Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)
516 DCFM Enterprise User Manual
53-1001357-01
Configuring encrypted storage in a multi-path environment
16
8. Select the desired encryption mode.
• If you change a LUN policy from Native Encryption or DF-Compatible Encryption to Clear
Text, you disable encryption.
• The LUNs of the target which are not enabled for encryption must still be added to the
CryptoTarget container with the Clear Text encryption mode option.
NOTE
The Re-keying interval can only be changed for disk LUNs. For tape LUNs, expiration of the
re-keying interval simply triggers the generation of a new key, to be used on future tape
volumes. Tapes that are already made are not re-keyed. To re-key a tape, you would need to
read the tape contents using a host application that decrypts the tape contents using the old
key, and then re-write the tape, which re-encrypts the data with the new key.
9. Click OK.
The selected tape LUNs are added to the encryption target container.
Configuring encrypted storage in a multi-path environment
This example assumes one host accessing one storage device using two paths:
• The first path is from host port A to target port A, using encryption engine A for encryption.
• The second path is from host port B to target port B, using encryption engine B for encryption.
Encryption engines A and B are in switches that are already part of encryption group X.
The following is the procedure for configuring this scenario using the Management application.
1. Zone host port A and target port A, using the Configure > Zoning dialog box.
2. Zone host port B and target port B, using the Configure > Zoning dialog box.
3. Open the Encryption Center dialog box by selecting Configure > Encryption from the
Management application’s main menu.
4. Click the View By Encryption Groups button to display the encryption groups.
5. Select encryption group X, then click the Encryption Targets button.
6. Click the Add button to start the Configure Storage Encryption wizard. Use the Configure
Storage Encryption wizard to create a target container for encryption engine A with target port
A and host port A.
7. Ru n t h e Configure Storage Encryption wizard again to create a target container for encryption
engine B with target port B and host port B.
Up to this point, the Management application has been automatically committing changes as
they are made. The targets and hosts are now fully configured; only the LUN configuration
remains.
8. In the Encryption Targets dialog box, select target port A, click LUNs, then click Add. Select the
LUNs to be encrypted and the encryption policies for the LUNs.