Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch

171

172

173

174

175

176

177

178

179

180

158 Fabric OS Encryption Administrator’s Guide

53-1002159-03

Crypto LUN configuration

Configuring a tape LUN

This example shows how to configure a tape storage device. The basic setup procedure is the same

as for disk devices. Only a subset of configuration options and policy settings are available for tape

LUNs. Refer to Table 6 on page 156 for tape LUN configuration options.

1. Create a zone that includes the initiator (host) and the target port. Refer to the section

“Creating an initiator - target zone” on page 145 for instructions.

2. Create a CryptoTarget container of type tape. Refer to the section “Creating a CryptoTarget

container” on page 149 for instructions.

a. Create the container, allowing the encryption format to default to Native.

FabricAdmin:switch>cryptocfg --create -container tape my_tape_tgt \

10:00:00:05:1e:41:9a:7e 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

Operation Succeeded

b. Add an initiator to the CryptoTarget container “my_tape_tgt”.

FabricAdmin:switch>cryptocfg --add -initiator my_tape_tgt \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

Operation Succeeded

c. Commit the transaction.

FabricAdmin:switch>cryptocfg --commit

Operation Succeeded

3. Configure the Crypto tape LUN. Refer to the section “Configuring a Crypto LUN” on page 154

for instructions.

a. Discover the LUN.

FabricAdmin:switch>cryptocfg --discoverLUN my_tape_tgt

Container name: my_tape_tgt

Number of LUN(s): 1

Host: 10:00:00:00:c9:2b:c9:3a

LUN number: 0x0

LUN serial number:

Key ID state: Key ID not Applicable

b. Add the LUN to the tape CryptoTarget container. The following example enables the LUN

for encryption. There is a maximum of eight tape LUNs per Initiator in a container.

FabricAdmin:switch>cryptocfg --add -LUN my_tape_tgt 0x0 \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt

Operation Succeeded

NOTE

When changing the tape LUN policy from encrypt to cleartext or from cleartext to encrypt,

or the encryption format from Brocade native to DF-compatible while data is being written

to or read from a tape backup device, the policy change is not enforced until the current

process completes and the tape is unmounted, rewound, or overwritten. Refer to the

section “Impact of tape LUN configuration changes” on page 161 for more information.