Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

171

172

173

174

175

176

177

178

179

180

154 Fabric OS Encryption Administrator’s Guide

53-1002159-03

Crypto LUN configuration

you are configuring multi-path LUNs as part of a HA cluster or DEK cluster or as a stand-alone

LUN accessed by multiple hosts, follow the instructions described in the section “Configuring a

multi-path Crypto LUN” on page 166.

Discovering a LUN

When adding a LUN to a CryptoTarget container, you must specify a LUN Number. The LUN Number

needed for configuring a given Crypto LUN is the LUN Number as exposed to a particular initiator.

The Brocade Encryption platform provides LUN discovery services through which you can identify

the exposed LUN number for a specified initiator. If you already know the exposed LUN numbers for

the various initiators accessing the LUN, you may skip the LUN discovery step and directly configure

the Crypto LUN.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--discoverLUN command followed by the CryptoTarget container Name.

FabricAdmin:switch>cryptocfg --discoverLUN my_disk_tgt

Container name: my_disk_tgt

Number of LUN(s): 1

Host: 10:00:00:00:c9:2b:c9:3a

LUN number: 0x0

LUN serial number: 200000062B0F726D0C000000

Key ID state: Key ID not available

Key ID: 3a:21:6a:bd:f2:37:d7:ea:6b:73:f6:19:72:89:c6:4f

CAUTION

When configuring a LUN with multiple paths, perform the LUN discovery on each of the Crypto

Target containers for each of the paths accessing the LUN and verify that the serial number for

these LUNs discovered from these Crypto Target containers are the same. This indicates and

validates that these Crypto Target containers are indeed paths to the same LUN. Refer to the

section “Configuring a multi-path Crypto LUN” on page 166 for more information.

Configuring a Crypto LUN

You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the

encryption property on the Crypto LUN. The LUNs of the target which are not enabled for encryption

must still be added to the CryptoTarget container with the cleartext policy option.

You can add a single LUN to a CryptoTarget container, or you can add multiple LUNs by providing a

range of LUN Numbers. When adding a single LUN, you can either provide a 16-bit (2 byte) hex

value of the LUN Number, for example, 0x07. Alternately you can provide a 64-bit (8 byte) value in

WWN or LUN ID format, for example, 00:07:00:00:00:00:00:00. When adding a range of LUN

Numbers, you may use two byte hex values or decimal numbers.