Removing a lun from a cryptotarget container – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 192

172
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Crypto LUN configuration
3
Operation Succeeded
d. Display the LUN configuration.
FabricAdmin:switch> cryptocfg --show -LUN my_tape_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a -cfg
EE node:
10:00:00:05:1e:41:9a:7e
EE slot:
0
Target:
20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d
VT:
20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d
Number of host(s):
1
Configuration status: committed
Host:
21:00:00:e0:8b:89:9c:d5 20:00:00:e0:8b:89:9c:d5
VI:
10:00:00:00:c9:2b:c9:3a 20:03:00:05:1e:41:4e:31
LUN number:
0x0
LUN type:
tape
LUN status:
0
Encryption mode:
encrypt
Encryption format:
DF_compatible
Tape type:
tape
Key life:
90 (day)
Volume/Pool label:
Operation succeeded.
NOTE
The “
–
key_lifespan” command option has no effect for “cryptocfg
–-
add
–
LUN”, and only has an
effect for “cryptocfg
--
create
–
tapepool” for tape pools declared “
-
encryption_format native”. For
all other encryption cases, a new key is generated each time a medium is rewound and block zero
is either written or overwritten. For the same reason, the “Key Life” field in the output of “cryptocfg
--
show
-
container
-
all
–
stat” should always be ignored, and the “Key life” field in “cryptocfg
--
show
–
tapepool
–
cfg” is only significant for native-encrypted pools.
Removing a LUN from a CryptoTarget container
You can remove a LUN from a given CryptoTarget container if it is no longer needed. Stop all traffic
I/O from the initiators accessing the LUN before removing the LUN to avoid I/O failure between the
initiators and the LUN. If the LUN is exposed to more than one initiator under different LUN
Numbers, remove all exposed LUN Numbers.
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--
remove
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --remove -LUN my_disk_tgt 0x0
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
3. Commit the configuration with the
-
force option to completely remove the LUN and all
associated configuration data in the configuration database. The data remains on the removed
LUN in an encrypted state.
FabricAdmin:switch> cryptocfg --commit -force
Operation Succeeded