Fabric OS Encryption Administrator's Guide
160 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Crypto LUN configuration
3
has direct access to the device from a host outside the protected realm of the encryption
platform. Refer to the section “Configuring a multi-path Crypto LUN” on page 166 for more
information.
Modifying Crypto LUN parameters
You can modify one or more policies of an existing Crypto LUN with the cryptocfg --modify -LUN
command.
NOTE
A maximum of 25 LUNs can be added or modified in a single commit operation. Attempts to commit
configurations or modifications that exceed this maximum fail with a warning. Note that there is a
five second delay before the commit operation takes effect. Make sure the LUNs in previously
committed LUN configurations and LUN modifications have a LUN state of Encryption Enabled
before creating and committing another batch of 25 LUN configurations or LUN modifications.
The following example disables automatic re-keying operations on the disk LUN “my_disk_tgt.”
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--modify -LUN command followed by the CryptoTarget container name, the
LUN Number, the initiator PWWN, and the parameter you wish to modify.
FabricAdmin:switch>cryptocfg --modify -LUN my_disk_tgt 0x0
10:00:00:00:c9:2b:c9:3a -disable_rekey
Operation Succeeded
3. Commit the configuration.
FabricAdmin:switch>cryptocfg --commit
Operation Succeeded
CAUTION
When configuring a LUN with multiple paths, do not commit the configuration before you have
modified all the LUNs with identical policy settings and in sequence for each of the Crypto Target
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section “Configuring a multi-path Crypto LUN” on page 166.