Dell PowerEdge M605 Fabric OS Command Reference Manual Supporting Fabric - Page 206
Fabric OS Encryption, Administrator's Guide, keyID, time_period
View all Dell PowerEdge M605 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 206 highlights
2 cryptoCfg LUN policies are configured per HA or DEK cluster. For multi-path LUNs exposed through multiple target ports and thus configured on multiple CTCs on different EEs in an HA cluster or DEK cluster, the same LUN policies must be configured. Refer to the Fabric OS Encryption Administrator's Guide for more information. The following LUN policy parameters can be optionally set: -lunstate encrypted | cleartext Sets the encryption state of a specified disk LUN. When set to encrypted, metadata on the LUN containing the key ID of the DEK that was used for encrypting the LUN is used to retrieve the DEK from the key vault. If the LUN state is not specified, the default state is cleartext. This operand is not valid for tape LUNs. -keyID keyID Specifies the Key ID. Use this operand only if the LUN was encrypted but does not include the metadata containing the keyID for the LUN. This is a rare case for LUNS encrypted in Brocade native mode. However for LUNS encrypted with DataFort v2.0, a Key ID is required, because these LUNs do not contain any metadata. This operand is not valid for tape LUNs. -encryption_format native | DF_compatible Specifies the LUN encryption format. Two encryption formats are supported: native The LUN uses the Brocade metadata format and algorithm for the encryption and decryption of data. This is the default mode. DF_compatible The LUN uses the NetApp DataFort metadata format and algorithm for the encryption and decryption of data. Use of this format requires a NetApp DataFort-compatible license to be present on the encryption switch or the chassis that houses the encryption blade. -encrypt | -cleartext Enables or disables the LUN for encryption. By default, cleartext is enabled (no encryption). When the LUN policy is changed from encrypt to cleartext, the following policy parameters become disabled (default) and generate errors when executed: -enable_encexistingdata, -enable_rekey, and -key_lifespan. When a LUN is added in DF -compatible Encryption Format, -cleartext is rejected as invalid. -enable_encexistingdata | -disable_encexistingdata Specifies whether or not existing data should be encrypted. The Encryption policy must be enabled on the LUN before the -enable_encexistingdata can be set and the LUN state must be set to -cleartext. By default, encryption of existing data is disabled. If LUN policy is set to -encrypt, the encryption of existing data must be enabled, or existing data is not preserved. This policy is not valid for tape LUNs. -enable_rekey time_period | -disable_rekey Enables or disables the auto rekeying capability on the specified disk LUN. This operand is not valid for tape LUNs. By default, the automatic rekey feature is disabled. Enabling automatic rekeying is valid only if the LUN policy is set to encrypt. You must specify a time_period in days when enabling auto rekeying to indicate the interval at which automatic rekeying should take place. 174 Fabric OS Command Reference 53-1001764-02