Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
141142143144145146147148149150
126 Fabric OS Encryption Administrator’s Guide
53-1001864-01
CryptoTarget container configuration
3
1. Log into the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--delete -container command followed by the CryptoTarget container
name. The following example removes the CryptoTarget container “my_disk_tgt”.
FabricAdmin:switch>cryptocfg --delete -container my_disk_tgt
Operation Succeeded
3. Commit the transaction.
FabricAdmin:switch>cryptocfg --commit
Operation Succeeded
CAUTION
When configuring a multi-path LUN, you must remove all necessary CryptoTarget containers in
sequence before committing the transaction. Failure to do so may result in a potentially
catastrophic situation where one path ends up being exposed through the encryption switch and
another path has direct access to the device from a host outside the protected realm of the
encryption platform. Refer to the section “Configuring a multi-path Crypto LUN” on page 141 for
more information.
Moving a CryptoTarget container
You can move a CryptoTarget container from one encryption engine to another. The encryption
engines must be part of the same fabric and the same encryption group, and the encryption
engines must be online for this operation to succeed. This operation permanently transfers the
encryption engine association of a given CryptoTarget container from an existing encryption engine
to an alternate encryption engine.
NOTE
If a CryptoTarget container is moved in a configuration involving FCR, the LSAN zones and manually
created redirect zones will need to be reconfigured with new VI and VT WWNs. Refer to the section
“Deployment in Fibre Channel routed fabrics” on page 159 for instructions on configuring
encryption in an FCR deployment scenario.
1. Log into the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
--move -container command followed by the CryptoTarget container name
and the node WWN of the encryption engine to which you are moving the CryptoTarget
container. Provide a slot number if the encryption engine is a blade.
FabricAdmin:switch>cryptocfg --move -container my_disk_tgt \
10:00:00:05:1e:53:4c:91
Operation Succeeded
3. Commit the transaction.
FabricAdmin:switch>cryptocfg --commit
Operation Succeeded