Decommissioning primary and secondary lun pairs – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

188

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

Force-enabling a decommissioned disk LUN for encryption

3

NOTE

Do not delete the key from the key vault.

Decommissioning primary and secondary LUN pairs

To decommission both the primary and secondary LUNs, complete the following steps:

1. Log in as Admin or FabricAdmin.

2. Split the copy pairs.

3. Independently decommission the primary and secondary LUNs.

a. Decommission the primary LUN.

FabricAdmin:switch> cryptocfg --decommission -container

-initiator -LUN

b. Display the decommissioned key IDs.

FabricAdmin:switch> cryptocfg --show –decommissionedkeyids

c. Delete the respective key from the key vault. On the Brocade Encryption Switch, enter the

following command.

FabricAdmin:switch> cryptocfg --delete –decommissionedkeyids

d. Decommission the secondary LUN.

FabricAdmin:switch> cryptocfg --decommission -container

-initiator -LUN

Force-enabling a decommissioned disk LUN for encryption

When trying to re-use primary or secondary replicated LUNs, you must first decommission the
LUNs. When trying to re-use a decommissioned LUN, you must:

1. Delete the keys from the key vault.

2. Log in as Admin or FabricAdmin.

3. Delete the decommissioned LUN IDs from the Brocade Encryption Switch.

4. Display the decommissioned key IDs.

FabricAdmin:switch> cryptocfg --show –decommissionedkeyids

5. Delete the respective key from the Brocade Encryption Switch. Enter the following command.

FabricAdmin:switch> cryptocfg --delete –decommissionedkeyids

6. Add the LUN back into the container as cleartext.

FabricAdmin:switch> cryptocfg --add –LUN

Num | LUN Num Range> -lunstate cleartext