Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 174

Advertising
background image

156

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Configuring a multi-path Crypto LUN

3

5. Configure the LUN for all CryptoTarget containers in sequence by adding the LUN to each

CryptoTarget container with identical policy settings. Refer to the sections

“Configuring a

Crypto LUN”

on page 146 and

“Crypto LUN parameters and policies”

on page 147 for more

information.

a. Add the LUN to the CryptoTarget container CTC1 with policies.

FabricAdmin:switch> cryptocfg --add -LUN CTC1 0 <Host Port1 WWN> \

<Host NWWN> -lunstate cleartext -encryption_format native -encrypt \

-enable_encexistingdata -enable_rekey 10

b. Add the same LUN to the CryptoTarget container CTC2. Use exactly the same LUN state

and policy settings that you used for the LUN added to CTC1.

FabricAdmin:switch> cryptocfg --add -LUN CTC2 0 <Host Port1 WWN> \

<Host NWWN> -lunstate cleartext -encryption_format native -encrypt \

-enable_encexistingdata -enable_rekey 10

NOTE

The LUN policies must be exactly the same on both CTC1 and CTC2. Failure to do so results in
undefined behavior and data corruption.

6. Validate the LUN policies for all containers. Display the LUN configuration for ALL CryptoTarget

containers to confirm that the LUN policy settings are the same for all CryptoTarget containers.

FabricAdmin:switch> cryptocfg --show -LUN CTC1 0 <Host Port1 WWN> -cfg

FabricAdmin:switch> cryptocfg --show -LUN CTC2 0 <Host Port2 WWN> -cfg

Example:

FabricAdmin:switch> cryptocfg --show -LUN cx320-157A 0x1

10:00:00:00:c9:56:e4:7b -cfg

EE node: 10:00:00:05:1e:40:4c:00

EE slot: 9

Target: 50:06:01:60:30:20:db:34 50:06:01:60:b0:20:db:34

VT: 20:00:00:05:1e:53:8d:cd 20:01:00:05:1e:53:8d:cd

Number of host(s): 1

Configuration status: committed

Host: 10:00:00:00:c9:56:e4:7b 20:00:00:00:c9:56:e4:7b

VI: 20:02:00:05:1e:53:8d:cd 20:03:00:05:1e:53:8d:cd

LUN number: 0x1

LUN type: disk

LUN CFG state: encrypted

Encryption mode: encrypt

Encryption format: native

Encrypt existing data: disabled

Rekey: enabled

Key ID: not available

New LUN: No

Key life: 30 (days) 0 (minutes)

Operation succeeded.

7. Commit the LUN configuration.

FabricAdmin:switch> cryptocfg --commit

Advertising
Popular Brands
Popular manuals