HP 8/24 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01, July 2009) - Page 190
not valid for tape LUNs., existing data must be enabled
View all HP 8/24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 190 highlights
2 cryptoCfg -keyID keyID Specifies the Key ID. Use this operand only if the LUN was encrypted but does not include the metadata containing the keyID for the LUN. This is a rare case for LUNS encrypted in Brocade native mode. However for LUNS encrypted with DataFort v2.0, a Key ID is required, because these LUNs do not contain any metadata. This operand is not valid for tape LUNs. -encryption_format native | DF_compatible Specifies the LUN encryption format. Two encryption formats are supported: native The LUN uses the Brocade metadata format and algorithm for the encryption and decryption of data. This is the default mode. DF_compatible The LUN uses the NetApp DataFort metadata format and algorithm for the encryption and decryption of data. Use of this format requires a NetApp DataFort-compatible license to be present on the encryption switch or the chassis that houses the encryption blade. -encrypt | -cleartext Enables or disables the LUN for encryption. By default, cleartext is enabled (no encryption). When the LUN policy is changed from encrypt to cleartext, the following policy parameters become disabled (default) and generate errors when executed: -enable_encexistingdata, -enable_rekey, and -key_lifespan. When a LUN is added in DF -compatible Encryption Format, -cleartext is rejected as invalid. -enable_encexistingdata | -disable_encexistingdata Specifies whether or not existing data should be encrypted. The Encryption policy must be enabled on the LUN before the -enable_encexistingdata can be set and the LUN state must be set to -cleartext. By default, encryption of existing data is disabled. If LUN policy is set to -encrypt, the encryption of existing data must be enabled, or existing data is not preserved. This policy is not valid for tape LUNs. -enable_rekey time_period | -disable_rekey Enables or disables the auto re-keying capability on the specified disk LUN. This operand is not valid for tape LUNs. By default, the automatic re-key feature is disabled. Enabling automatic re-keying is valid only if the LUN policy is set to encrypt. You must specify a time_period in days when enabling auto Re-keying to indicate the interval at which automatic re-keying should take place. -key_lifespan time_in_days | none Specifies the lifespan of the encryption key in days. The key will expire after the specified number of days. Accepted values are integers from 1 to 2982616. The default value is none, which means, the key does not expire. This operand is valid only for tape LUNs. The key lifespan cannot be modified after it is set. --modify -LUN Modifies the encryption policies of one or more LUNs in a specified CTC. This command is valid only on the group leader. The following operands are required when modifying a LUN: crypto_target_container_name Specifies the name of the CTC to which the LUNs belong. 160 Fabric OS Command Reference 53-1001337-01