Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)
532 Brocade Network Advisor SAN User Manual
53-1002167-01
Configuring encrypted tape storage in a multi-path environment
18
Configuring encrypted tape storage in a multi-path environment
This example assumes one host is accessing one storage device using two paths:
• The first path is from Host Port A to Target Port A, using Encryption Engine A for encryption.
• The second path is from Host Port B to Target Port B, using Encryption Engine B for encryption.
Encryption Engines A and B are in switches that are already part of Encryption Group X.
The following procedure is used to configure this scenario using the Management application.
1. Configure Host Port A and Target Port A in the same zone by selecting Configure > Zoning from
the Management application’s main menu.
2. Configure Host Port B and Target Port B in the same zone by selecting Configure > Zoning from
the Management application’s main menu.
3. Select Configure > Encryption from the menu task bar to open the Encryption Center
dialog box.
4. Click View Groups to display the encryption groups (if groups are not already displayed).
5. Select Encryption Group X, then click the Targets icon.
6. From the Encryption Targets dialog box, click Add to open the Configure Switch Encryption
wizard. Use the wizard to create a target container for Encryption Engine A with Target Port A
and Host Port A.
7. Repeat Step 6 to create a target container for Encryption Engine B with Target Port B and
Host Port B.
Up to this point, the Management application has been automatically committing changes as
they are made. The targets and hosts are now fully configured; only the LUN configuration
remains.
8. In the Encryption Targets dialog box, select Target Port A, click LUNs, then click Add. Select the
LUNs to be encrypted and the encryption policies for the LUNs.
9. Select Target Port B, click LUNs, then click Add. Select the LUNs to be encrypted and the
encryption policies for the LUNs, making sure that the encryption policies match the policies
specified in the other path.
10. Click Commit to make the LUN configuration changes effective in both paths simultaneously.
The Management application does not automatically commit LUN configuration changes. This
allows matching changes made in a multi-path environment to be committed together, preventing
cases where one path may be encrypting and another path is not encrypting, resulting in corrupted
data. You must manually commit any LUN configuration changes, even in non-multi-path
environments. The Encryption Targets dialog box will display a reminder if you attempt to close the
dialog box without committing your changes.
NOTE
There is a limit of 25 uncommitted LUN configuration changes. When adding more than eight LUNs
in a multi-path environment, repeat step 8 through step 10 above, adding only eight LUNs to each
target container at a time. Each commit operation will commit 16 LUNs, eight in each path.