HP 1606 HP B-series Fabric OS 6.4.1b Release Notes (5697-0886, March 2011-incl - Page 37
LUN Size Expansion consideration as an example for EVA LUNs: When an EVA LUN is
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 37 highlights
pairs to the same EE. This connectivity does not give full redundancy in case of EE failure resulting in HAC failover. ◦ Since the quorum disk plays a vital role in keeping the cluster in sync, configure the quorum disk to be outside of the encryption environment. • LUN configuration ◦ To configure a LUN for encryption: - Add the LUN as clear-text to the Crypto Target Container (CTC). - When the LUN comes online and the clear-text host I/O starts, modify the LUN from clear-text to encrypted, including the enable_encexistingdata option to convert the LUN from clear-text to encrypted. ◦ An exception to this LUN configuration process: If the LUN was previously encrypted by the HP Encryption Switch or HP Encryption Blade, the LUN can be added to the CTC with the -encrypt and -lunstate ="encrypted" options. ◦ LUN configurations must be committed to take effect. No more than 25 LUNs can be added or modified in a single commit operation. Attempts to commit configurations that exceed 25 LUNs fail with a warning. There is also a five-second delay before the commit operation takes effect. Always ensure that any previously committed LUN configurations or LUN modifications have taken effect before committing additional LUN configurations or additions. All LUNs should be in an Encryption Enabled state before committing additional LUN modifications. • LUN Size Expansion consideration (as an example for EVA LUNs): When an EVA LUN is encrypted, and then needs to be expanded using HP Command View, no additional configuration is required from the Encryption SAN Switch side. However, make sure not to change the LUN size while any re-key operation is in progress. • The cryptocfg -manual_rekey -all command should not be used in environments with multiple encryption engines (encryption blades) installed in a director-class chassis when more than one encryption engine has access to the same LUN. In such situations, use the cryptocfg -manual_rekey command to manually rekey these LUNs. • If an HA Cluster is configured within an Encryption Group with containers configured for auto Failback Mode, the following procedure must be followed when upgrading from Fabric OS 6.2.x to 6.3.1x. Note that the following procedure is required only under the above-mentioned conditions. 1. Before the firmware upgrade, change the Failback Mode to manual for all containers configured as auto. Take note of which Encryption Engines currently own which containers. 2. Upgrade all nodes in the Encryption Group to Fabric OS 6.3.1x, one node at a time. 3. After all nodes have been successfully upgraded, using the notes taken in step 1, manually invoke the failback of the containers to the correct Encryption Engine using the cryptocfg -failback -EE [slot num] [slot num] command . 4. Once the manual failback completes, change the Failback Mode back to auto from manual, if it was changed in step 1. • Avoid changing the configuration of any LUN that belongs to a CTC/LUN configuration while the rekeying process for that LUN is active. If you change the LUN settings during manual or auto, rekeying or First Time Encryption, the system reports a warning message stating that the encryption engine is busy and a forced commit is required for the changes to take effect. A forced commit command halts all active rekeying processes running in all CTCs and corrupts any LUN engaged in a rekeying operation. There is no recovery for this type of failure. Encryption behavior 37