Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch Power Pack

181

182

183

184

185

186

187

188

189

190

Fabric OS Encryption Administrator’s Guide 171

53-1001864-01

HP-UX considerations

The HP-UX OS requires LUN 0 to be present. LUNs are scanned differently based on the type value

returned for LUN 0 by the target device.

• If the type is 0, then HP-UX only scans LUNs from 0 to 7. That is the maximum limit allowed by

HP-UX for device type for type 0.

• If the type is 0xC, then HP-UX scans all LUNs.

Best practices are as follows:

• Create a cryptoTarget container for the target WWN.

• Add the HP-UX initiator WWN to the container.

• Issue the discover LUN CLI command on the container to discover the LUNs present in the

target.

• Based on the LUN list returned as part of LUN discovery, add the LUN 0 if LUN 0 is present in

the target (which is usually the case).

Enable of a disabled LUN

When Metadata is found on the LUN, but current LUN state is indicated as cleartext or is being

converted from encrypt to cleartext, the LUN is disabled and the LUN status displayed by the LUN

Show CLI command is Encryption Disabled <Reason Code>.

The disabled LUN can be enabled by the enable LUN command.

cryptocfg --enable -LUN <crypto target container name> <LUN Num> <InitiatorPWWN>

Disk metadata

If possible, thirty-two bytes of metadata are added to every block in LBA range 1 to 16 for both the

native Brocade format and DF-compatible formats. This metadata is not visible to the host. The

Host I/Os for the metadata region of the LUN are handled in the encryption switch software, and

some additional latency should be expected.

Tape metadata

One kilobyte of metadata is added per tape block for both the native Brocade format and

DF-compatible formats. Tape block size (as configured by host) is modified by the encryption device

to accommodate 1K metadata per block. A given tape can have a mix of compressed and

uncompressed blocks. Block lengths are as follows.

Encrypted/Compressed

Tape Block Format

Compressed and encrypted tape block data + 1K metadata + ASCII 0 pad = block

length of tape.

Encrypted Tape Block

Format (No Compression)

Encrypted tape block data + 1K metadata = block length of tape.