beautypg.com

Dell POWEREDGE M1000E User Manual

Page 207

background image

Fabric OS Command Reference

175

53-1001764-02

cryptoCfg

2

-key_lifespan time_in_days | none

Specifies the lifespan of the encryption key in days. The key will expire after
the specified number of days. Accepted values are integers from 1 to
2982616. The default value is none, which means, the key does not expire.
This operand is valid only for tape LUNs. The key lifespan cannot be modified
after it is set.

-newLUN

Indicates that the LUN created does not contain any user data and will be
part of a replication configuration. This operand is optional. The presence of
this operand is incompatible with the with -keyID, -key_lifespan, and
-enable_rekey options. An RSA RKM must be configured and replication must
be enabled (cryptocfg --set replication enabled) before invoking this
command. Both primary and remote mirror LUNs must be added to their
container with the -newLUN option.

--

modify -LUN

Modifies the encryption policies of one or more LUNs in a specified CTC. This
command is valid only on the group leader. The following operands are
required when modifying a LUN:

crypto_target_container_name

Specifies the name of the CTC to which the LUNs belong.

LUN_Num | range

Specifies the LUN number either as a 16-bit (2 bytes) number in hex notation
(for example, 0x07) or as a 64-bit (8 bytes) number in WWN format (for
example, 0:07:00:00:00:00:00:00). The LUN number must be zero when a
tape LUN is specified and the tape drive is a single LUN device. When
specifying a range, the LUN numbers must be entered in the 16-bit hex
format.

initiator_PWWN initiator_NWWN

Specifies the initiator by its port WWN and node WWN.

You may optionally modify the following LUN policy configuration parameters. Refer to cryptocfg
--

add -LUN for descriptions of these parameters.

[-encryption_format native | DF_compatible]

[-encrypt | cleartext]

[-enable_encexistingdata | -disable_encexistingdata]

[-enablerekey time_period | -disable_rekey]

Make sure you understand the ramifications of modifying LUN parameters (such as changing
the LUN policy from encrypt to cleartext) for devices that are online and are already being
utilized. The following restrictions apply when modifying LUN policy parameters:

When you change LUN policy from encrypt to cleartext the following policy parameters
are restored to default (disabled): -enable_encexistingdata, -enable_rekey, and
-key_lifespan.

When changing the LUN policy back to encrypt, these parameters need to be
reconfigured. Attempting to reconfigure these parameters while the LUN policy is set
to cleartext is not permitted and generates an error.

For tape LUNs the -enable_encexistingdata and the -enable_rekey operands are not
valid and return an error when executed.

The -key_lifespan parameter cannot be modified for tape LUNs once it has been set.