Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

161

162

163

164

165

166

167

168

169

170

Fabric OS Encryption Administrator’s Guide 149

53-1002159-03

CryptoTarget container configuration

To determine if rebalancing is recommended for an encryption engine, check the encryption engine

properties. Beginning with Fabric OS v6.4, a field is added that indicates whether or not

re-balancing is recommended

You may be prompted to rebalance during the following operations:

• When adding a new disk or tape target container.

• When removing an existing disk or tape target container.

• After failover to a backup encryption engine in an HA cluster.

• After an failed encryption engine in an HA cluster is recovered, and failback processing has

taken place.

To rebalance an encryption engine, do the following.

1. Log in to the switch as Admin or SecurityAdmin.

2. Issue the cryptocfg - -show -localEE command.

3. Look for Rebalance recommended under EE Attributes in the output.

If rebalancing is recommended, issue the cryptocfg - -rebalance command. If the encryption node

is a blade, include the blade’s slot number (cryptocfg - -rebalance <slot #>).

Gathering information

Before you begin, have the following information ready:

• The switch WWNs of all nodes in the encryption group. Use the cryptocfg --show

-groupmember -all command to gather this information.

• The port WWNs of the targets whose LUNs are being enabled for data-at-rest encryption.

• The port WWNs of the hosts (initiators) which should gain access to the LUNs hosted on the

targets.

Any given target may have multiple ports through which a given LUN is accessible and the ports are

connected to different fabrics for redundancy purposes. Any given target port through which the

LUNs are accessible must be hosted on only one Encryption switch (or pair in case of HA

deployment). Another such target port should be hosted on a different encryption switch either in

the same fabric or in a different fabric based on host MPIO configuration.

A given host port through which the LUNs are accessible is hosted on the same encryption switch

on which the target port (CryptoTarget container) of the LUNs is hosted.

NOTE

It is recommended you complete the encryption group and HA cluster configuration before

configuring the CryptoTarget containers.

Creating a CryptoTarget container

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--create -container command. Specify the type of container, (disk or tape),

followed by a name for the CryptoTarget container, the encryption engine’s node WWN, and the

target’s Port WWN and node WWN. Provide a slot number if the encryption engine is a blade.