A Member Node Reboots And Comes Back Up - Brocade Communications Systems Brocade 8/12c Administrator's Manual
Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1132 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
6
Encryption group merge and split use cases
4. Set up the member node: Configure the IP address of the new node that is replacing the failed
5. On the new node that is to be added, invoke cryptocfg
6. Export the CP certificate from the member node.
7.
8. On the group leader node, register the member node with the group leader node. Enter the
9. Establish the connection between the member node and the key vault.
10. Register the new node with the key manager appliance.
11. On the new node, invoke cryptocfg
12. After the new node has come online, invoke the cryptocfg
13. Replace the failed encryption engine on N3 with the encryption engine of the new node N4 to
14. Remove the failed node from the encryption group. Follow the procedures described in the
A member node reboots and comes back up
Assume N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are
part of an HA cluster. Assume that N3 reboots and comes back up.
Impact
When N3 reboots, all devices hosted on the encryption engines of this node automatically fail over
to the peer encryption engine N1. N1 now performs all of N3's encryption services. Any re-key
sessions in progress continue. Re-key sessions owned by N3's encryption engine are failed over to
N1.
Recovery
If auto failback policy is set, no intervention is required. After the node has come back up, all
devices and associated configurations and services that failed over earlier to N1 fail back to N3.
The node resumes its normal function.
If auto failback policy is not set, invoke a manual failback if required. Refer to the section
"Performing a manual failback of an encryption engine"
214
node, and the IP addresses of the I/O cluster sync ports (Ge0 and Ge1), and initialize the node
with the cryptocfg
initnode command.
--
Import the member node CP certificate into the group leader.
cryptocfg
reg -membernode command with appropriate parameters to register the member
--
node. Specify the member node's WWN, Certificate filename, and IP address when executing
this command. Successful execution of this command distributes all necessary node
authentication data to the other members of the group.
SecurityAdmin:switch>cryptocfg --reg -membernode \
10:00:00:05:1e:39:14:00 enc_switch1_cert.pem 10.32.244.60
Operation succeeded.
engines.
command to enable crypto operations on the node's encryption engines.
restore broken HA cluster peer relationships. Use the cryptocfg
section
"Removing a member node from an encryption group"
reclaimWWN -cleanup.
--
initEE, and cryptocfg
--
--
–-
on page 212 for instructions.
Fabric OS Encryption Administrator's Guide
regEE to initialize the encryption
enableEE [slot_number]
replace command.
--
on page 206.
53-1002159-03
Advertisement
Table of Contents
Troubleshooting
