beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 204

background image

184

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

Configuring a multi-path Crypto LUN

3

c. Review the output of the LUN discovery to ensure that the LUN serial number for ALL LUNs

are the same as seen from target-port 1 to host-Port 1 path and from target-port 2 to
host-port 2. Identical LUN serial numbers validate the multi-path configuration.

5. Configure the LUN for all CryptoTarget containers in sequence by adding the LUN to each

CryptoTarget container with identical policy settings. Refer to the sections

“Configuring a

Crypto LUN”

on page 174 and

“Crypto LUN parameters and policies”

on page 176 for more

information.

a. Add the LUN to the CryptoTarget container CTC1 with policies.

FabricAdmin:switch> cryptocfg --add -LUN CTC1 0 \

-lunstate cleartext -encryption_format native -encrypt \

-enable_encexistingdata -enable_rekey 10

b. Add the same LUN to the CryptoTarget container CTC2. Use exactly the same LUN state

and policy settings that you used for the LUN added to CTC1.

FabricAdmin:switch> cryptocfg --add -LUN CTC2 0 \

-lunstate cleartext -encryption_format native -encrypt \

-enable_encexistingdata -enable_rekey 10

NOTE

The LUN policies must be exactly the same on both CTC1 and CTC2. Failure to do so results in
undefined behavior and data corruption.

6. Validate the LUN policies for all containers. Display the LUN configuration for ALL CryptoTarget

containers to confirm that the LUN policy settings are the same for all CryptoTarget containers.

FabricAdmin:switch> cryptocfg --show -LUN CTC1 0 -cfg

FabricAdmin:switch> cryptocfg --show -LUN CTC2 0 -cfg

Example:

FabricAdmin:switch> cryptocfg --show -LUN cx320-157A 0x1

10:00:00:00:c9:56:e4:7b -cfg

EE node: 10:00:00:05:1e:40:4c:00

EE slot: 9

Target: 50:06:01:60:30:20:db:34 50:06:01:60:b0:20:db:34

VT: 20:00:00:05:1e:53:8d:cd 20:01:00:05:1e:53:8d:cd

Number of host(s): 1

Configuration status: committed

Host: 10:00:00:00:c9:56:e4:7b 20:00:00:00:c9:56:e4:7b

VI: 20:02:00:05:1e:53:8d:cd 20:03:00:05:1e:53:8d:cd

LUN number: 0x1

LUN type: disk

LUN CFG state: encrypted

Encryption mode: encrypt

Encryption format: native

Encrypt existing data: disabled

Rekey: enabled

Key ID: not available

New LUN: No

Key life: 30 (days) 0 (minutes)

Operation succeeded.

7. Commit the LUN configuration.

FabricAdmin:switch>cryptocfg --commit

See also other documents in the category Brocade Computer Accessories: