Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch Power Pack
161162163164165166167168169170
Fabric OS Encryption Administrator’s Guide 149
53-1001864-01
Data re-keying
3
Suspension and resumption of re-keying operations
A re-key may be suspended or fail to start for several reasons:
The LUN goes offline or the encryption switch fails and reboots. Re-key operations are resumed
automatically when the target comes back online or the switch comes back up. You cannot
abort an in-progress re-key operation.
An unrecoverable error is encountered on the LUN and the in-progress re-key operation halts.
The following LUN errors are considered unrecoverable:
SenseKey: 0x3 - Medium Error.
SenseKey: 0x4 - Hardware Error.
SenseKey: 0x7 - Data Protect.
An unrecoverable error is encountered during the re-key initialization phase. The re-key
operation does not begin and a CRITICAL error is logged. All host I/O comes to a halt. All cluster
members are notified.
For any unrecoverable errors that may occur during any other phase of the process, the re-key
operation is suspended at that point and a CRITICAL error is logged. All cluster members are
notified. Host I/O to all regions of the LUN is halted. Only READ operations are supported for
the scratch space region of the LUN used for storing the status block of the re-key operation.
Once all errors have been corrected you have two recovery options:
Resume the suspended re-key session. All DEK cluster or HA cluster members must be online
and reachable for this command to succeed. If successful, this command resumes the re-key
sessions from the point where it was interrupted.
1. Enter the cryptocfg --resume_rekey command, followed by the CryptoTarget container
name, the LUN number and the initiator PWWN.
FabricAdmin:switch>cryptocfg --resume_rekey my_disk_tgt 0x0 \
10:00:00:05:1e:53:37:99
Operation Succeeded
2. Check the status of the resumed re-key session.
FabricAdmin:switch> cryptocfg --show -rekey -all
Read all data off the LUN and write it to another LUN. In this case, you can cancel the re-key
session by removing the LUN from its container and force committing the transaction. Refer to
the section “Removing a LUN from a CryptoTarget container” on page 133 for instructions on
how to remove a LUN by force.