HP 8/40 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 146
Configuring a Crypto LUN, Encryption Enabled
View all HP 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 146 highlights
3 Crypto LUN configuration CAUTION When configuring a LUN with multiple paths, perform the LUN discovery on each of the Crypto Target containers for each of the paths accessing the LUN and verify that the serial number for these LUNs discovered from these Crypto Target containers are the same. This indicates and validates that these Crypto Target containers are indeed paths to the same LUN. Refer to the section "Configuring a multi-path Crypto LUN" on page 141 for more information. Configuring a Crypto LUN You configure a Crypto LUN by adding the LUN to the CryptoTarget container and enabling the encryption property on the Crypto LUN. The LUNs of the target which are not enabled for encryption must still be added to the CryptoTarget container with the cleartext policy option. You can add a single LUN to a CryptoTarget container, or you can add multiple LUNs by providing a range of LUN Numbers. When adding a single LUN, you can either provide a 16-bit (2 byte) hex value of the LUN Number, for example, 0x07. Alternately you can provide a 64-bit (8 byte) value in WWN or LUN ID format, for example, 00:07:00:00:00:00:00:00. When adding a range of LUN Numbers, you may use two byte hex values or decimal numbers. NOTE LUN configurations and modifications must be committed to take effect. There is an upper limit of 25 on the number of LUNs you can add or modify in a single commit operation. Attempts to commit a configuration that exceeds this maximum will fail. Note that there is also a five second delay before the commit operation takes effect. In addition to the above limit of 25 per commit, make sure the LUNs in previously committed LUN configurations and LUN modifications have a LUN state of Encryption Enabled before creating and committing another batch of 25 LUN configurations or LUN modifications. The device type (disk or tape) is set at the CryptoTarget container level. You cannot add a tape LUN to a CryptoTarget container of type "disk" and vice versa. It is recommended that you configure the LUN state and encryption policies at this time. You can add these settings later with the cryptocfg --modify -LUN command, but not all options are modifiable. Refer to the section "Crypto LUN parameters and policies" on page 129 for LUN configuration parameters. Refer to the section "Creating a tape pool" on page 139 for tape pool policy parameters. NOTE If you are using VMware virtualization software or any other configuration that involves mounted file systems on the LUN, you must enable first-time encryption at the time when you create the LUN by setting the --enable_encexistingdata option with the --add -LUN command. Failure to do so permanently disconnects the LUN from the host and causes data to be lost and unrecoverable. 128 Fabric OS Encryption Administrator's Guide 53-1001864-01