Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
141142143144145146147148149150
Fabric OS Encryption Administrator’s Guide 129
53-1001864-01
Crypto LUN configuration
3
Log into the group leader as Admin or FabricAdmin.
3. Enter the cryptocfg
--add -LUN command followed by the CryptoTarget container Name, the
LUN number or a range of LUN numbers, the PWWN and NWWN of the initiators that should be
able to access the LUN. If you are using Datafort encryption format, you can use the
-encryption_format option to set the format to DF_compatible (the default is Native). The
following example adds a disk LUN enabled for encryption.
FabricAdmin:switch>cryptocfg --add -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt
Operation Succeeded
4. Commit the configuration.
FabricAdmin:switch>cryptocfg --commit
Operation Succeeded
CAUTION
When configuring a LUN with multiple paths, do not commit the configuration before you have
added all the LUNs with identical policy settings and in sequence to each of the Crypto Target
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section “Configuring a multi-path Crypto LUN” on page 141.
5. Display the LUN configuration. The following example shows default values.
FabricAdmin:switch>cryptocfg --show -LUN my_disk_tgt0 \
10:00:00:00:c9:2b:c9:3a -cfg
EE node: 10:00:00:05:1e:41:9a:7e
EE slot: 0
Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d
VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d
Number of host(s): 1
Configuration status: committed
Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a
VI: 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d
LUN number: 0x0
LUN type: disk
LUN CFG state: cleartext
Encryption mode: encrypt
Encryption format: native
Encrypt existing data: enabled
Rekey: disabled
Key ID: not available
Operation Succeeded
Crypto LUN parameters and policies
Table 6 shows the encryption parameters and policies that can be specified for a disk or tape LUN,
during LUN configuration (with the cryptocfg
--add LUN command). Some policies are applicable
only to disk LUNs, and some policies are applicable only to tape LUNs. It is recommended that you
plan to configure all the LUN state and encryption policies with the cryptocfg
--add LUN
command. You can use the cryptocfg
--modify -LUN command to change some of the settings, but
not all options are modifiable.