beautypg.com

Modify example, Removing a lun from a cryptotarget container – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 169

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

151

53-1002925-01

Crypto LUN configuration

3

NOTE

The “

key_lifespan” command option has no effect for “cryptocfg

–-

add

LUN”, and only has an

effect for “cryptocfg

--

create

tapepool” for tape pools declared “

-

encryption_format native”. For

all other encryption cases, a new key is generated each time a medium is rewound and block zero
is either written or overwritten. For the same reason, the “Key Life” field in the output of “cryptocfg

--

show

-

container

-

all

stat” should always be ignored, and the “Key life” field in “cryptocfg

--

show

tapepool

cfg” is only significant for native-encrypted pools.

Modify example

The following is an example of the use of the cryptocfg

--

modify command. This example changes

the encryption format from Brocade native to DF-compatible.

FabricAdmin:switch> cryptocfg --modify -LUN my_tape_tgt 0x0

10:00:00:00:c9:2b:c9:3a -encryption-format DF_compatible

Operation Succeeded

Removing a LUN from a CryptoTarget container

You can remove a LUN from a given CryptoTarget container if it is no longer needed. Stop all traffic
I/O from the initiators accessing the LUN before removing the LUN to avoid I/O failure between the
initiators and the LUN. If the LUN is exposed to more than one initiator under different LUN
Numbers, remove all exposed LUN Numbers.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

remove

-

LUN command followed by the CryptoTarget container name,

the LUN Number, and the initiator PWWN.

FabricAdmin:switch> cryptocfg --remove -LUN my_disk_tgt 0x0

10:00:00:00:c9:2b:c9:3a

Operation Succeeded

3. Commit the configuration with the

-

force option to completely remove the LUN and all

associated configuration data in the configuration database. The data remains on the removed
LUN in an encrypted state.

FabricAdmin:switch> cryptocfg --commit -force

Operation Succeeded

CAUTION

In case of multiple paths for a LUN, each path is exposed as a CryptoTarget container in the same
encryption switch or blade or on different encryption switches or blades within the encryption
group. In this scenario you must remove the LUNs from all exposed CryptoTarget containers
before you commit the transaction. Failure to do so may result in a potentially catastrophic
situation where one path ends up being exposed through the encryption switch and another path
has direct access to the device from a host outside the protected realm of the encryption
platform. Refer to the section

“Configuring a multi-path Crypto LUN”

on page 153 for more

information.

See also other documents in the category Brocade Computer Accessories: