Creating a cryptotarget container – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

169

53-1002923-01

CryptoTarget container configuration

3

Creating a CryptoTarget container

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

create

-

container command. Specify the type of container, (disk or

tape), followed by a name for the CryptoTarget container, the encryption engine’s node WWN,
and the target’s Port WWN and node WWN. Provide a slot number if the encryption engine is a
blade.

•

The CryptoTarget container name can be up to 31 characters in length and may include
any alphanumeric characters, hyphens, and underscore characters.

•

You may add initiators at this point or after you create the container.

The following example creates a disk container named my_disk_tgt1. The initiator is added in
step 3.

FabricAdmin:switch> cryptocfg --create -container disk my_disk_tgt \

10:00:00:00:05:1e:41:9a:7e 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

Operation Succeeded

3. Add an initiator to the CryptoTarget container. Enter the cryptocfg

--

add

-

initiator command

followed by the initiator port WWN and the node WWN.

Note that the initiator port WWN must also be added to the LUN when the LUN is added to the
CryptoTarget container.

FabricAdmin:switch> cryptocfg --add -initiator my_disk_tgt \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

Operation Succeeded

4. Commit the transaction. The commit operation creates the virtual devices and the redirection

zone that routes traffic through these devices.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a multi-path LUN, you must complete the CryptoTarget container configuration
for ALL target ports in sequence and add the hosts that should gain access to these ports before
committing the container configuration. Failure to do so results in data corruption. Refer to the
section

“Configuring a multi-path Crypto LUN”

on page 181 for specific instructions.

5. Display the CryptoTarget container configuration. The virtual initiator and virtual target have

been created automatically upon commit, and there are no LUNs configured yet.

FabricAdmin:switch> cryptocfg --show -container my_disk_tgt -cfg

Container name: my_disk_tgt

Type: disk

EE node: 10:00:00:05:1e:41:9a:7e

EE slot: 0

Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d

Number of host(s): 1

Configuration status: committed

Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

VI: 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d