beautypg.com

Configuring a tape lun – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 197

background image

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

177

53-1002923-01

Crypto LUN configuration

3

Configuring a tape LUN

This example shows how to configure a tape storage device. The basic setup procedure is the same
as for disk devices. Only a subset of configuration options and policy settings are available for tape
LUNs. Refer to

Table 6

on page 176 for tape LUN configuration options.

1. Create a zone that includes the initiator (host) and the target port. Refer to the section

“Creating an initiator - target zone”

on page 164 for instructions.

2. Create a CryptoTarget container of type tape. Refer to the section

“Creating a CryptoTarget

container”

on page 169 for instructions.

a. Create the container, allowing the encryption format to default to Native.

FabricAdmin:switch> cryptocfg --create -container tape my_tape_tgt \

10:00:00:05:1e:41:9a:7e 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

Operation Succeeded

Existing data
encryption
Disk LUN: yes
Tape LUN: No
Modify? Yes

-enable_encexistingdata |
-disable_encexistingdata

Specifies whether or not existing data on the LUN should be
encrypted. By default, encryption of existing data is disabled.
Encryption policy must be set to -enable_encexistingdata, and
the LUN state must be set to cleartext (default). If the encryption
policy is cleartext, the existing data on the LUN will be overwritten.

Rekey policy
Disk LUN: yes
Tape LUN: No
Modify? Yes

-enable_rekey time_period
<days>| -disable_rekey

Enables or disables the auto rekeying feature on a specified disk
LUN. This policy is not valid for tape LUNs. By Default, the
automatic rekey feature is disabled. Enabling automatic rekeying
is valid only if the LUN policy is set to -encrypt. You must specify a
time period in days when enabling Auto Rekey to indicate the
interval at which automatic rekeying should take place.

Key lifespan
Disk LUN: No
Tape LUN: Yes
Modify? Disks
only. Tape: No

-

key_lifespan time_in_days

| none

Specifies the life span of the encryption key in days. The key will
expire after the specified number of days. Accepted values are
integers from 1 to 2982616. The default value is none, which
means the key does not expire. On tape LUNs, the key life span
cannot be modified after it is set.

Write Early Ack
Disk LUN: No
Tape LUN: Yes
Modify? Tape
Only. Disk: No

-write_early_ack
disable|enable

Specifies the Tape Write pipelining mode of the LUN. Two Write
Pipelining modes are supported:

disable - Early acknowledgement of commands (internal
buffering) for a tape lun is disabled.

enable - Early acknowledgement of commands (internal
buffering) for a tape lun is enabled.

The default value is enable.

Read Ahead
Disk LUN: No
Tape LUN: Yes
Modify? Tape
Only. Disk: No

-

read_ahead

disable | enable

Specifies the Tape Read Ahead mode of the LUN. Two Read Ahead
modes are supported:

disable - The LUN disables the Tape read ahead and Tape
LUN will be operated in unbuffered mode.

enable - The LUN enables the Tape read ahead and Tape LUN
will be operated in buffered mode.

The default value is enable.

TABLE 6

LUN parameters and policies (Continued)

Policy name

Command parameters

Description

See also other documents in the category Brocade Computer Accessories: