HP 1606 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 141
Creating a CryptoTarget container, any alphanumeric characters, hyphens, and underscore characters.
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 141 highlights
CryptoTarget container configuration 3 Creating a CryptoTarget container Before you begin, have the following information ready: • The switch WWNs of all nodes in the encryption group. Use the cryptocfg --show -groupmember -all command to gather this information. • The port WWNs of the targets whose LUNs are being enabled for data-at-rest encryption. • The port WWNs of the hosts (initiators) which should gain access to the LUNs hosted on the targets. Any given target may have multiple ports through which a given LUN is accessible and the ports are connected to different fabrics for redundancy purposes. Any given target port through which the LUNs are accessible must be hosted on only one Encryption switch (or pair in case of HA deployment). Another such target port should be hosted on a different encryption switch either in the same fabric or in a different fabric based on host MPIO configuration. A given host port through which the LUNs are accessible is hosted on the same encryption switch on which the target port (CryptoTarget container) of the LUNs is hosted. NOTE It is recommended you complete the encryption group and HA cluster configuration before configuring the CryptoTarget containers. 1. Log into the group leader as Admin or FabricAdmin. 2. Enter the cryptocfg --create -container command. Specify the type of the container, (disk or tape), followed by a name for the CryptoTarget container, the encryption engine's node WWN, and the target's Port WWN and node WWN. Provide a slot number if the encryption engine is a blade. • The CryptoTarget container name can be up to 31 characters in length and may include any alphanumeric characters, hyphens, and underscore characters. • You may add initiators at this point or after you create the container. The following example creates a disk container named my_disk_tgt1. The initiator is added in step 3. FabricAdmin:switch>cryptocfg --create -container disk my_disk_tgt \ 10:00:00:00:05:1e:41:9a:7e 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d Operation Succeeded 3. Add an initiator to the CryptoTarget container. Enter the cryptocfg --add -initiator command followed by the initiator port WWN and the node WWN. Note that the initiator port WWN must also be added to the LUN when the LUN is added to the CryptoTarget container. FabricAdmin:switch>cryptocfg --add -initiator my_disk_tgt \ 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a Operation Succeeded 4. Commit the transaction. The commit operation creates the virtual devices and the redirection zone that routes traffic through these devices. FabricAdmin:switch>cryptocfg --commit Operation Succeeded Fabric OS Encryption Administrator's Guide 123 53-1001864-01