Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 247

background image

Fabric OS Command Reference

217

53-1003131-01

cryptoCfg

2

The -key_lifespan parameter cannot be modified for tape LUNs once it has
been set.

Exercise caution when modifying policy parameters while tape sessions are
in progress. For information on the impact of encryption policy changes while
tape sessions are in progress, refer to the Fabric OS Encryption
Administrator's Guide
.

--remove -LUN

Removes a LUN from a specified CTC. You must stop all traffic to the LUN from all
initiators accessing the LUN you are removing from the CTC. Failure to do so
results in I/O failure between the initiators and the LUN. If the LUN is exposed with
different LUN Numbers to different initiators, all exposed LUN Numbers must be
removed. This command is valid only on the group leader. The following operands
are required when removing a LUN from a CTC:

crypto_target_container_name

Specifies the name of the CTC from which the LUN is to be removed.

LUN_Num

Specifies the number of the LUN to be removed. Use the --show -container
command for a list of LUN numbers associated with the specified CTC.

initiator_PWWN

Specifies the initiator port WWN for the LUN to be removed.

--enable -LUN

Forces the LUN to become enabled for encryption from a disabled state. This
command must be executed on the local switch that is hosting the LUN. No
commit is required after executing this command. This command proceeds with a
warning and prompts for confirmation.

A LUN may become disabled for various reasons, such as a change in policy from
encrypted to cleartext, a conflict between LUN policy and LUN, or a missing DEK
in the key vault. Force-enabling a LUN while metadata exist on the LUN may
result in a loss of data and should be exercised with caution. Refer to the Fabric
OS Encryption Administrator's Guide
for a description of conditions under which a
LUN may be disabled and recommendations for re-enabling the LUN while
minimizing the risk of data loss.

The following operands are required when force-enabling a LUN:

crypto_target_container_name

Specifies the name of the CTC to which this LUN belongs.

LUN_Num

Specifies the number of the LUN to be enabled. Use the --show -container
command for a list of LUN numbers associated with the specified CTC.

initiator_PWWN

Specifies the initiator port WWN for the specified LUN.

--create -tapepool

Creates a tape pool. A tape pool consists of a group of tape media that share the
same encryption policies and data encryption keys (DEKs).

A maximum of 4096 tape pools per encryption group are supported. You may add
up to a maximum of 25 tape pools per commit operation. There is a delay of five
seconds delay at each commit operation.

Policy configuration at the tape pool level is optional; if left unspecified LUN-level
tape policy parameters apply.