Configuring luns for srdf/tf or rp deployments – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 204

Advertising
background image

184

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Configuring LUNs for SRDF/TF or RP deployments

3

SecurityAdmin:switch> cryptocfg --recovermasterkey currentMK -keyid <key ID of

master key from R1's EG>

Recovery of the master key at the remote site needs to be accomplished before adding
replicated LUNs to the encryption group configuration at the remote/target site.

Configuring LUNs for SRDF/TF or RP deployments

There are two possible LUN configuration scenarios LUNs to consider in SRDF/TF or RP
deployments:

Creating new source LUNs that can later be replicated.

Migrating data from existing encrypted or cleartext source LUNs to LUNs that can be replicated.

For each of these scenarios, the following rules and notes apply:

It is assumed that CryptoTarget containers (CTCs) have been created for all target ports at the
local site (and at the remote site if one exists) and that the appropriate initiators have been
added to each.

SRDF R1 and R2 LUNs must be the same size.

TimeFinder (TF) source and target devices (LUNs) must be the same size.

RecoverPoint (RP) source and target devices (LUNs) must be the same size.

When changing encryption policies for the source LUN, the same policies must be applied to
the target LUN.

Once the LUN is added to the container using the

-

newLUN option, it must not be resized.

Auto/Key expiry rekey is not allowed for SRDF/TF/RP LUNs. Therefore the

-

newLUN option is

not compatible with the

-

enable_rekey option.

Steps for dealing with these scenarios are described in the following sections devoted to using
SRDF, TimeFinder (TF) and RecoverPoint (RP) with the Brocade encryption solution.

Creating new source LUNs that can later be replicated

Use the following command to create a new source LUN capable of later replication. This command
must be completed once for every path/container that has access to the source LUN:

1. Log in as Admin or FabricAdmin.

2. Create the new source LUN with the

-

newLUN option and

-

encrypt policy

FabricAdmin:switch> cryptocfg --add -LUN <source_container> <new LUN num>

<initiator PWWN & NWWN> -newLUN -lunstate cleartext -encrypt

NOTE

This command assumes there is no valid user data on the LUN. Therefore, this command will
have the effect of destroying any existing user data on the LUN.

3. Commit the configuration

FabricAdmin:switch> cryptocfg --commit

Advertising
Popular Brands
Popular manuals