Rekeying luns for rp deployments - local site – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 211

Advertising
background image

Fabric OS Encryption Administrator’s Guide (DPM)

191

53-1002922-01

SRDF/TF/RP manual rekeying procedures

3

Rekeying LUNs for RP deployments - local site

Manual rekeying is supported for RP source LUNs. If it is required to rekey the remote LUN, RP role
reversal/swap is necessary as described in

“Rekeying LUNs for RP deployments - remote site”

.

1. Log in as Admin or FabricAdmin.

2. Disable the RP source/target LUN consistency group, ensuring that the data replication from

the source LUN to the destination LUN has been stopped.

NOTE

During all rekeying operations, data replication between the source and target LUN must be
stopped.

3. During the rekeying operation, if desired, you can enable the remote targets ports so the target

LUNs can be accessed by the remote hosts in read-only mode.

4. Issue a manual rekey request for the source LUN.

FabricAdmin:switch> cryptocfg --manual_rekey <source container> <source LUN

ID> <initiator PWWN>

5. Wait until the rekey operation on the source LUN has completed. If the source LUN has a

rekeying error of any type, the RP pair consistency group should not be enabled. The source
LUN rekey must complete successfully before the source/target pair consistency group gets
re-enabled. After confirming that the rekey has completed on the source LUN, complete the
following steps to re-establish the source to target LUN replication.

a. Remove target LUN access by disabling all remote site target ports with access to the

target LUN.

NOTE

In environments in which the target ports through which the target LUNs are accessible
cannot be taken offline because they are used to access other LUNs, before remote
access to the remote LUNs is established, the refreshDEK command must be issued for all
CTCs associated with the remote LUNs after the source LUNs have been rekeyed and
synchronized with their target LUNs.

b. Enable the source/target LUN consistency group so that the rekeyed data from the source

LUN is copied to target LUN.

c. Verify that the RP pair is fully synchronized state using the RP GUI.

d. Verify that the DEKs are synchronized between the local and remote DPMs. This can be

done manually for each LUN as follows:

1. Issue the command cryptocfg

--

show

-

vendorspecifickeyid key_ID for each

replicated LUN and capture the UUIDs (Universally Unique Identifier) returned

6. Search for this UUID on the remote DPMs to ensure its presence.

Advertising
Popular Brands
Popular manuals