beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 195

background image

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

175

53-1002923-01

Crypto LUN configuration

3

NOTE

If you are using VMware virtualization software or any other configuration that involves mounted file
systems on the LUN, you must enable first-time encryption at the time when you create the LUN by
setting the

–-

enable_encexistingdata option with the

–-

add

-

LUN command. Failure to do so

permanently disconnects the LUN from the host and causes data to be lost and unrecoverable.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

add

-

LUN command followed by the CryptoTarget container Name, the

LUN number or a range of LUN numbers, the PWWN and NWWN of the initiators that should be
able to access the LUN. The following example adds a disk LUN enabled for encryption.

FabricAdmin:switch> cryptocfg --add -LUN my_disk_tgt 0x0 \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt

Operation Succeeded

3. Commit the configuration.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a LUN with multiple paths, do not commit the configuration before you have
added all the LUNs with identical policy settings and in sequence to each of the CryptoTarget
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section

“Configuring a multi-path Crypto LUN”

on page 181.

4. Display the LUN configuration. The following example shows default values.

FabricAdmin:switch> cryptocfg --show -LUN my_disk_tgt0 \

10:00:00:00:c9:2b:c9:3a -cfg

EE node: 10:00:00:05:1e:41:9a:7e

EE slot: 0

Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d

Number of host(s): 1

Configuration status: committed

Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

VI: 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d

LUN number: 0x0

LUN type: disk

LUN status: 0

Encryption mode: encrypt

Encryption format: native

Encrypt existing data: enabled

Rekey: disabled

Key ID: not available

Operation Succeeded

See also other documents in the category Brocade Computer Accessories: