beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 210

background image

190

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

SRDF/TF/RP manual rekeying procedures

3

3. During the rekeying operation, if desired, you can enable the remote target ports so the target

LUNs can be accessed by the remote hosts in read-only mode.

4. Issue a manual rekey request for the source LUN.

FabricAdmin:switch> cryptocfg --manual_rekey

LUN ID>

5. Wait until the rekey operation on the source LUN has completed. If the source LUN has a

rekeying error of any type, the SRDF pair should not be established/synchronized. The source
LUN rekey must complete successfully before the source/target pair is re-established.

6. After confirming that the rekey has completed on the source LUN, perform the following to

re-establish the source-to-target LUN replication:

a. Remove the target LUN access by disabling all remote site target ports with access to the

target LUN.

NOTE

In environments in which the target ports through which the target LUNs are accessible
cannot be taken offline because they are used to access other LUNs, before remote
access to the R2 LUNs is established, the refreshDEK command must be issued for all
CTCs associated with the remote LUNs after the source LUNs have been rekeyed and
synchronized with their target LUNs.

b. Re-establish the SRDF R1/R2 LUN pair so that the rekeyed data from the source LUN is

copied to the target LUN.

c. Verify that the SRDF pair is in a fully synchronized state using the EMC Solution Enabler.

d. Verify that the DEKs are synchronized between the local and remote DPMs. This can be

done manually for each LUN as follows:

1. Issue the cryptocfg

--

show

-

vendorspecifickeyid key_ID command for each

replicated LUN and capture the UUIDs (Universally Unique Identifier) returned.

7. Search for this UUID on the remote DPMs to ensure its presence.

Alternatively, simply bringing the remote site LUNs online to the remote EEs ensures that
the remote DEKs are present. To bring the remote LUNs online use following steps:

1. Restore target LUN access by enabling all remote site target ports (associated with

remote site CTCs) with access to the target LUN.

8. Verify that the remote LUN states are encryption enabled and their key IDs used for

encryption are the same as those used by the local site LUNs.

9. Take all target ports associated with CTCs through which the remote LUNs are

accessible offline.

NOTE

If the DEK is not synchronized between the local and remote sites, the remote LUN will
automatically become disabled.