A Member Node Reboots And Comes Back Up - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
6
Encryption group merge and split use cases
4. Set up the member node: Configure the IP address of the new node that is replacing the failed
5. On the new node that is to be added, invoke cryptocfg
6. Export the CP certificate from the member node.
7.
8. On the group leader node, register the member node with the group leader node. Enter the
9. Establish the connection between the member node and the key vault.
10. Register the new node with the key manager appliance.
11. On the new node, invoke cryptocfg
12. After the new node has come online, invoke the cryptocfg
13. Replace the failed encryption engine on N3 with the encryption engine of the new node N4 to
14. Remove the failed node from the encryption group. Follow the procedures described in the
A member node reboots and comes back up
Assume N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are
part of an HA cluster. Assume that N3 reboots and comes back up.
Impact
When N3 reboots, all devices hosted on the encryption engines of this node automatically fail over
to the peer encryption engine N1. N1 now performs all of N3's encryption services. Any rekey
sessions in progress continue. Rekey sessions owned by N3's encryption engine are failed over to
N1.
312
NOTE
When attempting to reclaim a failed Brocade Encryption Switch, do not execute
cryptocfg
transabort. Doing so will cause subsequent reclaim attempts to fail.
--
node, and the IP addresses of the I/O cluster sync ports (Ge0 and Ge1), and initialize the node
with the cryptocfg
initnode command.
--
Import the member node CP certificate into the group leader.
cryptocfg
reg
membernode command with appropriate parameters to register the
--
-
member node. Specify the member node's WWN, Certificate filename, and IP address when
executing this command. Successful execution of this command distributes all necessary node
authentication data to the other members of the group.
SecurityAdmin:switch>cryptocfg --reg -membernode \
10:00:00:05:1e:39:14:00 enc_switch1_cert.pem 10.32.244.60
Operation succeeded.
engines.
command to enable crypto operations on the node's encryption engines.
restore broken HA cluster peer relationships. Use the cryptocfg
section
"Removing a member node from an encryption group"
reclaimWWN
--
initEE, and cryptocfg
--
--
–-
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
cleanup.
-
regEE to initialize the encryption
enableEE [slot_number]
replace command.
--
on page 302.
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
