Removing Stale Rekey Information For A Lun; Downgrading Firmware From Fabric Os 7.1.0 - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
NOTE
When attempting to reclaim a failed Brocade Encryption Switch, do not execute cryptocfg
transabort. Doing so will cause subsequent reclaim attempts to fail.
–-
Removing stale rekey information for a LUN
To clean up stale rekey information for a LUN, complete one of the following procedures:
Procedure 1:
1. Modify the LUN policy from "encrypt" to "cleartext" and commit. The LUN will become disabled.
2. Enable the LUN using the following command:
2. Modify the LUN policy from "cleartext" to "encrypt" with the enable_encexistingdata command
Procedure 2:
1. Remove the LUN from the CryptoTarget Container and commit.
2. Add the LUN back to the CryptoTarget Container with LUN State="clear-text", policy="encrypt"
and "enable_encexistingdata" set for enabling the first-time encryption, then commit. This will
clear the stale rekey metadata on the LUN and the LUN can be used again for encryption.
Downgrading firmware from Fabric OS 7.1.0
If you are attempting to download firmware to an earlier Fabric OS version, for example, v7.0.1, you
might be prompted with the following error message, even if there are no failed decommissioned
LUNs, and even if no decommissioned key ID list exists on a node:
"Downgrade is not allowed for this key vault type, as device decommissioning feature is in use.
Please use cryptocfg
sure that no LUN is undergoing decommission or is in failed state."
If a device decommission firmware consistency check is enabled in the encryption group, firmware
downgrades from v7.1.0 or later to an earlier version will be blocked until the firmware consistency
check for device decommission feature is disabled.
The firmware consistency check for device decommission is enabled when you execute the
following:
The firmware consistency check for device decommission is disabled when you execute the
following:
The success of the operation does not mandate that the firmware consistency check be disabled
for device decommission.
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
Admin:switch> cryptocfg --enable –LUN
to enable the first-time encryption, then commit. This will clear the stale rekey metadata on the
LUN and the LUN can be used again for encryption.
delete
--
SecurityAdmin:switch> cryptocfg --decommission -container <container name>
-initiator <initiatator PWWN> -LUN <lun number>
SecurityAdmin:switch> cryptocfg --delete –decommissionedkeyids
Removing stale rekey information for a LUN
decommissionedkeyids to disable device decommission. Make
-
6
345
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the StoreFabric SN6500B and is the answer not in the manual?