Crypto lun configuration – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 186
166
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Crypto LUN configuration
3
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--
move
-
container command followed by the CryptoTarget container
name and the node WWN of the encryption engine to which you are moving the CryptoTarget
container. Provide a slot number if the encryption engine is a blade.
FabricAdmin:switch> cryptocfg --move -container my_disk_tgt \
10:00:00:05:1e:53:4c:91
Operation Succeeded
3. Commit the transaction.
FabricAdmin:switch> cryptocfg --commit
Operation Succeeded
Crypto LUN configuration
A Crypto LUN is the LUN of a target disk or tape storage device that is enabled for and capable of
data-at-rest encryption. Crypto LUN configuration is done on a per-LUN basis. You configure the
LUN for encryption by explicitly adding the LUN to the CryptoTarget container and turning on the
encryption property and policies on the LUN. Any LUN of a given target that is not enabled for
encryption must still be added to the CryptoTarget container with the cleartext policy option.
•
The general procedures described in this section apply to both disk and tape LUNs. The
specific configuration procedures differ with regard to encryption policy and parameter setting.
•
You configure the Crypto LUN on the group leader. You need the Admin or FabricAdmin role to
perform LUN configuration tasks.
•
With the introduction of Fabric OS 7.1.0, the maximum number of uncommitted configuration
changes per disk LUN (or maximum paths to a LUN) is 512 transactions. This change in
commit limit is applicable only when using BNA.The commit limit when using the CLI remains
unchanged at 25.
•
There is a maximum of eight tape LUNs per Initiator in a container. The maximum number of
uncommitted configuration changes per tape LUN remains unchanged at eight.
CAUTION
When configuring a LUN with multiple paths (which means the LUN is exposed and configured on
multiple CryptoTarget containers located on the same Encryption switch or blade, or on different
encryption switches or blades), the same LUN policies must be configured on all LUN paths.
Failure to configure all LUN paths with the same LUN policies results in data corruption. If you are
configuring multi-path LUNs as part of a HA cluster or DEK cluster or as a stand-alone LUN
accessed by multiple hosts, follow the instructions described in the section