapepool -label my_tapepool

Operation succeeded.

3. Commit the transaction

FabricAdmin:switch>cryptocfg --commit

Operation succeeded.

Modifying a tape pool

1. Log into the group leader as FabricAdmin.

2. Enter the cryptocfg

--modify -tapepool command followed by a tape pool label or number.

Then specify a new policy, encryption format, or both. The following example changes the

encryption format from Brocade native to DF-compatible.

FabricAdmin:switch>cryptocfg --modify -tapepool -label my_tapepool

-encryption_format DF_compatible

Operation succeeded.

3. Commit the transaction.

FabricAdmin:switch>cryptocfg --commit

Operation succeeded.

Impact of tape LUN configuration changes

LUN-level policies apply when no policies are configured at the tape pool level. The following

restrictions apply when modifying tape LUN configuration parameters:

• If you change a tape LUN policy from encrypt to cleartext or from cleartext to encrypt, or if you

change the encryption format from Brocade native to DF-compatible while data is written to or

read from a tape backup device, the policy change is not enforced until the current process

completes and the tape is unmounted, rewound, or overwritten. This mechanism prevents the

mixing of cleartext data to cipher-text data on the tape.

• Make sure you understand the ramifications of changing the tape LUN encryption policy from

encrypt to cleartext or from cleartext to encrypt. Refer to “DF-compatibility support for tape

LUNs” on page 199 for information on the impact of policy changes when working in

DataFort-compatible encryption format.

• You cannot modify the key lifespan value. If you wish to modify the key lifespan, delete and

recreate the LUN with a different key lifespan value. Key lifespan values only apply to

native-mode pools. When in DF-compatible mode, every new media receives a unique key,

matching DataFort behavior.