Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
181182183184185186187188189190
Fabric OS Encryption Administrator’s Guide 169
53-1002159-03
First-time encryption
3
NOTE
The LUN policies must be exactly the same on both CTC1 and CTC2. Failure to do so results in
undefined behavior and data corruption.
6. Validate the LUN policies for all containers. Display the LUN configuration for ALL CryptoTarget
containers to confirm that the LUN policy settings are the same for all CryptoTarget containers.
FabricAdmin:switch>cryptocfg --show -LUN CTC1 0 <Host Port1 WWN> -cfg
FabricAdmin:switch>cryptocfg --show -LUN CTC2 0 <Host Port2 WWN> -cfg
Example:
FabricAdmin:switch>cryptocfg --show -LUN cx320-157A 0x1
10:00:00:00:c9:56:e4:7b -cfg
EE node: 10:00:00:05:1e:40:4c:00
EE slot: 9
Target: 50:06:01:60:30:20:db:34 50:06:01:60:b0:20:db:34
VT: 20:00:00:05:1e:53:8d:cd 20:01:00:05:1e:53:8d:cd
Number of host(s): 1
Configuration status: committed
Host: 10:00:00:00:c9:56:e4:7b 20:00:00:00:c9:56:e4:7b
VI: 20:02:00:05:1e:53:8d:cd 20:03:00:05:1e:53:8d:cd
LUN number: 0x1
LUN type: disk
LUN CFG state: encrypted
Encryption mode: encrypt
Encryption format: native
Encrypt existing data: disabled
Rekey: enabled
Key ID: not available
New LUN: No
Key life: 30 (days) 0 (minutes)
Operation succeeded.
7. Commit the LUN configuration.
FabricAdmin:switch>cryptocfg --commit
NOTE
There is a 25 LUN transaction limit per commit operation. Make sure to issue commit after adding
24 LUNs (12 LUNs to each CTC) so that the LUNs are added to both Crypto Target containers before
commit is issued.
First-time encryption
First-time encryption, also referred to as encryption of existing data, is similar to the re-keying
process described in the previous section, except that there is no expired key and the data present
in the LUN is cleartext to begin with.
In a first-time encryption operation, cleartext data is read from a LUN, encrypted with the current
key, and written back to the same LUN at the same logical block address (LBA) location. This
process effectively encrypts the LUN and is referred to as “in-place encryption.”