Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c Power Pack+ SAN Switch for BladeSystem c-Class

191

192

193

194

195

196

197

198

199

200

162 Fabric OS Command Reference

53-1001337-01

cryptoCfg

--enable -LUN Forces the LUN to become enabled for encryption from a disabled state. This

command must be executed on the local switch that is hosting the LUN. No

commit is required after executing this command. This command proceeds

with a warning and prompts for confirmation.

A LUN may become disabled for various reasons, such as a change in policy

from encrypted to cleartext, a conflict between LUN policy and LUN, or a

missing DEK in the key vault. Force-enabling a LUN while metadata exist on

the LUN may result in a loss of data and should be exercised with caution.

Refer to the Fabric OS Encryption Administrator’s Guide for a description of

conditions under which a LUN may be disabled and recommendations for

re-enabling the LUN while minimizing the risk of data loss.

The following operands are required when force-enabling a LUN:

crypto_target_container_name

Specifies the name of the CTC to which this LUN belongs.

LUN_Num Specifies the number of the LUN to be enabled. Use --show -container for a

list of LUN numbers associated with the specified CTC.

initiator_PWWN Specifies the initiator port WWN for the specified LUN.

--create -tapepool

Creates a tape pool. A tape pool consists of a group of tape media that share

the same encryption policies and data encryption keys (DEKs).

A maximum of 4096 tape pools per encryption group are supported. You may

add up to a maximum of 25 tape pools per commit operation. There is a delay

of five seconds delay at each commit operation.

Policy configuration at the tape pool level is optional; if left unspecified

LUN-level tape policy parameters apply.

This command is valid only on the group leader. The following operands are

supported:

-label pool_label | -num pool_num

Specifies the tape pool volume label or alternately the tape pool ID. This is a

user-defined identifier, which must be unique within the encryption group and

should match the tape pool label or ID that is configured on the tape backup

application. The tape pool label can consist of any combination of characters.

When using white space, you must enclose the tape pool label in double

quotation marks. The maximum size is 64 bytes. This operand is required.

-encryption_format

Optionally specifies the tape encryption format. Two encryption formats are

supported for tape pools:

native Data is encrypted or decrypted using the Brocade native encryption

format (metadata format and algorithm). This is the default setting.

DF_compatible Data is encrypted or decrypted using the NetApp DataFort encryption

format (metadata format and algorithm). Use of this format requires a

NetApp DataFort-compatible license on the encryption switch or on the

chassis that houses the encryption blade.