Cryptotarget container configuration – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

176

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

CryptoTarget container configuration

3

7. Create a zone that includes the initiator and a LUN target. Enter the zonecreate command

followed by a zone name, the initiator PWWN and the target PWWN.

FabricAdmin:switch> zonecreate itzone, "10:00:00:00:c9:2b:c9:3a; \
20:0c:00:06:2b:0f:72:6d"

8. Create a zone configuration that includes the zone you created in step 4. Enter the cfgcreate

command followed by a configuration name and the zone member name.

FabricAdmin:switch> cfgcreate itcfg, itzone

9. Enable the zone configuration.

FabricAdmin:switch> cfgenable itcfg
You are about to enable a new zoning configuration.
This action will replace the old zoning configuration with the
current configuration selected.
Do you want to enable 'itcfg' configuration (yes, y, no, n): [no] y
zone config"itcfg" is in effect
Updating flash ...

CryptoTarget container configuration

A CryptoTarget container is a configuration of virtual devices created for each target port hosted on
a Brocade Encryption Switch or FS8-18 blade. The container holds the configuration information
for a single target, including associated hosts and LUN settings. A CryptoTarget container interfaces
between the encryption engine, the external storage devices (targets), and the initiators (hosts)
that can access the storage devices through the target ports. Virtual devices redirect the traffic
between host and target/LUN to encryption engines so they can perform cryptographic operations.

Although an encryption engine can host more than one container for each target, it is not
recommended.

Virtual targets: Any given physical target port is hosted on one encryption switch or blade. If the
target LUN is accessible from multiple target ports, each target port is hosted on a separate
encryption switch or blade. There is a one-to-one mapping between virtual target and physical
target to the fabric whose LUNs are being enabled for cryptographic operations.

Virtual initiators: For each physical host configured to access a given physical target LUN, a virtual
initiator (VI) is generated on the encryption switch or blade that hosts the target port. If a physical
host has access to multiple targets hosted on different encryption switches or blades, you must
configure one virtual initiator on each encryption switch or blade that is hosting one of the targets.
The mapping between physical host and virtual initiator in a fabric is one-to-n, where n is the
number of encryption switches or blades that are hosting targets.