Modifying crypto lun parameters – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 193

Advertising
background image

Fabric OS Encryption Administrator’s Guide (DPM)

173

53-1002922-01

Crypto LUN configuration

3

CAUTION

In case of multiple paths for a LUN, each path is exposed as a CryptoTarget container in the same
encryption switch or blade or on different encryption switches or blades within the encryption
group. In this scenario you must remove the LUNs from all exposed CryptoTarget containers
before you commit the transaction. Failure to do so may result in a potentially catastrophic
situation where one path ends up being exposed through the encryption switch and another path
has direct access to the device from a host outside the protected realm of the encryption
platform. Refer to the section

“Configuring a multi-path Crypto LUN”

on page 198 for more

information.

Modifying Crypto LUN parameters

You can modify one or more policies of an existing Crypto LUN with the cryptocfg

--

modify

-

LUN

command.

A maximum of 25 disk LUNs can be added or modified in a single commit operation through the
CLI. Attempts to commit configurations or modifications that exceed the maximum commit allowed
will fail with a warning. There is a five second delay before the commit operation takes effect.

Make sure the LUNs in previously committed LUN configurations and LUN modifications have a
LUN state of Encryption Enabled before creating and committing another batch of LUN
configurations or modifications.

The following example disables automatic rekeying operations on the disk LUN “my_disk_tgt.”

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

modify

-

LUN command followed by the CryptoTarget container name,

the LUN Number, the initiator PWWN, and the parameter you want to modify.

FabricAdmin:switch> cryptocfg --modify -LUN my_disk_tgt 0x0

10:00:00:00:c9:2b:c9:3a -disable_rekey

Operation Succeeded

3. Commit the configuration.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a LUN with multiple paths, do not commit the configuration before you have
modified all the LUNs with identical policy settings and in sequence for each of the CryptoTarget
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section

“Configuring a multi-path Crypto LUN”

on page 198.

Advertising
Popular Brands
Popular manuals