Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

171

172

173

174

175

176

177

178

179

180

Fabric OS Encryption Administrator’s Guide 157

53-1002159-03

Crypto LUN configuration

Encryption

format

Disk LUN: yes

Tape LUN: yes

Modify? Yes

-encryption_format native Sets the encryption format. Valid values are:

• Native - The LUN is encrypted or decrypted using the Brocade

encryption format (metadata format and algorithm). This is

the default setting.

Encryption

policy

Disk LUN: yes

Tape LUN: Yes

Modify? Yes

-encrypt | -cleartext Enables or disables a LUN for encryption. Valid values are:

• cleartext - Encryption is disabled. This is the default setting.

When the LUN policy is set to cleartext the following policy

parameters are invalid and generate errors when executed:

-enable_encexistingdata -enable_rekey, and -key_lifespan.

• encrypt - The LUN is enabled to perform encryption.

Existing data

encryption

Disk LUN: yes

Tape LUN: No

Modify? Yes

-enable_encexistingdata |

-disable_encexistingdata

Specifies whether or not existing data on the LUN should be

encrypted. By default, encryption of existing data is disabled.

Encryption policy must be set to -enable_encexistingdata, and the

LUN state must be set to cleartext (default). If the encryption policy

is cleartext, the existing data on the LUN will be overwritten.

Re-key policy

Disk LUN: yes

Tape LUN: No

Modify? Yes

-enable_rekey time_period

<days>| -disable_rekey

Enables or disables the auto re-keying feature on a specified disk

LUN. This policy is not valid for tape LUNs. By Default, the

automatic re-key feature is disabled. Enabling automatic re-keying

is valid only if the LUN policy is set to -encrypt. You must specify a

time period in days when enabling Auto Re-keying to indicate the

interval at which automatic re-keying should take place.

Key lifespan

Disk LUN: No

Tape LUN: Yes

Modify? Disks

only. Tape: No

-key_lifespan time_in_days

| none

Specifies the life span of the encryption key in days. The key will

expire after the specified number of days. Accepted values are

integers from 1 to 2982616. The default value is none, which

means the key does not expire. On tape LUNs, the key life span

cannot be modified after it is set.

Write Early Ack

Disk LUN: No

Tape LUN: Yes

Modify? Tape

Only. Disk: No

-write_early_ack

disable|enable

Specifies the Tape Write pipelining mode of the LUN. Two Write

Pipelining modes are supported:

• disable - Early acknowledgement of commands (internal

buffering) for a tape lun is disabled.

• enable - Early acknowledgement of commands (internal

buffering) for a tape lun is enabled.

The default value is enable.

Read Ahead

Disk LUN: No

Tape LUN: Yes

Modify? Tape

Only. Disk: No

-read_ahead

disable|enable

Specifies the Tape Read Ahead mode of the LUN. Two Read Ahead

modes are supported:

• disable - The LUN disables the Tape read ahead and Tape

LUN will be operated in unbuffered mode.

• enable - The LUN enables the Tape read ahead and Tape LUN

will be operated in buffered mode.

The default value is enable.

TABLE 6 LUN parameters and policies (Continued)

Policy name Command parameters Description