Lun Policy Troubleshooting - Brocade Communications Systems Brocade 8/12c Administrator's Manual

Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments

Hide thumbs Also See for Brocade 8/12c:

User manual (1301 pages)

Command reference manual (1132 pages)

Reference (362 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

Table of Contents

LUN policy troubleshooting

Table 14

TABLE 14

LUN policy troubleshooting

Case

Reasons for the LUN getting disabled by

the encryption switch

The LUN was modified from encrypt

policy to cleartext policy but metadata

exists.

The LUN was set up with an encrypt

policy and the LUN was encrypted

(metadata is present on the LUN), but

the DEK for the key ID present in the

metadata does not exist in the key

vault.

The LUN was set up with an encrypt

policy and the LUN was encrypted

(metadata is present on the LUN), but

the current state of the LUN is

cleartext instead of encrypted.

234

may be used as an aid in troubleshooting problems related to LUN policies.

Action taken

LUN is disabled.

Reason code:

Metadata exists

but the LUN

policy is cleartext.

LUN is disabled.

Reason code:

Metadata exists

but the DEK for

the key ID from

the metadata

does not exist.

LUN is disabled.

Reason code:

Metadata exists,

but the LUN

policy is indicated

as cleartext.

If you do not need to save the data:

Issue the cryptocfg --enable -LUN

command on one path of the LUN.

This erases the metadata on the

LUN and the LUN is then enabled

with cleartext policy. Issue the

cryptocfg --discoverLUN

command on other paths of the

LUN in the DEK cluster to enable

the LUN.

Modify the LUN policy to cleartext.

The subsequent handling is same

as in case 1.

Modify the LUN policy to cleartext.

The subsequent handling is the

same as in case 1.

Fabric OS Encryption Administrator's Guide

If you need to save the data:

Modify the LUN back to encrypt

policy.

Make sure the key vault has the

DEK and when the DEK gets

restored to the key vault, perform

one of the following tasks on one

of the paths of the LUN to enable

the LUN:

•

Issue the cryptocfg

--discoverLUN command

•

Remove the LUN from the

container and then add it

back

•

Bounce the target port

Then issue the cryptocfg

--discoverLUN command on

other paths of the LUN in the

DEK cluster.

Remove the LUN from the

container and then add the LUN

back with the LUN state as

encrypted, or issue the cryptocfg

--enable -LUN command on one

of the paths of the LUN which will

enable the LUN by using the

appropriate key. Then issue the

cryptocfg --discoverLUN

command on other paths of the

LUN in the DEK cluster to enable

the LUN.

53-1002159-03

Table of Contents

Troubleshooting

This manual is also suitable for:

Fabric os encryption

Lun Policy Troubleshooting - Brocade Communications Systems Brocade 8/12c Administrator's Manual

LUN policy troubleshooting

LUN policy troubleshooting

Troubleshooting

Related Manuals for Brocade Communications Systems Brocade 8/12c

Related Content for Brocade Communications Systems Brocade 8/12c

This manual is also suitable for:

Table of Contents