beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 188

background image

168

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Crypto LUN configuration

3

NOTE

There is a maximum of 512 disk LUNs per Initiator in a container. With the introduction of Fabric
OS 7.1.0, the maximum number of uncommitted configuration changes per disk LUN (or maximum
paths to a LUN) is 512 transactions. This change in commit limit is applicable only when using
Brocade Network Advisor. The commit limit when using the CLI remains unchanged at 25.

NOTE

The maximum of number of tape LUNs that can be added or modfied in a single commit operation
remains unchanged at eight.

The device type (disk or tape) is set at the CryptoTarget container level. You cannot add a tape LUN
to a CryptoTarget container of type “disk” and vice versa.

It is recommended that you configure the LUN state and encryption policies at this time. You can
add these settings later with the cryptocfg

--

modify

-

LUN command, but not all options are

modifiable. Refer to the section

“Crypto LUN parameters and policies”

on page 169 for LUN

configuration parameters. Refer to the section

“Creating a tape pool”

on page 196 for tape pool

policy parameters.

NOTE

If you are using VMware virtualization software or any other configuration that involves mounted file
systems on the LUN, you must enable first-time encryption at the time when you create the LUN by
setting the

enable_encexistingdata option with the

–-

add

-

LUN command. Failure to do so

permanently disconnects the LUN from the host and causes data to be lost and unrecoverable.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

add

-

LUN command followed by the CryptoTarget container Name, the

LUN number or a range of LUN numbers, the PWWN and NWWN of the initiators that should be
able to access the LUN. The following example adds a disk LUN enabled for encryption.

FabricAdmin:switch> cryptocfg --add -LUN my_disk_tgt 0x0 \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt

Operation Succeeded

3. Commit the configuration.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a LUN with multiple paths, do not commit the configuration before you have
added all the LUNs with identical policy settings and in sequence to each of the CryptoTarget
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section

“Configuring a multi-path Crypto LUN”

on page 198.

4. Display the LUN configuration. The following example shows default values.

FabricAdmin:switch> cryptocfg --show -LUN my_disk_tgt0 \

10:00:00:00:c9:2b:c9:3a -cfg

EE node: 10:00:00:05:1e:41:9a:7e

EE slot: 0

Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d

See also other documents in the category Brocade Computer Accessories: