Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP 1606 FCIP 4-pt Enabled 8Gb FC 2-pt Enabled 1GbE Base Switch

151

152

153

154

155

156

157

158

159

160

Fabric OS Encryption Administrator’s Guide 139

53-1001864-01

Tape pool configuration

Creating a tape pool

Take the following steps to create a tape pool:

1. Log into the group leader as FabricAdmin.

2. Create a tape pool by entering the cryptocfg

--create -tapepool command. Provide a label or

numeric ID for the tape pool and specify the encryption policies. For policies not specified at

this time, LUN-level settings apply.

• Set the tape pool policy to either encrypt or cleartext (default).

• Set the encryption format to DF_compatible or Brocade native (default)

NOTE

To encrypt tapes in DataFort-compatible encryption format (both metadata and encryption

algorithm), the DataFort-compatible encryption format needs to be set both at the

LUN-level (tape drive) and at the tape pool-level. This ensures that the latest version of

DataFort (v2.x/3.x or later) can read and decrypt these tapes.

• Optionally set an expiration date in days for the key (default is no expiration). If the

key_lifespan parameter is set at the tape pool level to other than none (default), the tape

value is used over any LUN-level settings. If the key_lifespan parameter is not set at the

tape level (default of none), LUN level settings apply.

The following example creates a tape pool named “my_tapepool”.

FabricAdmin:switch>cryptocfg --create -tapepool -label my_tapepool

Operation succeeded.

3. Commit the transaction.

FabricAdmin:switch>cryptocfg --commit

Operation succeeded.

4. Display the configuration. Enter the cryptocfg --show -tapepool command followed by the tape

pool number or label and the -cfg parameter.

FabricAdmin:switch>cryptocfg --show -tapepool -label my_tapepool -stat

Number of tapepool session(s): 1

Tapepool 1:

Tapepool label: my_tapepool

Encryption mode: encrypted

Encryption format: native

Number of sessions: 0

Tape sessions within the pool:

Operation succeeded.

5. Configure the tape pool on your backup application with the same tape pool label you used to

create the tape pool on the encryption switch or blade. Refer to the manufacturer’s product

documentation for instructions.

6. On your backup application, label the tape media to assign to the tape pool. Refer to the

manufacturer’s product documentation for instructions.