Initiating a manual rekey session – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 228
208
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Data rekeying
3
Initiating a manual rekey session
You can initiate a rekeying session manually at your own convenience. All encryption engines in a
given HA cluster, DEK cluster, or encryption group must be online for this operation to succeed. The
manual rekeying feature is useful when the key is compromised and you want to re-encrypt existing
data on the LUN before taking action on the compromised key.
CAUTION
Do not commit this operation if there are any changes pending for the container in which the
rekey was started. If you attempt to do this, the system displays a warning stating that the
encryption engine is busy and a forced commit is required for the changes to take effect. A forced
commit in this situation will halt any rekey that is in-progress (in any container) and corrupt any
LUN that is running rekey at the time. There is no recovery for this type of failure.
1. Log in to the group leader as Admin or FabricAdmin.
2. Do LUN discovery by issuing the cryptocfg
--
discoverLUN command (before issuing the
cryptocfg
--
manual_rekey command) to avoid a potential I/O timeout because of a path state
change at the host.
3. Ensure that all encryption engines in the HA cluster, DEK cluster, or encryption group are online
by issuing the cryptocfg
--
show
-
groupmember
-
all command.
4. Enter the cryptocfg
--
manual_rekey command. Specify the CryptoTarget container name, the
LUN number and the initiator PWWN.
FabricAdmin:switch> cryptocfg --manual_rekey my_disk_tgt 0x0\
10:00:00:05:1e:53:37:99
Operation Succeeded
Please check the status of the operation using "cryptocfg --show -rekey"
5. Check the status of the rekeying session.
FabricAdmin:switch> cryptocfg --show -rekey -all
Number of rekey session(s): 1
Container name: cx320-157A
EE node: 10:00:00:05:1e:40:4c:00
EE slot: 9
Target: 50:06:01:60:30:20:db:34 50:06:01:60:b0:20:db:34
Target PID: 022900
VT: 20:00:00:05:1e:53:8d:cd 20:01:00:05:1e:53:8d:cd
VT PID: 06c001
Host: 10:00:00:00:c9:56:e4:7b 20:00:00:00:c9:56:e4:7b
Host PID: 066000
VI: 20:02:00:05:1e:53:8d:cd 20:03:00:05:1e:53:8d:cd
VI PID: 06c201
LUN number: 0x1
LUN serial number:
600601603FE2120014FC89130295DF1100010000000000000008000000000000
Rekey session number: 0
Percentage complete: 23
Rekey state: Write Phase
Rekey role: Primary/Active
Block size: 512
Number of blocks: 2097152