HP 8/24 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 139
CryptoTarget container configuration
View all HP 8/24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 139 highlights
CryptoTarget container configuration 3 CryptoTarget container configuration A CryptoTarget container is a configuration of virtual devices created for each target port hosted on a Brocade Encryption Switch or FS8-18 blade. The container holds the configuration information for a single target, including associated hosts and LUN settings. A CryptoTarget container interfaces between the encryption engine, the external storage devices (targets), and the initiators (hosts) that can access the storage devices through the target ports. Virtual devices redirect the traffic between host and target/LUN to encryption engines so they can perform cryptographic operations. Virtual targets: Any given physical target port is hosted on one encryption switch or blade. If the target LUN is accessible from multiple target ports, each target port is hosted on a separate encryption switch or blade. There is a one-to-one mapping between virtual target and physical target to the fabric whose LUNs are being enabled for cryptographic operations. Virtual initiators: For each physical host configured to access a given physical target LUN, a virtual initiator (VI) is generated on the encryption switch or blade that hosts the target port. If a physical host has access to multiple targets hosted on different encryption switches or blades, you must configure one virtual initiator on each encryption switch or blade that is hosting one of the targets. The mapping between physical host and virtual initiator in a fabric is one-to-n, where n is the number of encryption switches or blades that are hosting targets. FIGURE 56 Relationship between initiator, virtual target, virtual initiator and target CAUTION When configuring a LUN with multiple paths, there is a considerable risk of ending up with potentially catastrophic scenarios where different policies exist for each path of the LUN, or a situation where one path ends up being exposed through the encryption switch and another path has direct access to the device from a host outside the secured realm of the encryption platform. Failure to follow correct configuration procedures for multi-path LUNs results in data corruption. If you are configuring multi-path LUNs as part of an HA cluster or DEK cluster or as a stand-alone LUN accessed by multiple hosts, follow the instructions described in the section "Configuring a multi-path Crypto LUN" on page 141. Fabric OS Encryption Administrator's Guide 121 53-1001864-01