Lun Modification Considerations - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
3
Crypto LUN configuration
3. Commit the configuration.
CAUTION
When configuring a LUN with multiple paths, do not commit the configuration before you have
modified all the LUNs with identical policy settings and in sequence for each of the CryptoTarget
containers for each of the paths accessing the LUNs. Failure to do so results in data corruption.
Refer to the section
LUN modification considerations
Make sure you understand the ramifications of modifying LUN policy parameters (such as
encrypt/cleartext) for LUNs that are online and already being utilized. The following restrictions
apply when modifying LUN policy parameters for disk LUNs:
•
•
•
For tape LUNs, the
valid and therefore cannot be modified. When you attempt to execute these parameters while
modifying a tape LUN, the system returns an error. Disabling
tape LUN will result in lower total throughput depending on the number of flows per encryption
engine.
NOTE
Make sure all the outstanding backup and recovery operations on the media are completed before
changing the LUN configuration.
For Disk LUNs
When you attempt to execute these parameters while modifying a disk LUN, the system returns an
error.
178
FabricAdmin:switch> cryptocfg --modify -LUN my_disk_tgt 0x0
10:00:00:00:c9:2b:c9:3a -disable_rekey
Operation Succeeded
FabricAdmin:switch> cryptocfg --commit
Operation Succeeded
"Configuring a multi-path Crypto LUN"
When you change LUN policy from encrypt to cleartext, you wipe out all encrypted data stored
on the LUN the next time data is written to that LUN. The following policy parameters are
disabled:
enable_encexistingdata,
-
When you change the LUN policy back to encrypt, for example, by force-enabling the LUN,
-enable_encexistingdata and
both options again.
When you add a LUN as cleartext and later you want to change the LUN policy from cleartext to
encrypt, you must set the
is lost, and cannot be recovered.
enable_encexistingdata,
-
write_early_ack and
-
enable_rekey.
-
enable_rekey are disabled by default, and you must configure
-
enable_encexistingdata option. If you do not, all data on that LUN
-
enable_rekey, and
-
read_ahead are not valid and therefore cannot be modified.
-
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
on page 179.
key_lifespan options are not
-
write_early ack or
read_ahead for
-
-
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
