beautypg.com

Removing stale rekey information for a lun – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 274

background image

256

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Reclaiming the WWN base of a failed Brocade Encryption Switch

6

25. Check the EG state using the following command to ensure that the entire EG is in a converged

and In Sync state.

Admin:switch> cryptocfg –-show –groupcfg

Reclaiming the WWN base of a failed Brocade Encryption Switch

When a Brocade Encryption Switch fails, to reclaim the WWN base, follow these steps:

1. Locate the Brocade Encryption Switch that has failed and deregister from the encryption

group.

Admin:switch> cryptocfg –-dereg –membernode

2. Reclaim the WWN base of the failed Brocade Encryption Switch.

Admin:switch> cryptocfg --reclaimWWN –membernode [-list]

3. Synchronize the crypto configurations across all member nodes.

Admin:switch> cryptocfg –-commit

NOTE

When attempting to reclaim a failed Brocade Encryption Switch, do not execute cryptocfg

–-

transabort. Doing so will cause subsequent reclaim attempts to fail.

Removing stale rekey information for a LUN

To clean up stale rekey information for a LUN, complete one of the following procedures:

Procedure 1:

1. Modify the LUN policy from “encrypt” to “cleartext” and commit. The LUN will become disabled.

2. Enable the LUN using the following command:

Admin:switch> cryptocfg --enable –LUN

2. Modify the LUN policy from “cleartext” to “encrypt” with the enable_encexistingdata command

to enable the first-time encryption, then commit. This will clear the stale rekey metadata on the
LUN and the LUN can be used again for encryption.

Procedure 2:

1. Remove the LUN from the CryptoTarget Container and commit.

2. Add the LUN back to the CryptoTarget Container with LUN State=”clear-text”, policy=”encrypt”
and “enable_encexistingdata” set for enabling the first-time encryption, then commit. This will
clear the stale rekey metadata on the LUN and the LUN can be used again for encryption.

See also other documents in the category Brocade Computer Accessories: