HP 8/8 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 144
Moving a CryptoTarget container, Deployment in Fibre Channel routed fabrics
View all HP 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 144 highlights
3 CryptoTarget container configuration 1. Log into the group leader as Admin or FabricAdmin. 2. Enter the cryptocfg --delete -container command followed by the CryptoTarget container name. The following example removes the CryptoTarget container "my_disk_tgt". FabricAdmin:switch>cryptocfg --delete -container my_disk_tgt Operation Succeeded 3. Commit the transaction. FabricAdmin:switch>cryptocfg --commit Operation Succeeded CAUTION When configuring a multi-path LUN, you must remove all necessary CryptoTarget containers in sequence before committing the transaction. Failure to do so may result in a potentially catastrophic situation where one path ends up being exposed through the encryption switch and another path has direct access to the device from a host outside the protected realm of the encryption platform. Refer to the section "Configuring a multi-path Crypto LUN" on page 141 for more information. Moving a CryptoTarget container You can move a CryptoTarget container from one encryption engine to another. The encryption engines must be part of the same fabric and the same encryption group, and the encryption engines must be online for this operation to succeed. This operation permanently transfers the encryption engine association of a given CryptoTarget container from an existing encryption engine to an alternate encryption engine. NOTE If a CryptoTarget container is moved in a configuration involving FCR, the LSAN zones and manually created redirect zones will need to be reconfigured with new VI and VT WWNs. Refer to the section "Deployment in Fibre Channel routed fabrics" on page 159 for instructions on configuring encryption in an FCR deployment scenario. 1. Log into the group leader as Admin or FabricAdmin. 2. Enter the cryptocfg --move -container command followed by the CryptoTarget container name and the node WWN of the encryption engine to which you are moving the CryptoTarget container. Provide a slot number if the encryption engine is a blade. FabricAdmin:switch>cryptocfg --move -container my_disk_tgt \ 10:00:00:05:1e:53:4c:91 Operation Succeeded 3. Commit the transaction. FabricAdmin:switch>cryptocfg --commit Operation Succeeded 126 Fabric OS Encryption Administrator's Guide 53-1001864-01