Force-enabling a disabled disk lun for encryption – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 217
Fabric OS Encryption Administrator’s Guide (KMIP)
199
53-1002747-02
Force-enabling a disabled disk LUN for encryption
3
7. Enable the LUN.
FabricAdmin:switch> cryptocfg --enable -LUN
8. Modify the LUN to encrypted.
FabricAdmin:switch> cryptocfg --modify -LUN
-encrypt
9. Enter the cryptocfg
--
enable
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
Force-enabling a disabled disk LUN for encryption
You can force a disk LUN to become enabled for encryption when encryption is disabled on the
LUN. A LUN may become disabled for various reasons, such as a change in policy from encrypt to
cleartext when encrypted data (and metadata) exist on the LUN, a conflict between LUN policy and
LUN state, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN
may result in a loss of data and should be exercised with caution. Refer to Chapter 6,
on page 275 for a description of conditions under which a LUN may be disabled,
and for recommendations on re-enabling the LUN while minimizing the risk of data loss.
This procedure must be performed on the local switch that is hosting the LUN. No commit is
required to force-enable after executing this command.
1. Log in to the switch that hosts the LUN as Admin or FabricAdmin.
2. Enter the cryptocfg
--
enable
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded