Configuring A Crypto Lun - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual

3
Crypto LUN configuration

Configuring a Crypto LUN

You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the
encryption property on the Crypto LUN. The LUNs of the target that are not enabled for encryption
must still be added to the CryptoTarget container with the cleartext policy option.
You can add a single LUN to a CryptoTarget container, or you can add multiple LUNs by providing a
range of LUN Numbers. When adding a single LUN, you can either provide a 16-bit (2 byte) hex
value of the LUN Number, for example, 0x07. Alternately you can provide a 64-bit (8 byte) value in
WWN or LUN ID format, for example, 00:07:00:00:00:00:00:00. When adding a range of LUN
Numbers, you may use two byte hex values or decimal numbers.
LUN configurations and modifications must be committed to take effect. The commit limit when
using the CLI is 25. If the number of paths for a LUN exceeds the limit, then more than one
transaction must be sent. Attempts to commit configurations or modifications that exceed the
maximum commit allowed will fail with a warning. There is also a five-second delay before the
commit operation takes effect. In addition to the commit limits, make sure the LUNs in previously
committed LUN configurations and LUN modifications have a LUN state of Encryption Enabled
before creating and committing another batch of LUN configurations or LUN modifications.
NOTE
There is a maximum of 512 disk LUNs per Initiator in a container. With the introduction of Fabric
OS 7.1.0, the maximum number of uncommitted configuration changes per disk LUN (or maximum
paths to a LUN) is 512 transactions. This change in commit limit is applicable only when using BNA.
The commit limit when using the CLI remains unchanged at 25.
NOTE
The maximum of number of tape LUNs that can be added or modfied in a single commit operation
remains unchanged at eight.
The device type (disk or tape) is set at the CryptoTarget container level. You cannot add a tape LUN
to a CryptoTarget container of type "disk" and vice versa.
It is recommended that you configure the LUN state and encryption policies at this time. You can
add these settings later with the cryptocfg
modifiable. Refer to the section
configuration parameters. Refer to the section
policy parameters.
NOTE
If you are using VMware virtualization software or any other configuration that involves mounted file
systems on the LUN, you must enable first-time encryption at the time when you create the LUN by
setting the
permanently disconnects the LUN from the host and causes data to be lost and unrecoverable.
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
172
enable_encexistingdata option with the
–-
add
--
LUN number or a range of LUN numbers, the PWWN and NWWN of the initiators that should be
able to access the LUN. The following example adds a disk LUN enabled for encryption.
FabricAdmin:switch> cryptocfg --add -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt
Operation Succeeded
modify LUN command, but not all options are
-- -
"Crypto LUN parameters and policies"
"Creating a tape pool"
–-
LUN command followed by the CryptoTarget container Name, the
-
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
on page 173 for LUN
on page 190 for tape pool
add LUN command. Failure to do so
-
53-1002721-01