beautypg.com

Deleting a cryptotarget container – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 191

background image

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

171

53-1002923-01

CryptoTarget container configuration

3

CAUTION

When configuring a multi-path LUN, you must remove all initiators from all CryptoTarget
containers in sequence before committing the transaction. Failure to do so may result in a
potentially catastrophic situation where one path ends up being exposed through the encryption
switch and another path has direct access to the device from a host outside the protected realm
of the encryption platform. Refer to the section

“Configuring a multi-path Crypto LUN”

on

page 181 for more information.

Deleting a CryptoTarget container

You may delete a CryptoTarget container to remove the target port from a given encryption switch
or blade. Deleting a CryptoTarget container removes the virtual target and all associated LUNs from
the fabric.

Before deleting a container, be aware of the following:

Stop all traffic to the target port for which the CryptoTarget container is being deleted. Failure
to do so will cause data corruption (a mix of encrypted data and cleartext data will be written to
the LUN).

Deleting a CryptoTarget container during a rekey or first-time encryption session causes all
data to be lost on the LUNs that are being rekeyed. Ensure that no rekey or first-time
encryption sessions are in progress before deleting a container. Use the cryptocfg

--

show

-

rekey

-

all command to determine the runtime status of the session. If for some reason, you

need to delete a container while rekeying, when you create a new container, be sure the LUNs
added to the container are set to cleartext. You can then start a new rekey session on clear text
LUNs.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

delete

-

container command followed by the CryptoTarget container

name. The following example removes the CryptoTarget container “my_disk_tgt”.

FabricAdmin:switch> cryptocfg --delete -container my_disk_tgt

Operation Succeeded

3. Commit the transaction.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

See also other documents in the category Brocade Computer Accessories: