HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 181
LUN modification considerations, Impact of tape LUN configuration changes
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 181 highlights
Impact of tape LUN configuration changes 3 LUN modification considerations Make sure you understand the ramifications of modifying LUN policy parameters (such as encrypt/cleartext) for LUNs that are online and already being utilized. The following restrictions apply when modifying LUN policy parameters for disk LUNs: • When you change LUN policy from encrypt to cleartext, you wipe out all encrypted data stored on the LUN the next time data is written to that LUN. The following policy parameters are disabled: -enable_encexistingdata, -enable_rekey. • When you change the LUN policy back to encrypt, for example, by force-enabling the LUN, -enable_encexistingdata and -enable_rekey are disabled by default, and you must configure both options again. • When you add a LUN as cleartext and later you want to change the LUN policy from cleartext to encrypt, you must set the -enable_encexistingdata option. If you do not, all data on that LUN is lost, and cannot be recovered. For tape LUNs, the -enable_encexistingdata, -enable_rekey, and -key_lifespan options are not valid and therefore cannot be modified. When you attempt to execute these parameters while modifying a tape LUN, the system returns an error. Disabling -write_early ack or -read_ahead for tape LUN will result in lower total throughput depending on the number of flows per encryption engine. NOTE Make sure all the outstanding backup and recovery operations on the media are completed before changing the LUN configuration. For Disk LUNs -write_early_ack and -read_ahead are not valid and therefore cannot be modified. When you attempt to execute these parameters while modifying a disk LUN, the system returns an error. Impact of tape LUN configuration changes LUN-level policies apply when no policies are configured at the tape pool level. The following restrictions apply when modifying tape LUN configuration parameters: • If you change a tape LUN policy from encrypt to cleartext or from cleartext to encrypt while data is written to or read from a tape backup device, the policy change is not enforced until the current process completes and the tape is unmounted, rewound, or overwritten. This mechanism prevents the mixing of cleartext data to cipher-text data on the tape. • Make sure you understand the ramifications of changing the tape LUN encryption policy from encrypt to cleartext or from cleartext to encrypt. • You cannot modify the key lifespan value. If you wish to modify the key lifespan, delete and recreate the LUN with a different key lifespan value. Key lifespan values only apply to native-mode pools. Fabric OS Encryption Administrator's Guide 161 53-1002159-03