Decommissioning luns – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 195
Fabric OS Encryption Administrator’s Guide (DPM)
175
53-1002922-01
Decommissioning LUNs
3
Decommissioning LUNs
A disk device needs to be decommissioned when any of the following occur:
•
The storage lease expires for an array, and devices must be returned or exchanged.
•
Storage is reprovisioned for movement between departments.
•
An array or device is removed from service.
In all cases, all data on the disk media must be rendered inaccessible. Device decommissioning
deletes all information that could be used to recover the data, for example, information related to
master key IDs and cache files.
After device decommissioning is performed, the following actions occur:
•
Metadata on the LUN is erased and the reference is removed from cache on the Brocade
Encryption Switch.
•
The LUN state is shown as decommissioned in the key vault.
•
The LUN is removed from the container.
NOTE
The key IDs that were used for encrypting the data are returned.
When a device decommission operation fails on the encryption group leader for any reason, the
crypto configuration remains uncommitted until a user-initiated commit or a subsequent device
decommission operation issued on the encryption group leader completes successfully. Device
decommission operations should always be issued from a committed configuration. If not, the
operation will fail with the error message An outstanding transaction is pending in Switch/EG. IF
this happens, you can resolve the problems by committing the configuration from the encryption
group leader.
Provided that the crypto configuration is not left uncommitted because of any crypto configuration
changes or a failed device decommission operation issued on a encryption group leader node, this
error message will not be seen for any device decommission operation issued serially on an
encryption group member node. If more than one device decommission operation is tried in an
encryption group from member nodes simultaneously, then this error message is transient and will
go away after device decommission operation is complete. If the device decommissioning
operation fails, retry the operation after some time has passed.
If a LUN is removed when undergoing decommission or is in a decommission failed state, or if a
container hosting the LUN is deleted, you must use the
-
force option on the commit operation
(cryptocfg
--
commit
-
force). Failure to do so causes the commit operation to fail and a
decommission in progress error displays.
Upon a successful completion of a decommissioning operation, the LUN is deleted from all
containers hosting it, and all active paths to the LUNs are lost.
NOTE
In a mixed encryption group consisting of nodes running Fabric OS 7.0.0 and an earlier Fabric OS
version (for example, Fabric OS 6.4.2), the decommission operation will complete successfully and
the LUNs will be removed from the hosted containers; however, the list of decommissioned key IDs
might not be displayed correctly from all nodes in the encryption group. To resolve this, ensure that
the Fabric OS version running on all nodes in an encryption group is the same version. Otherwise
some of the crypto commands might not work as expected.