beautypg.com

Dell POWEREDGE M1000E User Manual

Page 238

background image

210

Fabric OS Command Reference

53-1002746-01

cryptoCfg

2

native

The LUN uses the Brocade metadata format and algorithm for the encryption
and decryption of data. This is the default mode.

DF_compatible

The LUN uses the NetApp DataFort metadata format and algorithm for the
encryption and decryption of data. Use of this format requires a NetApp
DataFort-compatible license to be present on the encryption switch or the
chassis that houses the encryption blade.

-encrypt | -cleartext

Enables or disables the LUN for encryption. By default, cleartext is enabled (no
encryption). When the LUN policy is changed from encrypt to cleartext, the
following policy parameters become disabled (default) and generate errors when
executed: -enable_encexistingdata, -enable_rekey, and -key_lifespan. When
a LUN is added in DF-compatible encryption format, -cleartext is rejected as
invalid.

-enable_encexistingdata | -disable_encexistingdata

Specifies whether or not existing data should be encrypted. The Encryption policy
must be enabled on the LUN before the -enable_encexistingdata parameter can
be set and the LUN state must be set to -cleartext. By default, encryption of
existing data is disabled. If LUN policy is set to -encrypt, the encryption of existing
data must be enabled, or existing data is not preserved. This policy is not valid for
tape LUNs.

-enable_rekey time_period | -disable_rekey

Enables or disables the auto rekeying capability on the specified disk LUN. This
operand is not valid for tape LUNs. By default, the automatic rekey feature is
disabled. Enabling automatic rekeying is valid only if the LUN policy is set to
encrypt. You must specify a time_period in days when enabling auto rekeying to
indicate the interval at which automatic rekeying should take place.

-key_lifespan time_in_days | none

Specifies the lifespan of the encryption key in days. The key will expire after the
specified number of days. Accepted values are integers from 1 to 2982616. The
default value is none, which means, the key does not expire. This operand is valid
only for tape LUNs. The key lifespan cannot be modified after it is set.

-newLUN

Indicates that the LUN created does not contain any user data and will be part of a
replication configuration. This operand is optional. The presence of this operand is
incompatible with the -keyID, -key_lifespan, and -enable_rekey options. An RSA
DPM must be configured and replication must be enabled (cryptocfg --set
replication enabled
) before invoking this command. Both primary and remote
mirror LUNs must be added to their container with the -newLUN option.

-write_early_ack disable | enable

Specifies the Tape Write pipelining mode of the LUN. This option enables or
disables early acknowledgement of commands (internal buffering) for a tape LUN.
This feature is enabled by default.

-read_ahead disable | enable

Specifies the Tape Read Ahead mode of the LUN. When Tape Read Ahead is
disabled, the tape LUN operates in unbuffered mode. When Tape Read ahead is
disabled, the tape LUN operates in buffered mode. This feature is enabled by
default.