HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 172
Deleting a CryptoTarget container, added to the container are set
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 172 highlights
3 CryptoTarget container configuration switch and another path has direct access to the device from a host outside the protected realm of the encryption platform. Refer to the section "Configuring a multi-path Crypto LUN" on page 166 for more information. Deleting a CryptoTarget container You may delete a CryptoTarget container to remove the target port from a given encryption switch or blade. Deleting a CryptoTarget container removes the virtual target and all associated LUNs from the fabric. Before deleting a container, be aware of the following: • Stop all traffic to the target port for which the CryptoTarget container is being deleted. Failure to do so will cause data corruption (a mix of encrypted data and cleartext data will be written to the LUN). • Deleting a CryptoTarget container while a re-key or first-time encryption session causes all data to be lost on the LUNs that are being re-keyed. Ensure that no re-key or first time encryption sessions are in progress before deleting a container. Use the cryptocfg --show -rekey -all command to determine the runtime status of the session. If for some reason, you need to delete a container while re-keying, when you create a new container, be sure the LUNs added to the container are set to cleartext. You can then start a new re-key session on clear text LUNs. 1. Log in to the group leader as Admin or FabricAdmin. 2. Enter the cryptocfg --delete -container command followed by the CryptoTarget container name. The following example removes the CryptoTarget container "my_disk_tgt". FabricAdmin:switch>cryptocfg --delete -container my_disk_tgt Operation Succeeded 3. Commit the transaction. FabricAdmin:switch>cryptocfg --commit Operation Succeeded CAUTION When configuring a multi-path LUN, you must remove all necessary CryptoTarget containers in sequence before committing the transaction. Failure to do so may result in a potentially catastrophic situation where one path ends up being exposed through the encryption switch and another path has direct access to the device from a host outside the protected realm of the encryption platform. Refer to the section "Configuring a multi-path Crypto LUN" on page 166 for more information. 152 Fabric OS Encryption Administrator's Guide 53-1002159-03