Removing A Lun From A Cryptotarget Container; Modifying Crypto Lun Parameters - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual

Removing a LUN from a CryptoTarget container

You can remove a LUN from a given CryptoTarget container if it is no longer needed. Stop all traffic
I/O from the initiators accessing the LUN before removing the LUN to avoid I/O failure between the
initiators and the LUN. If the LUN is exposed to more than one initiator under different LUN
Numbers, remove all exposed LUN Numbers.
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
3. Commit the configuration with the
CAUTION
In case of multiple paths for a LUN, each path is exposed as a CryptoTarget container in the same
encryption switch or blade or on different encryption switches or blades within the encryption
group. In this scenario you must remove the LUNs from all exposed CryptoTarget containers
before you commit the transaction. Failure to do so may result in a potentially catastrophic
situation where one path ends up being exposed through the encryption switch and another path
has direct access to the device from a host outside the protected realm of the encryption
platform. Refer to the section
information.

Modifying Crypto LUN parameters

You can modify one or more policies of an existing Crypto LUN with the cryptocfg
command.
A maximum of 25 disk LUNs can be added or modified in a single commit operation. Attempts to
commit configurations or modifications that exceed the maximum commit allowed will fail with a
warning. There is a five second delay before the commit operation takes effect.
Make sure the LUNs in previously committed LUN configurations and LUN modifications have a
LUN state of Encryption Enabled before creating and committing another batch of LUN
configurations or modifications.
The following example disables automatic rekeying operations on the disk LUN "my_disk_tgt."
1. Log in to the group leader as Admin or FabricAdmin.
2. Enter the cryptocfg
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
remove
--
the LUN Number, and the initiator PWWN.
FabricAdmin:switch> cryptocfg --remove -LUN my_disk_tgt 0x0
10:00:00:00:c9:2b:c9:3a
Operation Succeeded
associated configuration data in the configuration database. The data remains on the removed
LUN in an encrypted state.
FabricAdmin:switch> cryptocfg --commit -force
Operation Succeeded
modify
--
the LUN Number, the initiator PWWN, and the parameter you want to modify.
LUN command followed by the CryptoTarget container name,
-
force option to completely remove the LUN and all
-
"Configuring a multi-path Crypto LUN"
LUN command followed by the CryptoTarget container name,
-
Crypto LUN configuration
on page 179 for more
modify
--
3
LUN
-
177