Thin provisioning support, Viewing time left for auto rekey, Viewing time left for auto rekey 1 – Brocade Network Advisor SAN + IP User Manual v12.1.0 User Manual
Page 1075
Brocade Network Advisor SAN + IP User Manual
1021
53-1002949-01
Viewing time left for auto rekey
25
Thin Provisioning support
Thin-provisioned logical unit numbers (LUNs) are increasingly used to support a pay-as-you-grow
strategy for data storage capacity. Also known as dynamic provisioning, virtual LUNs, or thin LUNs,
the same technology that allows storage administrators to allocate physical disk space to LUNs on
an as-needed basis creates limitations around certain data-at-rest encryption operations that use
the switch or blade. Performing first-time encryption (FTE) (conversion of cleartext to ciphertext)
and data rekeying operations (applying new data encryption keys to ciphertext data) on
thin-provisioned LUNs results in an attempt by the encryption switch to overwrite data up to the size
of the logical size of the thin-provisioned LUN, rather than limiting FTE/rekeying to the size of the
physically allocated LUN size or to the data that has been written. This generally triggers the
allocation of additional blocks to the thin-provisioned LUN, using up the amount of physical disk
space that is available to the LUN and defeating the objective of using thin provisioning.
Additionally, for thin-provision capable storage products that support space reclamation based on
data pattern recognition (for example, ‘string of zeros’), the encryption of such patterns will
interfere with the space reclamation functionality of the storage and should be avoided.
Certain types of storage, including 3PAR, have been successfully tested by limiting the use of thin
provisioning to “greenfield” LUNs, or LUNs that do not have any written data yet. Rekeying
operations on these LUNs, like FTE, are also not permitted. As these limitations are not feasible for
most environments, the recommendation from Brocade is that any encrypted LUNs be fully
provisioned with disk.
Viewing time left for auto rekey
You can view the time remaining until auto rekey is no longer active for a disk LUN. The information
is expressed as the difference between the next rekey date and the current date and time, and is
measured in days, hours, and minutes.
Although you cannot make changes directly to the table, you can modify the time left using CLI. For
more information, refer to the administrator’s guide supporting your key vault management
system.
To view the time left for auto rekey, follow these steps:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box. (Refer to
Figure 303
on page 852.)
2. Select a group, switch, or engine from the Encryption Center Devices table for which to view the
auto rekey information, then select Group/Switch/Engine > Targets from the menu task bar.
NOTE
You can also select a group, switch, or engine from the Encryption Center Devices table, then
click the Targets icon.
The Encryption Targets dialog box displays. (Refer to
Figure 413
.)
3. Select a target disk device from the table, then click LUNs.
The Encryption Target Disk LUNs dialog box displays. The time left for auto rekey information is
listed in the table. (Refer to
Figure 445
.)