Brocade Communications Systems StoreFabric SN6500B Administrator's Manual page 268

Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs Also See for StoreFabric SN6500B:
Table of Contents

Advertisement

6
Encryption group merge and split use cases
The above manual configuration recovery procedure will work nearly identically for all combinations
of EG split scenarios. Simply perform the following steps for the other scenarios:
Configuration impact of encryption group split or node isolation
When a node is isolated from the encryption group or the encryption group is split to form separate
encryption group islands, the defined or registered node list in the encryption group is not equal to
the current active node list, and the encryption group is in a DEGRADED state rather than in a
CONVERGED state.
under such conditions
TABLE 7
.
Configuration Type
Encryption group
HA cluster
Security & key vault
TABLE 8
Configuration Type
Security & key vault
HA cluster
320
Pick one EG/EG Leader to be maintained.
Using that GL Node, deregister all Nodes which are in a DISCOVERING state as determined by
the output of the cryptocfg
Go to the other EG islands and delete the EGs.
-
In the one case where the other EG has a member node which is in a DISCOVERED state,
you will first need to eject that DISCOVERED Node prior to being allowed to delete that
other EG.
From the only remaining EG/EG leader, reregister the previously deregistered Nodes.
Confirm the EG is converged.
Table 7
and
Allowed Configuration Changes
Allowed configuration changes
Adding a node to the encryption group
Removing a node from the encryption group
Invoking a node leave command
Deleting an encryption group
Registering a member node (IP address, certificates)
Removing an encryption engine from an HA cluster
Deleting an HA cluster
Initializing a node
Initializing an encryption engine
Re-registering an encryption engine
Zeroizing an encryption engine
Disallowed Configuration Changes
Disallowed configuration changes
Register or modify key vault settings
Generating a master key
Exporting a master key
Restoring a master key
Enabling or disabling encryption on an encryption engine
Creating an HA cluster
Adding an encryption engine to an HA cluster
Modifying the failback mode
show
groupmember
--
-
Table 8
list configuration changes that are allowed and disallowed
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
all command.
-
53-1002721-01

Advertisement

Table of Contents
loading

This manual is also suitable for:

Fabric os 7.1.0

Table of Contents