Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
919293949596979899100
Fabric OS Encryption Administrator’s Guide (DPM) 77
53-1002720-02
Configuring encrypted tape storage in a multi-path environment
2
Configuring encrypted tape storage in a multi-path environment
This example assumes one host is accessing one storage device using two paths:
The first path is from Host Port A to Target Port A, using Encryption Engine A for encryption.
The second path is from Host Port B to Target Port B, using Encryption Engine B for encryption.
Encryption Engines A and B are in switches that are already part of Encryption Group X.
The following procedure is used to configure this scenario using BNA.
1. Configure Host Port A and Target Port A in the same zone by selecting Configure > Zoning from
BNA’s main menu.
2. Configure Host Port B and Target Port B in the same zone by selecting Configure > Zoning from
BNA’s main menu.
3. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box (Refer to Figure 6 on page 14).
4. Click View Groups to display the encryption groups if groups are not already displayed.
5. Select Encryption Group X, then click the Targets icon.
6. From the Encryption Targets dialog box, click Add to open the Configure Storage Encryption
wizard. Use the wizard to create a target container for Encryption Engine A with Target Port A
and Host Port A.
7. Repeat Step 6 to create a target container for Encryption Engine B with Target Port B and
Host Port B.
Up to this point, BNA has been automatically committing changes as they are made. The
targets and hosts are now fully configured; only the LUN configuration remains.
8. In the Encryption Targets dialog box, select Target Port A, click LUNs, then click Add. Select the
LUNs to be encrypted and the encryption policies for the LUNs.
9. In the Encryption Targets dialog box, select Target Port B, click LUNs, then click Add. Select the
LUNs to be encrypted and the encryption policies for the LUNs, making sure that the
encryption policies match the policies specified in the other path.
10. Click Commit to make the LUN configuration changes effective in both paths simultaneously.
BNA does not automatically commit LUN configuration changes. You must manually commit any
LUN configuration changes, even in non-multipath environments. Committing LUN configuration
changes manually allows the matching changes made in a multi-path environment to be committed
together, preventing cases where one path may be encrypting and another path is not, thus
causing corrupted data.
NOTE
There is a limit of 16 uncommitted tape LUN configuration changes. When adding more than eight
LUNs in a multi-path environment, repeat step 8 and step 9 above, adding only eight LUNs to each
target container at a time. Each commit operation will commit 16 LUNs, eight in each path.