Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)
216 Fabric OS Encryption Administrator’s Guide
53-1001864-01
DF-compatibility support for disk LUNs
B
TABLE 20 Support matrix for disk LUNs for various configuration and modify options
LUN
encryption
format
LUN state LUN policy Encrypt existing data Key ID Metadata
on LUN
Results
Native
(Brocade)
Encrypted Encrypt NA when
LUN State = encrypt
NA Yes No error. If the LUN was previously
DF-encrypted, the LUN is set to Read Only until
you either remove the LUN and add it back
with the native Brocade encryption format, or
issue the runtime CLI command to force the
change.
Native
(Brocade)
Encrypted Encrypt NA when
LUN State = encrypt
None No The data encryption key is retrieved from the
key vault based on the LUN serial number, and
used for further encryption and decryption. An
attempt is made to write the metadata. If the
key cannot be retrieved for this LUN based on
the LUN serial number, then the LUN is
disabled for encryption. You need to either
modify the LUN state to cleartext or provide
the key ID in the LUN setup. You can also use
the runtime cryptocfg --enable -LUN
command to force the change, in which case a
new key is generated and an attempt is made
to write metadata.
Native
(Brocade)
Encrypted Encrypt NA when
LUN State = encrypt
Provided No No error.
Native
(Brocade)
Encrypted Cleartext NA when
LUN State = encrypt
NA Yes The LUN is disabled for encryption. Metadata
is present on the LUN and the LUN is in
encrypted state. You need to either modify the
LUN policy to encrypt, or use the runtime
cryptocfg --enable -LUN command to force
the change from encrypt to cleartext.
Native
(Brocade)
Encrypted Cleartext NA when
LUN State = encrypt
None No No error.
Native
(Brocade)
Encrypted Cleartext NA when
LUN State = encrypt
Provided No The KeyID is not valid when this combination
is used in cryptocfg --modify -LUN. When
issuing cryptocfg --add -LUN, this is an invalid
combination
Native
(Brocade)
Cleartext Encrypt Yes NA Yes The LUN is disabled for encryption. Metadata
is present on the LUN and the LUN is in
encrypted state. You need to either modify the
LUN state to “encrypted” or use the runtime
cryptocfg --enable -LUN command to force
the change from the current state of the LUN
to encrypt.
Native
(Brocade)
Cleartext Encrypt Yes None No No error. First time encryption started to
convert the LUN from cleartext to encrypt.
Native
(Brocade)
Cleartext Encrypt Yes Provided No No Error. Key ID is ignored.