Guarding a in-Place Data Transformation Device with Multiple IO Paths on Linux
Each individual IO path from a server node to a storage controller is treated as a separate device on the host. DM-Multipath on a Linux host provides a management framework to group the individual IO paths to the same LUN into a single multipath device. If you use DM-Multipath to manage devices on the protected host, the individual devices that correspond to each IO path to the LUN cannot be configured for guarding as ES GuardPoints, as those devices are under control of DM-Multipath. To guard such devices, you must guard the device mapper generated by DM-Multipath (multipathd) under the /dev/mapper
directory.
The following example illustrates the procedure for guarding a device mapper generated device with the alias name /dev/mapper/mpathA
.
-
Create a standard policy using an XTS key as the key rule.
-
On the host, prepare the device to be configured as ESG using the
voradmin
command with new or xform option. For example:voradmin idt config new /dev/mapper/mpathA
-
On the CipherTrust Manager, guard
/dev/mapper/mpathA
as Device GuardPoint using the policy created above. -
For Manual-Guard configuration, enable the GuardPoint using the
secfsd
command as follows:secfsd -guard /dev/mapper/mpathA
-
For Auto-Guard, wait for the
/dev/mapper/mpathA
device to be guarded on the protected host. -
Once the device is guarded, provide the pathname of the secvm device to applications and/or file system operations. For example,
/dev/secvm/dev/mapper/mpathA
.