beautypg.com

Creating a tape pool, Ction – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 182

background image

164

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Tape pool configuration

3

Creating a tape pool

Complete the following steps to create a tape pool:

1. Log in to the group leader as FabricAdmin.

2. Create a tape pool by entering the cryptocfg

--

create

-

tapepool command. Provide a label or

numeric ID for the tape pool and specify the encryption policies. For policies not specified at
this time, LUN-level settings apply.

Set the tape pool policy to either encrypt or cleartext (default).

Set the encryption format to DF_compatible or Brocade native (default)

NOTE

To encrypt tapes in DataFort-compatible encryption format (both metadata and encryption
algorithm), the DataFort-compatible encryption format needs to be set both at the
LUN-level (tape drive) and at the tape pool-level. This ensures that the latest version of
DataFort (v2.x/3.x or later) can read and decrypt these tapes.

Optionally set an expiration date in days for the key (default is no expiration). If the
key_lifespan parameter is set at the tape pool level to a value other than none (default),
the tape value is used over any LUN-level settings. If the key_lifespan parameter is not set
at the tape level (default of none), LUN level settings apply.

The following example creates a tape pool named “my_tapepool”.

FabricAdmin:switch> cryptocfg --create -tapepool -label my_tapepool

Operation succeeded.

3. Commit the transaction.

FabricAdmin:switch> cryptocfg --commit

Operation succeeded.

4. Display the configuration. Enter the cryptocfg

--

show

-

tapepool command followed by the

tape pool number or label and the

-

cfg parameter.

FabricAdmin:switch> cryptocfg --show -tapepool -label my_tapepool -stat

Number of tapepool session(s): 1

Tapepool 1:

Tapepool label:

my_tapepool

Encryption mode:

encrypted

Encryption format: native

Number of sessions: 0

Tape sessions within the pool:

Operation succeeded.

5. Configure the tape pool on your backup application with the same tape pool label you used to

create the tape pool on the encryption switch or blade. Refer to the manufacturer’s product
documentation for instructions.

6. On your backup application, label the tape media to assign to the tape pool. Refer to the

manufacturer’s product documentation for instructions.

See also other documents in the category Brocade Computer Accessories: