Configuring a multi-path crypto lun, The section – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 218

198

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Configuring a multi-path Crypto LUN

A single LUN may be accessed over multiple paths. A multi-path LUN is exposed and configured on
multiple CryptoTarget Containers located on the same encryption switch or blade or on different
encryption switches or blades.

CAUTION

When configuring a LUN with multiple paths, there is a considerable risk of ending up with
potentially catastrophic scenarios where different policies exist for each path of the LUN, or a
situation where one path ends up being exposed through the encryption switch and other path
has direct access to the device from a host outside the secured realm of the encryption platform.
Failure to follow proper configuration procedures for multi-path LUNs results in data corruption.

To avoid the risk of data corruption, you must observe the following rules when configuring
multi-path LUNs:

•

During the initiator-target zoning phase, complete in sequence all zoning for ALL hosts that
should gain access to the targets before committing the zoning configuration.

•

Complete the CryptoTarget container configuration for ALL target ports in sequence and add
the hosts that should gain access to these ports before committing the container
configuration. Upon commit, the hosts lose access to all LUNs until the LUNs are explicitly
added to the CryptoTarget containers.

•

When configuring the LUNs, the same LUN policies must be configured for ALL paths of ALL
LUNs. Failure to configure all LUN paths with the same LUN policies results in data corruption.