Several Member Nodes Split Off From An Encryption Group - Brocade Communications Systems Brocade 8/12c Administrator's Manual
Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1132 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
6
Encryption group merge and split use cases
Recovery
1. Restore connectivity between the two separate encryption group islands.
2. After the encryption group enters the converged state, execute the cryptocfg
Should you decide to remove the isolated node N3, follow the procedures described in the section
"Removing a member node from an encryption group"
Several member nodes split off from an encryption group
Assume N1, N2, N3, and N4 form an encryption group and N2 is the group leader node. N3 and N1
are part of an HA cluster. Assume that both N3 and N4 lost connection with the encryption group
but can still communicate with each other. Following the group leader succession protocol, N3
elects itself as group leader to form a second encryption group with itself and N4 as group
members. We now have two encryption groups, EG1 (group leader N2 + N1), and EG2 (group
leader N3 + N4).
Impact
•
•
•
•
Recovery
1. Restore the connection between the nodes in the separate encryption group islands, that is,
2. After the encryption group enters the converged state, execute the cryptocfg
216
When the lost connection is restored, an automatic split recovery process begins. The current
group leader and the former group leader (N3 and N2 in this example) arbitrate the recovery,
and the group leader with the majority number of members (N2) becomes group leader. If the
number of member nodes is the same, the group leader node with the highest WWN becomes
group leader.
command on the group leader node to distribute the crypto-device configuration from the
group leader to all member nodes.
The two encryption groups continue to function independently of each other as far as host I/O
encryption traffic is concerned.
Each encryption group registers the missing members as "offline".
The isolation of N3 from the original encryption group breaks the HA cluster and failover
capability between N3 and N1.
You cannot configure any CryptoTargets, LUN policies, tape pools, or security parameters on
any of the group leaders. This would require communication with the "offline" member nodes.
You cannot start any re-key operations (auto or manual) on any of the nodes. Refer to the
section"Configuration impact of encryption group split or node isolation"
information on which configuration changes are allowed.
between nodes N3, N4 and between nodes N1 and N2.
When the lost connection is restored, an automatic split recovery process begins. The two
group leaders (N3 and N2 in this example) arbitrate the recovery, and the group leader node
with the highest WWN becomes group leader. If the number of nodes in each group is not
equal, the group leader for the group with the largest number of members becomes group
leader.
command on the group leader node to distribute the crypto-device configuration from the
group leader to all member nodes.
on page 206.
on page 222 for more
Fabric OS Encryption Administrator's Guide
commit
--
commit
--
53-1002159-03
Advertisement
Table of Contents
Troubleshooting
