Lun policy troubleshooting – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 299

Advertising
background image

Fabric OS Encryption Administrator’s Guide (DPM)

279

53-1002922-01

LUN policy troubleshooting

6

LUN policy troubleshooting

Table 14

may be used as an aid in troubleshooting problems related to LUN policies.

TABLE 14

LUN policy troubleshooting

Case

Reasons for the LUN getting disabled by
the encryption switch

Action taken

If you do not need to save the data:

If you need to save the data:

1

The LUN was modified from encrypt
policy to cleartext policy but metadata
exists.

LUN is disabled.
Reason code:
Metadata exists
but the LUN
policy is cleartext.

Issue the cryptocfg --enable
-

LUN command on one path of the

LUN. This erases the metadata on
the LUN and the LUN is then
enabled with cleartext policy. Issue
the cryptocfg --discoverLUN
command on other paths of the
LUN in the DEK cluster to enable
the LUN.

Modify the LUN back to encrypt
policy.

2

The LUN was set up with an encrypt
policy and the LUN was encrypted
(metadata is present on the LUN), but
the DEK for the key ID present in the
metadata does not exist in the key
vault.

LUN is disabled.
Reason code:
Metadata exists
but the DEK for
the key ID from
the metadata
does not exist.

Modify the LUN policy to cleartext.
The subsequent handling is same
as in case 1.

Make sure the key vault has the
DEK and when the DEK gets
restored to the key vault, perform
one of the following tasks on one
of the paths of the LUN to enable
the LUN:

Issue the cryptocfg
--

discoverLUN command

Remove the LUN from the
container and then add it
back

Bounce the target port

Then issue the cryptocfg
--

discoverLUN command on

other paths of the LUN in the
DEK cluster.

3

The LUN was set up with an encrypt
policy and the LUN was encrypted
(metadata is present on the LUN), but
the current state of the LUN is
cleartext instead of encrypted.

LUN is disabled.
Reason code:
Metadata exists,
but the LUN
policy is indicated
as cleartext.

Modify the LUN policy to cleartext.
The subsequent handling is the
same as in case 1.

Remove the LUN from the
container and then add the LUN
back with the LUN state as
encrypted, or issue the cryptocfg
--

enable -LUN command on

one of the paths of the LUN
which will enable the LUN by
using the appropriate key. Then
issue the cryptocfg
--

discoverLUN command on

other paths of the LUN in the
DEK cluster to enable the LUN.

Advertising
Popular Brands
Popular manuals