Dell POWEREDGE M1000E User Manual

212

Fabric OS Command Reference

53-1002746-01

cryptoCfg

2

initiator_PWWN

Specifies the initiator port WWN for the LUN to be removed.

--enable -LUN

Forces the LUN to become enabled for encryption from a disabled state. This
command must be executed on the local switch that is hosting the LUN. No
commit is required after executing this command. This command proceeds with a
warning and prompts for confirmation.

A LUN may become disabled for various reasons, such as a change in policy from
encrypted to cleartext, a conflict between LUN policy and LUN, or a missing DEK
in the key vault. Force-enabling a LUN while metadata exist on the LUN may
result in a loss of data and should be exercised with caution. Refer to the Fabric
OS Encryption Administrator's Guide for a description of conditions under which a
LUN may be disabled and recommendations for re-enabling the LUN while
minimizing the risk of data loss.

The following operands are required when force-enabling a LUN:

crypto_target_container_name

Specifies the name of the CTC to which this LUN belongs.

LUN_Num

Specifies the number of the LUN to be enabled. Use the --show -container
command for a list of LUN numbers associated with the specified CTC.

initiator_PWWN

Specifies the initiator port WWN for the specified LUN.

--create -tapepool

Creates a tape pool. A tape pool consists of a group of tape media that share the
same encryption policies and data encryption keys (DEKs).

A maximum of 4096 tape pools per encryption group are supported. You may add
up to a maximum of 25 tape pools per commit operation. There is a delay of five
seconds delay at each commit operation.

Policy configuration at the tape pool level is optional; if left unspecified LUN-level
tape policy parameters apply.

This command is valid only on the group leader. The following operands are
supported:

-label pool_label | -num pool_num

Specifies the tape pool volume label or alternately the tape pool ID. This is a
user-defined identifier, which must be unique within the encryption group and
should match the tape pool label or ID that is configured on the tape backup
application. The tape pool label can consist of any combination of characters.
When using white space, you must enclose the tape pool label in double quotation
marks. The maximum size is 64 bytes. This operand is required.

-encryption_format

Optionally specifies the tape encryption format. Two encryption formats are
supported for tape pools:

native

Data is encrypted or decrypted using the Brocade native encryption format
(metadata format and algorithm). This is the default setting.

DF_compatible

Data is encrypted or decrypted using the NetApp DataFort encryption format
(metadata format and algorithm). Use of this format requires a NetApp
DataFort-compatible license on the encryption switch or on the chassis that
houses the encryption blade.