Synchronizing source and target lun srdf/rp pairs – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

186

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Configuring LUNs for SRDF/TF or RP deployments

3

4. Copy the data from the old LUN to the new LUN using the EMC host-based EMC PPME

(PowerPath Migration Enabler) application. Information on PPME can be found on the EMC
Powerlink website:

http://powerlink.emc.com

5. If first-time encryption of this LUN is required, configure the LUN for encryption and enable

first-time encryption as follows:

FabricAdmin:switch> cryptocfg --modify -LUN <source_container> <new LUN num>

<initiator PWWN> -encrypt -enable_encexistingdata

NOTE

For multi-path LUNs, you must repeat this step for each path before committing the
configuration.

6. Commit the configuration.

Synchronizing source and target LUN SRDF/RP pairs

This section describes the proper procedure for establishing the local/remote LUN pair in a SRDF
or RP environment.

NOTE

The remote/target LUNs must be added to their CryptoTarget Containers (CTCs) only after the local
site LUNs' encryption setup has been completed.

1. If necessary, create the remote/R2 LUN at the remote site ensuring that it is identical in size to

the local/R1 site LUN. At this time, do not configure the remote LUN to be a part of any remote
site CTC.

2. Establish the local-to-remote LUN replication/synchronization and wait for the pair to become

fully synchronized.

NOTE

During the initial SRDF/RP replication (or while replicating/synchronizing after a rekey of the
source LUN), the remote/R2 LUNs must not be exposed for access to the remote site hosts.
Although the SRDF/RP behavior may make the remote/R2 LUN read-only or not-ready, it is
mandated that the target ports be physically taken offline. Once synchronized, if remote
access to the target LUN becomes necessary, the process of bringing the remote target ports
online will ensure the correct Data Encryption Key (DEK) is injected into every Encryption
Engine (EE) with a path to the remote LUN.

3. Verify the SRDF/RP pair is in a synchronized state using the EMC Solution Enabler or the RP

GUI, depending on which technology you are implementing.

4. Verify that the DEKs are synchronized between the local and remote DPMs. This can be done

manually for each LUN as follows:

a. Issue the command cryptocfg

--

show

-

vendorspecifickeyid key_ID for each replicated

LUN and capture the UUIDs (Universally Unique Identifier) returned.

b. Search for this UUID on the remote key vaults to ensure its presence.