Force-enabling a disabled disk lun for encryption – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 209
Fabric OS Encryption Administrator’s Guide (SKM/ESKM)
189
53-1002923-01
Force-enabling a disabled disk LUN for encryption
3
7. Enable the LUN.
FabricAdmin:switch> cryptocfg --enable -LUN
8. Modify the LUN to encrypted.
FabricAdmin:switch> cryptocfg --modify -LUN
-encrypt
9. Enter the cryptocfg
--
enable
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
Force-enabling a disabled disk LUN for encryption
You can force a disk LUN to become enabled for encryption when encryption is disabled on the
LUN. A LUN may become disabled for various reasons, such as a change in policy from encrypt to
cleartext when encrypted data (and metadata) exist on the LUN, a conflict between LUN policy and
LUN state, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN
may result in a loss of data and should be exercised with caution. Refer to Chapter 6,
on page 273 for a description of conditions under which a LUN may be disabled,
and for recommendations on re-enabling the LUN while minimizing the risk of data loss.
This procedure must be performed on the local switch that is hosting the LUN. No commit is
required to force-enable after executing this command.
1. Log in to the switch that hosts the LUN as Admin or FabricAdmin.
2. Enter the cryptocfg
--
enable
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded