Cryptotarget container configuration – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 180
160
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
CryptoTarget container configuration
3
FabricAdmin:switch> zonecreate itzone, "10:00:00:00:c9:2b:c9:3a; \
20:0c:00:06:2b:0f:72:6d"
8. Create a zone configuration that includes the zone you created in step 4. Enter the cfgcreate
command followed by a configuration name and the zone member name.
FabricAdmin:switch> cfgcreate itcfg, itzone
9. Enable the zone configuration.
FabricAdmin:switch> cfgenable itcfg
You are about to enable a new zoning configuration.
This action will replace the old zoning configuration with the
current configuration selected.
Do you want to enable 'itcfg' configuration (yes, y, no, n): [no] y
zone config"itcfg" is in effect
Updating flash ...
CryptoTarget container configuration
A CryptoTarget container is a configuration of virtual devices created for each target port hosted on
a Brocade Encryption Switch or FS8-18 blade. The container holds the configuration information
for a single target, including associated hosts and LUN settings. A CryptoTarget container
interfaces between the encryption engine, the external storage devices (targets), and the initiators
(hosts) that can access the storage devices through the target ports. Virtual devices redirect the
traffic between host and target/LUN to encryption engines so they can perform cryptographic
operations.
Although an encryption engine can host more than one container for each target, it is not
recommended.
•
Virtual targets: Any given physical target port is hosted on one encryption switch or blade. If the
target LUN is accessible from multiple target ports, each target port is hosted on a separate
encryption switch or blade. There is a one-to-one mapping between virtual target and physical
target to the fabric whose LUNs are being enabled for cryptographic operations.
•
Virtual initiators: For each physical host configured to access a given physical target LUN, a
virtual initiator (VI) is generated on the encryption switch or blade that hosts the target port. If
a physical host has access to multiple targets hosted on different encryption switches or
blades, you must configure one virtual initiator on each encryption switch or blade that is
hosting one of the targets. The mapping between physical host and virtual initiator in a fabric is
one-to-n, where n is the number of encryption switches or blades that are hosting targets.