Crypto Lun Parameters And Policies - Brocade Communications Systems Brocade 8/12c Administrator's Manual

3
Crypto LUN configuration

Crypto LUN parameters and policies

Table 6
during LUN configuration (with the cryptocfg
only to disk LUNs, and some policies are applicable only to tape LUNs. It is recommended that you
plan to configure all the LUN state and encryption policies with the cryptocfg
command. You can use the cryptocfg
not all options are modifiable.
NOTE
LUN policies are configured at the LUN-level but apply to the entire HA or DEK cluster. For multi-path
LUNs exposed through multiple target ports and thus configured on multiple Crypto Target
containers on different encryption engines in an HA cluster or DEK cluster, the same LUN policies
must be configured. Failure to do so results in unexpected behavior and may lead to data corruption.
The tape policies specified at the LUN configuration level take effect if you do not create tape pools
or configure policies at the tape pool level. The Brocade encryption solutions supports up to a 1 MB
block size for tape encryption. Also, the LBA 0 block size (I/O size from the host) must be at least
1 K less than the maximum supported backend block size (usually 1 MB). This is typically the case,
as label operations are small I/O operations. If this support requirement is not met, the Brocade
encryption solution will not allow the backup operation to start to that tape.
TABLE 6
Policy name
LUN state
Disk LUN: yes
Tape LUN: No
Modify? No
Key ID
Disk LUN: yes
Tape LUN: No
Modify? No
156
Number of host(s): 1
Configuration status: committed
Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a
VI: 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d
LUN number: 0x0
LUN type: disk
LUN status: 0
Encryption mode: encrypt
Encryption format: native
Encrypt existing data: enabled
Rekey: disabled
Key ID: not available
Operation Succeeded
shows the encryption parameters and policies that can be specified for a disk or tape LUN,
LUN parameters and policies
Command parameters
-lunstate encrypted |
cleartext
-keyID Key_ID
add -LUN command). Some policies are applicable
--
modify -LUN command to change some of the settings, but
--
Description
Sets the Encryption state for the LUN. Valid values are:
•
cleartext - Default LUN state. Refer to policy configuration
considerations for compatibility with other policy settings.
•
encrypted - Metadata on the LUN containing the key ID of the
DEK that was used for encrypting the LUN is used to retrieve
the DEK from the key vault. DEKs are used for encrypting and
decrypting the LUN.
Specifies the key ID. Use this option only if the LUN was encrypted
but does not include the metadata containing the key ID for the
LUN. This is a rare case for LUNs encrypted in Native (Brocade)
mode.
Fabric OS Encryption Administrator's Guide
add -LUN
--
53-1002159-03