beautypg.com

Crypto lun parameters and policies – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 165

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

147

53-1002925-01

Crypto LUN configuration

3

Operation Succeeded

3. Commit the configuration.

FabricAdmin:switch> cryptocfg --commit

Operation Succeeded

CAUTION

When configuring a LUN with multiple paths, do not commit the configuration before you have
added all the LUNs with identical policy settings and in sequence to each of the CryptoTarget
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section

“Configuring a multi-path Crypto LUN”

on page 153.

4. Display the LUN configuration. The following example shows default values.

FabricAdmin:switch> cryptocfg --show -LUN my_disk_tgt0 \

10:00:00:00:c9:2b:c9:3a -cfg

EE node: 10:00:00:05:1e:41:9a:7e

EE slot: 0

Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d

Number of host(s): 1

Configuration status: committed

Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

VI: 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d

LUN number: 0x0

LUN type: disk

LUN status: 0

Encryption mode: encrypt

Encryption format: native

Encrypt existing data: enabled

Rekey: disabled

Key ID: not available

Operation Succeeded

Crypto LUN parameters and policies

Table 6

shows the encryption parameters and policies that can be specified for a disk or tape LUN,

during LUN configuration (with the cryptocfg

--

add

-

LUN command). Some policies are applicable

only to disk LUNs, and some policies are applicable only to tape LUNs. It is recommended that you
plan to configure all the LUN state and encryption policies with the cryptocfg

--

add

-

LUN

command. You can use the cryptocfg

--

modify

-

LUN command to change some of the settings,

but not all options can be modified.

NOTE

LUN policies are configured at the LUN level, but apply to the entire HA or DEK cluster. For multi-path
LUNs that are exposed through multiple target ports and thus configured on multiple CryptoTarget
containers on different encryption engines in an HA cluster or DEK cluster, the same LUN policies
must be configured. Failure to do so results in unexpected behavior and may lead to data corruption.

See also other documents in the category Brocade Computer Accessories: