Gathering information, Creating a cryptotarget container – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 196

Advertising
background image

178

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

CryptoTarget container configuration

3

When removing an existing disk or tape target container.

After failover to a backup encryption engine in an HA cluster.

After an failed encryption engine in an HA cluster is recovered, and failback processing has
taken place.

To rebalance an encryption engine, do the following.

1. Log in to the switch as Admin or FabricAdmin.

2. Issue the cryptocfg

--

show

-

localEE command.

3. Look for Rebalance recommended under EE Attributes in the output.

4. If rebalancing is recommended, issue the cryptocfg

--

rebalance command.

Gathering information

Before you begin, have the following information ready:

The switch WWNs of all nodes in the encryption group. Use the cryptocfg

--

show

-

groupmember

-

all command to gather this information.

The port WWNs of the targets whose LUNs are being enabled for data-at-rest encryption.

The port WWNs of the hosts (initiators) which should gain access to the LUNs hosted on the
targets.

Any given target may have multiple ports through which a given LUN is accessible and the ports are
connected to different fabrics for redundancy purposes. Any given target port through which the
LUNs are accessible must be hosted on only one Brocade Encryption Switch (or pair in case of HA
deployment). Another such target port should be hosted on a different encryption switch either in
the same fabric or in a different fabric based on host MPIO configuration.

A given host port through which the LUNs are accessible is hosted on the same Brocade Encryption
Switch on which the target port (CryptoTarget container) of the LUNs is hosted.

NOTE

It is recommended you complete the encryption group and HA cluster configuration before
configuring the CryptoTarget containers.

Creating a CryptoTarget container

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

create

-

container command. Specify the type of container, (disk or

tape), followed by a name for the CryptoTarget container, the encryption engine’s node WWN,
and the target’s Port WWN and node WWN. Provide a slot number if the encryption engine is a
blade.

The CryptoTarget container name can be up to 31 characters in length and may include
any alphanumeric characters, hyphens, and underscore characters.

You may add initiators at this point or after you create the container.

The following example creates a disk container named my_disk_tgt1. The initiator is added in
step 3.

Advertising
Popular Brands
Popular manuals