beautypg.com

Force-enabling a disabled disk lun for encryption – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 217

background image

Fabric OS Encryption Administrator’s Guide (KMIP)

199

53-1002747-02

Force-enabling a disabled disk LUN for encryption

3

7. Enable the LUN.

FabricAdmin:switch> cryptocfg --enable -LUN

8. Modify the LUN to encrypted.

FabricAdmin:switch> cryptocfg --modify -LUN
0 -lunstate encrypted -encryption_format native
-encrypt

9. Enter the cryptocfg

--

enable

-

LUN command followed by the CryptoTarget container name,

the LUN Number, and the initiator PWWN.

FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded

Force-enabling a disabled disk LUN for encryption

You can force a disk LUN to become enabled for encryption when encryption is disabled on the
LUN. A LUN may become disabled for various reasons, such as a change in policy from encrypt to
cleartext when encrypted data (and metadata) exist on the LUN, a conflict between LUN policy and
LUN state, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN
may result in a loss of data and should be exercised with caution. Refer to Chapter 6,

“LUN policy

troubleshooting”

on page 275 for a description of conditions under which a LUN may be disabled,

and for recommendations on re-enabling the LUN while minimizing the risk of data loss.

This procedure must be performed on the local switch that is hosting the LUN. No commit is
required to force-enable after executing this command.

1. Log in to the switch that hosts the LUN as Admin or FabricAdmin.

2. Enter the cryptocfg

--

enable

-

LUN command followed by the CryptoTarget container name,

the LUN Number, and the initiator PWWN.

FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded