TABLE 8
Configuration Type
Crypto Device
(target/LUN/tape)
Encryption group database manual operations
Manual intervention may be necessary if the encryption group databases or security databases of
encryption group members are not synchronized. The following sections describe manual
operations that enable you to do the following:
•
•
•
Manually synchronizing the encryption group database
The
to the group leader node with the databases of all member nodes that are out of sync. If this
command is invoked when the encryption group databases are in sync, the command is ignored.
NOTE
When the encryption group is out of sync and the group leader reboots, the newly selected group
leader pushes its database information to all other members. The new group leader's database
information may be different from what was set up before the group leader was rebooted.
Manually synchronizing the security database
This operation can resolve problems with master key propagation (and connectivity issues between
peer node encryption engines in an encryption group). The synchronization occurs every time this
command is executed regardless of whether or not the security database was synchronized across
all nodes in the encryption group.
Use the
node to all member nodes. This command is valid only on the group leader.
In scenarios where this master key propagation issue still persists, exporting the master key to a
file and recovering it resolves the issue. To do this, use the following commands:
•
•
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
Disallowed Configuration Changes
Disallowed configuration changes
•
Creating a CryptoTarget container
•
Adding initiators or LUNs to a CryptoTarget container
•
Removing initiators or LUNS from a CryptoTarget container
•
Modifying LUNs or LUN policies
•
Creating or deleting a tape pool
•
Modifying a tape pool policy
•
Starting a manual rekeying session
•
Performing a manual failback of containers
•
Deleting a CryptoTarget container
Synchronize the encryption group database.
Synchronize the security database.
Abort a pending database transaction.
sync
encgroup command manually synchronizes the encryption group database belonging
--
-
sync
securitydb command to distribute the security database from the group leader
--
-
Use the cryptocfg
exportmasterkey
--
Use the cryptocfg
recovermasterkey currentMK
--
Encryption group database manual operations
file option to export the master key to a file.
-
srcfile to recover the master key.
-
6
321