Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12

141

142

143

144

145

146

147

148

149

150

Fabric OS Encryption Administrator’s Guide 123

53-1001864-01

CryptoTarget container configuration

Creating a CryptoTarget container

Before you begin, have the following information ready:

• The switch WWNs of all nodes in the encryption group. Use the cryptocfg --show

-groupmember -all command to gather this information.

• The port WWNs of the targets whose LUNs are being enabled for data-at-rest encryption.

• The port WWNs of the hosts (initiators) which should gain access to the LUNs hosted on the

targets.

Any given target may have multiple ports through which a given LUN is accessible and the ports are

connected to different fabrics for redundancy purposes. Any given target port through which the

LUNs are accessible must be hosted on only one Encryption switch (or pair in case of HA

deployment). Another such target port should be hosted on a different encryption switch either in

the same fabric or in a different fabric based on host MPIO configuration.

A given host port through which the LUNs are accessible is hosted on the same encryption switch

on which the target port (CryptoTarget container) of the LUNs is hosted.

NOTE

It is recommended you complete the encryption group and HA cluster configuration before

configuring the CryptoTarget containers.

1. Log into the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--create -container command. Specify the type of the container, (disk or

tape), followed by a name for the CryptoTarget container, the encryption engine’s node WWN,

and the target’s Port WWN and node WWN. Provide a slot number if the encryption engine is a

blade.

• The CryptoTarget container name can be up to 31 characters in length and may include

any alphanumeric characters, hyphens, and underscore characters.

• You may add initiators at this point or after you create the container.

The following example creates a disk container named my_disk_tgt1. The initiator is added in

step 3.

FabricAdmin:switch>cryptocfg --create -container disk my_disk_tgt \

10:00:00:00:05:1e:41:9a:7e 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

Operation Succeeded

3. Add an initiator to the CryptoTarget container. Enter the cryptocfg --add -initiator command

followed by the initiator port WWN and the node WWN.

Note that the initiator port WWN must also be added to the LUN when the LUN is added to the

CryptoTarget container.

FabricAdmin:switch>cryptocfg --add -initiator my_disk_tgt \

10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a

Operation Succeeded

4. Commit the transaction. The commit operation creates the virtual devices and the redirection

zone that routes traffic through these devices.

FabricAdmin:switch>cryptocfg --commit

Operation Succeeded