Force-enabling a disabled disk lun for encryption, Tape pool configuration – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 179
Fabric OS Encryption Administrator’s Guide (LKM/SSKM)
161
53-1002925-01
Force-enabling a disabled disk LUN for encryption
3
7. Enable the LUN.
FabricAdmin:switch> cryptocfg --enable -LUN
8. Modify the LUN to encrypted.
FabricAdmin:switch> cryptocfg --modify -LUN
-encrypt
9. Enter the cryptocfg
--
enable
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
Force-enabling a disabled disk LUN for encryption
You can force a disk LUN to become enabled for encryption when encryption is disabled on the
LUN. A LUN may become disabled for various reasons, such as a change in policy from encrypt to
cleartext when encrypted data (and metadata) exist on the LUN, a conflict between LUN policy and
LUN state, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN
may result in a loss of data and should be exercised with caution. Refer to Chapter 6,
on page 244 for a description of conditions under which a LUN may be disabled,
and for recommendations on re-enabling the LUN while minimizing the risk of data loss.
This procedure must be performed on the local switch that is hosting the LUN. No commit is
required to force-enable after executing this command.
1. Log in to the switch that hosts the LUN as Admin or FabricAdmin.
2. Enter the cryptocfg
--
enable
-
LUN command followed by the CryptoTarget container name,
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --enable -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
Tape pool configuration
Tape pools are used by tape backup application programs to group all configured tape volumes into
a single backup to facilitate their management within a centralized backup plan. A tape pool is
identified by either a name or a number, depending on the backup application. Tape pools have the
following properties:
•
They are configured and managed per encryption group at the group leader level.
•
All encryption engines in the encryption group share the same tape pool policy definitions.
•
Tape pool definitions are only used when writing tapes. The tape contains enough information
(encryption method and key ID) to enable any encryption engine to read the tape.
•
Tape pool names and numbers must be unique within the encryption group.