Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
919293949596979899100
Encryption Administrator’s Guide 81
53-1001341-02
Chapter
3
Encryption configuration using the CLI
In this chapter
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Command validation checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Command RBAC permissions and AD types . . . . . . . . . . . . . . . . . . . . . . . . . 83
Cryptocfg Help command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Setting default zoning to no access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Management port configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
I/O sync link configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Encryption switch initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Basic encryption group configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Key vault configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
High Availability (HA) cluster configuration . . . . . . . . . . . . . . . . . . . . . . . . . 100
CryptoTarget container configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Crypto LUN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Configuring a multi-path Crypto LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Tape pool configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Data re-keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
First time encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Overview
This chapter explains how to use the command line interface (CLI) to configure a Brocade
Encryption Switch, or an FS8-18 Encryption blade in a DCX or DCX-4S to perform data encryption.
This chapter assumes that the basic setup and configuration of the Brocade Encryption Switch,
DCX, or DCX-4S has been done as part of the initial hardware installation, including setting the
management port IP address.
For command syntax and description of parameters, refer to the Fabric OS Command Reference
Manual, v6.3.0.
NOTE
The configuration tasks described in this chapter build and depend on each other and should be
performed in sequence to avoid unnecessary errors.