Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 210

190
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
SRDF/TF/RP manual rekeying procedures
3
3. During the rekeying operation, if desired, you can enable the remote target ports so the target
LUNs can be accessed by the remote hosts in read-only mode.
4. Issue a manual rekey request for the source LUN.
FabricAdmin:switch> cryptocfg --manual_rekey LUN ID> 5. Wait until the rekey operation on the source LUN has completed. If the source LUN has a rekeying error of any type, the SRDF pair should not be established/synchronized. The source 6. After confirming that the rekey has completed on the source LUN, perform the following to re-establish the source-to-target LUN replication: a. Remove the target LUN access by disabling all remote site target ports with access to the target LUN. NOTE In environments in which the target ports through which the target LUNs are accessible b. Re-establish the SRDF R1/R2 LUN pair so that the rekeyed data from the source LUN is copied to the target LUN. c. Verify that the SRDF pair is in a fully synchronized state using the EMC Solution Enabler. d. Verify that the DEKs are synchronized between the local and remote DPMs. This can be done manually for each LUN as follows: 1. Issue the cryptocfg -- show - vendorspecifickeyid key_ID command for each replicated LUN and capture the UUIDs (Universally Unique Identifier) returned. 7. Search for this UUID on the remote DPMs to ensure its presence. Alternatively, simply bringing the remote site LUNs online to the remote EEs ensures that 1. Restore target LUN access by enabling all remote site target ports (associated with remote site CTCs) with access to the target LUN. 8. Verify that the remote LUN states are encryption enabled and their key IDs used for encryption are the same as those used by the local site LUNs. 9. Take all target ports associated with CTCs through which the remote LUNs are accessible offline. NOTE If the DEK is not synchronized between the local and remote sites, the remote LUN will
LUN rekey must complete successfully before the source/target pair is re-established.
cannot be taken offline because they are used to access other LUNs, before remote
access to the R2 LUNs is established, the refreshDEK command must be issued for all
CTCs associated with the remote LUNs after the source LUNs have been rekeyed and
synchronized with their target LUNs.
the remote DEKs are present. To bring the remote LUNs online use following steps:
automatically become disabled.