Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 188

168
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Crypto LUN configuration
3
NOTE
There is a maximum of 512 disk LUNs per Initiator in a container. With the introduction of Fabric
OS 7.1.0, the maximum number of uncommitted configuration changes per disk LUN (or maximum
paths to a LUN) is 512 transactions. This change in commit limit is applicable only when using
Brocade Network Advisor. The commit limit when using the CLI remains unchanged at 25.
NOTE
The maximum of number of tape LUNs that can be added or modfied in a single commit operation
remains unchanged at eight.
The device type (disk or tape) is set at the CryptoTarget container level. You cannot add a tape LUN
to a CryptoTarget container of type “disk” and vice versa.
It is recommended that you configure the LUN state and encryption policies at this time. You can
add these settings later with the cryptocfg
--
modify
-
LUN command, but not all options are
modifiable. Refer to the section
“Crypto LUN parameters and policies”
on page 169 for LUN
configuration parameters. Refer to the section
on page 196 for tape pool
policy parameters.
NOTE
If you are using VMware virtualization software or any other configuration that involves mounted file
systems on the LUN, you must enable first-time encryption at the time when you create the LUN by
setting the
enable_encexistingdata option with the
–-
add
-
LUN command. Failure to do so
permanently disconnects the LUN from the host and causes data to be lost and unrecoverable.
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--
add
-
LUN command followed by the CryptoTarget container Name, the
LUN number or a range of LUN numbers, the PWWN and NWWN of the initiators that should be
able to access the LUN. The following example adds a disk LUN enabled for encryption.
FabricAdmin:switch> cryptocfg --add -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt
Operation Succeeded
3. Commit the configuration.
FabricAdmin:switch> cryptocfg --commit
Operation Succeeded
CAUTION
When configuring a LUN with multiple paths, do not commit the configuration before you have
added all the LUNs with identical policy settings and in sequence to each of the CryptoTarget
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section
“Configuring a multi-path Crypto LUN”
4. Display the LUN configuration. The following example shows default values.
FabricAdmin:switch> cryptocfg --show -LUN my_disk_tgt0 \
10:00:00:00:c9:2b:c9:3a -cfg
EE node: 10:00:00:05:1e:41:9a:7e
EE slot: 0
Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d
VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d