HP 8/8 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 145
Crypto LUN configuration, Discovering a LUN
View all HP 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 145 highlights
Crypto LUN configuration 3 Crypto LUN configuration A Crypto LUN is the LUN of a target disk or tape storage device that is enabled for and capable of data-at-rest encryption. Crypto LUN configuration is done on a per-LUN basis. You configure the LUN for encryption by explicitly adding the LUN to the CryptoTarget container and turning on the encryption property and policies on the LUN. Any LUN of a given target that is not enabled for encryption must still be added to the CryptoTarget container with the cleartext policy option. • The general procedures described in this section apply to both disk and tape LUNs. The specific configuration procedures differ with regard to encryption policy and parameter setting. • You configure the Crypto LUN on the group leader. You need the FabricAdmin role to perform LUN configuration tasks. • Only one path for a LUN per encryption engine and only one path for a LUN per HA cluster pair is supported. When an actual LUN has multiple paths, each path must be hosted on a separate encryption engine or HA cluster pair as a Crypto Target Container (CTC). This applies to both the active path and passive path. Never host both an active path and passive path to a LUN on the same encryption engine or HA cluster pair. CAUTION When configuring a LUN with multiple paths (which means the LUN is exposed and configured on multiple Crypto Target containers located on the same Encryption switch or blade or on different encryption switches or blades), the same LUN policies must be configured on all of the LUN's paths. Failure to configure all LUN paths with the same LUN policies results in data corruption. If you are configuring multi-path LUNs as part of a HA cluster or DEK cluster or as a stand-alone LUN accessed by multiple hosts, follow the instructions described in the section "Configuring a multi-path Crypto LUN" on page 141. Discovering a LUN When adding a LUN to a CryptoTarget container, you must specify a LUN Number. The LUN Number needed for configuring a given Crypto LUN is the LUN Number as exposed to a particular initiator. The Brocade Encryption platform provides LUN discovery services through which you can identify the exposed LUN number for a specified initiator. If you already know the exposed LUN numbers for the various initiators accessing the LUN, you may skip the LUN discovery step and directly configure the Crypto LUN. 1. Log into the group leader as Admin or FabricAdmin. 2. Enter the cryptocfg --discoverLUN command followed by the CryptoTarget container Name. FabricAdmin:switch>cryptocfg --discoverLUN my_disk_tgt Container name: my_disk_tgt Number of LUN(s): 1 Host: 10:00:00:00:c9:2b:c9:3a LUN number: 0x0 LUN serial number: 200000062B0F726D0C000000 Key ID state: Key ID not available Key ID: 3a:21:6a:bd:f2:37:d7:ea:6b:73:f6:19:72:89:c6:4f Fabric OS Encryption Administrator's Guide 127 53-1001864-01