Manualshelf

Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
151152153154155156157158159160
140 Fabric OS Encryption Administrator’s Guide
53-1001864-01
Tape pool configuration
3
Deleting a tape pool
This command does not issue a warning if the tape pool being deleted has tape media or volumes
that are currently accessed by the host. Be sure the tape media is not currently in use.
1. Log into the group leader as FabricAdmin.
2. Enter the cryptocfg
--delete -tapepool command followed by a tape pool label or number. Use
cryptocfg
--show -tapepool -all to display all configured tape pool names and numbers.
FabricAdmin:switch>cryptocfg --delete -tapepool -label my_tapepool
Operation succeeded.
3. Commit the transaction
FabricAdmin:switch>cryptocfg --commit
Operation succeeded.
Modifying a tape pool
1. Log into the group leader as FabricAdmin.
2. Enter the cryptocfg
--modify -tapepool command followed by a tape pool label or number.
Then specify a new policy, encryption format, or both. The following example changes the
encryption format from Brocade native to DF-compatible.
FabricAdmin:switch>cryptocfg --modify -tapepool -label my_tapepool
-encryption_format DF_compatible
Operation succeeded.
3. Commit the transaction.
FabricAdmin:switch>cryptocfg --commit
Operation succeeded.
Impact of tape pool configuration changes
Tape pool-level policies overrule policy configurations at the LUN level, when no policies are
configured at the tape pool level. The following restrictions apply when modifying tape pool-level
configuration parameters:
If you change the tape pool policy from encrypt to cleartext or from cleartext to encrypt or if you
change the encryption format from Brocade native to DF-compatible while data is written to or
read from a tape backup device, the policy change is not enforced until the current process
completes and the tape is unmounted, rewound, or overwritten. This mechanism prevents the
mixing of cleartext data to cipher-text data on the tape.
You cannot modify the tape pool label or the key lifespan value. If you wish to modify these tape
pool attributes, delete the tape pool and create a new tape pool with a different label and key
lifespan.
Key lifespan values only apply to native-mode pools. When in DF-compatible mode,
every new media receives a unique key, matching DataFort behavior.