Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 184

Advertising
background image

164

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

CryptoTarget container configuration

3

10:00:00:00:c9:2b:c9:3a;

20:0c:00:06:2b:0f:72:6d;

20:02:00:05:1e:41:4e:1d;

20:00:00:05:1e:41:4e:1d

zone: red_______base

00:00:00:00:00:00:00:01;

00:00:00:00:00:00:00:02;

00:00:00:00:00:00:00:03;

00:00:00:00:00:00:00:04

Effective configuration:

cfg: itcfg

zone: itzone 10:00:00:00:c9:2b:c9:3a

20:0c:00:06:2b:0f:72:6d

NOTE

You may view the frame redirection zone with the cfgshow command, but you cannot use the zone
for any other applications that use frame redirection. Do not perform any further operations with this
zone, such as deleting the zone or adding the zone to a different configuration. Such operations may
result in disruptive behavior, including data corruption on the LUN.

Removing an initiator from a CryptoTarget container

You may remove one or more initiators from a given CryptoTarget container. This operation
removes the initiators’ access to the target port.

If the initiator has access to multiple targets and you wish to remove access to all targets, follow the
procedure described to remove the initiator from every CryptoTarget container that is configured
with this initiator.

NOTE

Stop all traffic between the initiator you intend to remove and its respective target ports. Failure to
do so results in I/O failure between the initiator and the target port.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

remove

-

initiator command. Specify the CryptoTarget container name

followed by one or more initiator port WWNs. The following example removes one initiator from
the CryptoTarget container “my_disk_tgt”.

FabricAdmin:switch> cryptocfg --rem -initiator my_disk_tgt

10:00:00:00:c9:2b:c9:3a

Operation Succeeded

3. Commit the transaction.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a multi-path LUN, you must remove all initiators from all CryptoTarget
containers in sequence before committing the transaction. Failure to do so may result in a
potentially catastrophic situation where one path ends up being exposed through the encryption
switch and another path has direct access to the device from a host outside the protected realm
of the encryption platform. Refer to the section

“Configuring a multi-path Crypto LUN”

on

page 198 for more information.

Advertising
Popular Brands
Popular manuals