Aix considerations, Enabling a disabled lun, Disk metadata – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Fabric OS Encryption Administrator’s Guide (KMIP)

233

53-1002747-02

AIX Considerations

5

Best practices are as follows:

•

Create a cryptoTarget container for the target WWN.

•

Add the HP-UX initiator WWN to the container.

•

Issue the discover LUN CLI command on the container to discover the LUNs present in the
target.

•

Based on the LUN list returned as part of LUN discovery, add the LUN 0 if LUN 0 is present in
the target (which is usually the case).

NOTE

When an EMC-CX3 storage array is used with HP-UX the CX3 array exposes both 0x0 and 0x4000
LUNs to the HP-UX host. 0x0 and 0x4000 LUNs have the same LSN. Both must be added as
cleartext.

AIX Considerations

For AIX-based PowerHA SystemMirror host clusters, the cluster repository disk should be defined
outside of the encryption environment.

Ensure that Dynamic Tracking is set to “Yes” for all Fibre Channel adapters on the AIX system.

Enabling a disabled LUN

When Metadata is found on the LUN, but current LUN state is indicated as cleartext or is being
converted from encrypt to cleartext, the LUN is disabled and the LUN status displayed by the LUN
Show CLI command is Internal EE LUN state: Encryption disabled .

The disabled LUN can be enabled by invoking the enable LUN command.

switch:admin> cryptocfg --enable -LUN

Disk metadata

If possible, 32 bytes of metadata are added to every block in LBA range 1 to 16 for both the native
Brocade format and DF-compatible formats. This metadata is not visible to the host. The Host I/Os
for the metadata region of the LUN are handled in the encryption switch software, and some
additional latency should be expected.

NOTE

For encrypted LUNs, data in LBA 0 will always be in cleartext.