Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
171172173174175176177178179180
152 Fabric OS Encryption Administrator’s Guide
53-1002159-03
CryptoTarget container configuration
3
switch and another path has direct access to the device from a host outside the protected realm
of the encryption platform. Refer to the section “Configuring a multi-path Crypto LUN” on
page 166 for more information.
Deleting a CryptoTarget container
You may delete a CryptoTarget container to remove the target port from a given encryption switch
or blade. Deleting a CryptoTarget container removes the virtual target and all associated LUNs from
the fabric.
Before deleting a container, be aware of the following:
Stop all traffic to the target port for which the CryptoTarget container is being deleted. Failure
to do so will cause data corruption (a mix of encrypted data and cleartext data will be written to
the LUN).
Deleting a CryptoTarget container while a re-key or first-time encryption session causes all
data to be lost on the LUNs that are being re-keyed. Ensure that no re-key or first time
encryption sessions are in progress before deleting a container. Use the cryptocfg --show
-rekey -all command to determine the runtime status of the session. If for some reason, you
need to delete a container while re-keying, when you create a new container, be sure the LUNs
added to the container are set to cleartext. You can then start a new re-key session on clear
text LUNs.
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--delete -container command followed by the CryptoTarget container
name. The following example removes the CryptoTarget container “my_disk_tgt”.
FabricAdmin:switch>cryptocfg --delete -container my_disk_tgt
Operation Succeeded
3. Commit the transaction.
FabricAdmin:switch>cryptocfg --commit
Operation Succeeded
CAUTION
When configuring a multi-path LUN, you must remove all necessary CryptoTarget containers in
sequence before committing the transaction. Failure to do so may result in a potentially
catastrophic situation where one path ends up being exposed through the encryption switch and
another path has direct access to the device from a host outside the protected realm of the
encryption platform. Refer to the section “Configuring a multi-path Crypto LUN” on page 166 for
more information.