Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)
Fabric OS Encryption Administrator’s Guide 133
53-1001864-01
Crypto LUN configuration
3
Removing a LUN from a CryptoTarget container
You can remove a LUN from a given CryptoTarget container if it is no longer needed. Stop all traffic
I/O from the initiators accessing the LUN before removing the LUN to avoid I/O failure between the
initiators and the LUN. If the LUN is exposed to more than one initiator under different LUN
Numbers, remove all exposed LUN Numbers.
1. Log into the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--remove -LUN command followed by the CryptoTarget container name, the
LUN Number, and the initiator PWWN.
FabricAdmin:switch>cryptocfg --remove -LUN my_disk_tgt 0x0
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
3. Commit the configuration.
FabricAdmin:switch>cryptocfg --commit
Operation Succeeded
When a decommissioned LUN or a container hosting a decommissioned LUN is removed,
commit with the -force option (
cryptocfg --commit -force) to completely remove the LUN
and all associated configuration data in the configuration database. The data remains on the
removed LUN in an encrypted state.
CAUTION
In case of multiple paths for a LUN, each path is exposed as a CryptoTarget container in the same
encryption switch or blade or on different encryption switches or blades within the encryption
group. In this scenario you must remove the LUNs from all exposed CryptoTarget containers
before you commit the transaction. Failure to do so may result in a potentially catastrophic
situation where one path ends up being exposed through the encryption switch and another path
has direct access to the device from a host outside the protected realm of the encryption
platform. Refer to the section “Configuring a multi-path Crypto LUN” on page 141 for more
information.