Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 203

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)
183
53-1002923-01
Configuring a multi-path Crypto LUN
3
3. On the group leader encryption switch (switch 1), create a CryptoTarget container for each
target port and add the hosts in sequence. Do NOT commit the configuration until you have
created all CryptoTarget containers and added all hosts to the respective containers.
a. Log in as Admin or FabricAdmin.
b. Create a CryptoTarget container (CTC1) for target port 1 to be hosted on the encryption
engine of encryption switch 1. Refer to the section
“Creating a CryptoTarget container”
page 169 for instructions on steps b. through e.
FabricAdmin:switch> cryptocfg --create -container disk CTC1 \
c. Create a CryptoTarget container (CTC2) for target port 2 to be hosted on the encryption
engine of encryption switch 2.
FabricAdmin:switch> cryptocfg --create -container disk CTC2 \
d. Add host port 1 to the container CTC1.
FabricAdmin:switch> cryptocfg --add -initiator
e. Add host port 2 to the container CTC2.
FabricAdmin:switch> cryptocfg --add -initiator
f.
Commit the configuration.
FabricAdmin:switch> cryptocfg --commit
Upon commit, redirection zones are created for target port 1, host port 1 and target port 2,
host port 2. These redirection zones include the virtual target VT1 for CTC1, the virtual initiator
VI1 for host port 1, the virtual target VT2 for CTC2 and the virtual initiator VI2 for host port 2. At
this stage, the host loses access to all LUNs until the LUNs are explicitly added to the
CryptoTarget containers.
4. Discover the LUNs. Perform steps 4 a. through c. to discover the LUNs for ALL CryptoTarget
containers in sequence. Refer to the section
on page 173 for details on
the LUN discovery process and a command output example.
a. On the encryption switch 1 (the group leader), enter the cryptocfg
--
discoverLUN for the
container CTC1. The command output displays the LUNs present in the target as exposed
from target port 1 and as seen by host port1, the LUN Number, host port1 WWN, and the
LUN Serial Number.
FabricAdmin:switch> cryptocfg --discoverLUN CTC1
b. On the encryption switch 2, enter the cryptocfg
--
discoverLUN for the container CTC2.
The command output displays the LUNs present in the target as exposed from target port
and as seen by host port 2, the LUN Number, host port1 WWN, and the LUN Serial
Number.
FabricAdmin:switch> cryptocfg --discoverLUN CTC2