Fabric OS Encryption Administrator's Guide

Fabric OS Encryption Administrator’s Guide 195

53-1002159-03

HP-UX considerations

The HP-UX OS requires LUN 0 to be present. LUNs are scanned differently based on the type value

returned for LUN 0 by the target device.

• If the type is 0, then HP-UX only scans LUNs from 0 to 7. That is the maximum limit allowed by

HP-UX for device type for type 0.

• If the type is 0xC, then HP-UX scans all LUNs.

Best practices are as follows:

• Create a cryptoTarget container for the target WWN.

• Add the HP-UX initiator WWN to the container.

• Issue the discover LUN CLI command on the container to discover the LUNs present in the

target.

• Based on the LUN list returned as part of LUN discovery, add the LUN 0 if LUN 0 is present in

the target (which is usually the case).

NOTE

When an EMC-CX3 storage array is used with HP-UX the CX3 array exposes both 0x0 and 0x4000

LUNs to the HP-UX host. 0x0 and 0x4000 LUNs have the same LSN. Both must be added as

cleartext.

AIX Considerations

Ensure that Dynamic Tracking is set to “Yes” for all Fibre Channel adapters on the AIX system.

Enable of a disabled LUN

When Metadata is found on the LUN, but current LUN state is indicated as cleartext or is being

converted from encrypt to cleartext, the LUN is disabled and the LUN status displayed by the LUN

Show CLI command is Internal EE LUN state: Encryption disabled <Reason Code>.

The disabled LUN can be enabled by the enable LUN command.

cryptocfg --enable -LUN <crypto target container name> <LUN Num> <InitiatorPWWN>

Disk metadata

If possible, 32 bytes of metadata are added to every block in LBA range 1 to 16 for both the native

Brocade format and DF-compatible formats. This metadata is not visible to the host. The Host I/Os

for the metadata region of the LUN are handled in the encryption switch software, and some

additional latency should be expected.

NOTE

For encrypted LUNs, data in LBA 0 will always be in cleartext.