Rekeying local site (r1) srdf luns – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 209

Advertising
background image

Fabric OS Encryption Administrator’s Guide (DPM)

189

53-1002922-01

SRDF/TF/RP manual rekeying procedures

3

NOTE

During all rekeying operations, data synchronization between the source and target LUN must
be stopped.

3. During the rekeying operation, if desired, you can enable the target ports so the target LUNs

can be accessed by the hosts in read-only mode.

4. Issue a manual rekey request for the source LUN.

FabricAdmin:switch> cryptocfg --manual_rekey <source container> <source LUN

ID> <initiator PWWN>

5. Wait until the rekey operation on the source LUN has completed. If the source LUN has a

rekeying error of any type, the TF source/target LUN pair should not be
established/synchronized. The source LUN rekey must complete successfully before the
source/target pair is re-established.

6. Remove target LUN access by using one of the following procedures:

Ensure that no hosts read or write information to the TF target LUNs, or

Make the target LUN not ready to the host by using the

-

not_ready option of TF

clone/snap when activating the target device.

7. Start TimeFinder pair synchronization so the rekeyed data from the source LUN is copied to

target LUN.

8. Verify that the TimeFinder pair is synchronized.

9. If you want to bring the target LUN online for host access, once the TimeFinder pair has been

synchronized, perform the following command on every path/container that has access to the
target device:

FabricAdmin:switch> cryptocfg --refreshDEK <target_container> <target LUN ID>

<initiator PWWN>

NOTE

The refreshDEK command forces the Brocade Encryption Switch to re-read the metadata on
the target LUN, and then updates the FPGA tables for the LUN if the DEK in the metadata has
changed. It is therefore imperative that this command be run after every rekeying operation
that is completed for TF target devices.

Rekeying local site (R1) SRDF LUNs

Manual rekeying is supported for SRDF R1 LUNs. If it is required to rekey the R2 LUN, SRDF role
reversal/swap is necessary. This procedure is covered in

“Rekeying remote site (R2) SRDF LUNs”

.

1. Log in as Admin or FabricAdmin.

2. Split the SRDF R1/R2 LUN pair ensuring that the data replication from the source R1 LUN to

the destination R2 LUN has been stopped.

NOTE

During all rekeying operations, data replication between the source and target LUN must be
stopped.

Advertising
Popular Brands
Popular manuals