First-Time Encryption; Resource Allocation; First-Time Encryption Modes; Configuring A Lun For First-Time Encryption - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
3
First-time encryption
First-time encryption
First-time encryption, also referred to as encryption of existing data, is similar to the rekeying
process described in the previous section, except that there is no expired key and the data present
in the LUN is cleartext to begin with.
In a first-time encryption operation, cleartext data is read from a LUN, encrypted with the current
key, and written back to the same LUN at the same logical block address (LBA) location. This
process effectively encrypts the LUN and is referred to as "in-place encryption."
Resource allocation
System resources for first-time encryption sessions are shared with rekey sessions. There is an
upper limit of 10 sessions with two concurrent sessions per target. Refer to the rekey
allocation"
First-time encryption modes
First-time encryption can be performed under the following conditions:
•
•
Configuring a LUN for first-time encryption
First-time encryption options are configured at the LUN level either during LUN configuration with
the cryptocfg
command.
1. Set the LUN policy to encrypt to enable encryption on the LUN. All other options related to
2. Enable first-time encryption by setting the
3. Optionally set the auto rekeying feature with the cryptocfg
The following example configures a LUN for first-time encryption with rekeying scheduled at a
6-month interval. You must commit the operation to take effect.
192
on page 192 section for details.
Offline encryption: The hosts accessing the LUN are offline or host I/O is halted while
encryption is in process.
Online encryption: The hosts accessing the LUN are online and host I/O is active during the
encryption operation.
add
LUN command, or at a later time with the cryptocfg
--
-
encryption are enabled. A DEK is generated and associated with the LUN.
data on the disk is encrypted using the configured DEK.
specify the interval at which the key expires and automatic rekeying should take place (time
period in days) Enabling automatic rekeying is valid only if the LUN policy is set to encrypt and
the encryption format is Brocade native. Refer to the section
policies"
on page 173 for more information.
FabricAdmin:switch> cryptocfg --add -LUN my_disk_tgt 0x0 \
10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a -encrypt \
-enable_encexistingdata -enable_rekey 180
Operation Succeeded
enable_encexistingdata parameter. The existing
-
enable_rekey command and
-
"Crypto LUN parameters and
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
"Resource
modify
LUN
--
-
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
