beautypg.com

Configuring a crypto lun – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 194

background image

174

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

Crypto LUN configuration

3

CAUTION

When configuring a LUN with multiple paths, perform the LUN discovery on each of the
CryptoTarget containers for each of the paths accessing the LUN and verify that the serial
number for these LUNs discovered from these CryptoTarget containers are the same. This
indicates and validates that these CryptoTarget containers are indeed paths to the same LUN.
Refer to the section

“Configuring a multi-path Crypto LUN”

on page 181 for more information.

Configuring a Crypto LUN

You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the
encryption property on the Crypto LUN. The LUNs of the target that are not enabled for encryption
must still be added to the CryptoTarget container with the cleartext policy option.

You can add a single LUN to a CryptoTarget container, or you can add multiple LUNs by providing a
range of LUN Numbers. When adding a single LUN, you can either provide a 16-bit (2 byte) hex
value of the LUN Number, for example, 0x07. Alternately you can provide a 64-bit (8 byte) value in
WWN or LUN ID format, for example, 00:07:00:00:00:00:00:00. When adding a range of LUN
Numbers, you may use two byte hex values or decimal numbers.

LUN configurations and modifications must be committed to take effect. The commit limit when
using the CLI is 25. If the number of paths for a LUN exceeds the limit, then more than one
transaction must be sent. Attempts to commit configurations or modifications that exceed the
maximum commit allowed will fail with a warning. There is also a five-second delay before the
commit operation takes effect. In addition to the commit limits, make sure the LUNs in previously
committed LUN configurations and LUN modifications have a LUN state of Encryption Enabled
before creating and committing another batch of LUN configurations or LUN modifications.

NOTE

There is a maximum of 512 disk LUNs per Initiator in a container. With the introduction of Fabric
OS 7.1.0, the maximum number of uncommitted configuration changes per disk LUN (or maximum
paths to a LUN) is 512 transactions. This change in commit limit is applicable only when using BNA.
The commit limit when using the CLI remains unchanged at 25.

NOTE

The maximum of number of tape LUNs that can be added or modified in a single commit operation
remains unchanged at eight.

The device type (disk or tape) is set at the CryptoTarget container level. You cannot add a tape LUN
to a CryptoTarget container of type “disk” and vice versa.

It is recommended that you configure the LUN state and encryption policies at this time. You can
add these settings later with the cryptocfg

--

modify

-

LUN command, but not all options are

modifiable. Refer to the section

“Crypto LUN parameters and policies”

on page 176 for LUN

configuration parameters. Refer to the section

“Creating a tape pool”

on page 192 for tape pool

policy parameters.

See also other documents in the category Brocade Computer Accessories: