Brocade Communications Systems Brocade 8/12c Administrator's Manual page 241

Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments

Hide thumbs Also See for Brocade 8/12c:

User manual (1301 pages)

Command reference manual (1132 pages)

Reference (362 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

Table of Contents

5. Reregister all nodes from that were a part of the other encryption group islands.

6. Verify your encryption group is re-converged.

The above manual configuration recovery procedure will work nearly identically for all combinations

of EG split scenarios. Simply perform the following steps for the other scenarios:

•

Fabric OS Encryption Administrator's Guide

53-1002159-03

Eject the node shown above which is in the DEF_NODE_STATE_DISCOVERED state using the

following command:

EGisland2GLNode:admin->cryptocfg --eject -membernode 10:00:00:05:1e:c1:9b:91

You can now delete the encryption group from the member node using the admin->cryptocfg

delete -encgroup command, and perform a cryptocfg

that no encryption group is defined on the member node as was done for Node181 in the two

node example, as shown near the beginning of

From Node182, you need to determine the CP certificate name associated with Node181. Use

the following command to look for Node182's CP certificate name:

Node182:admin->cryptocfg --show -file -all

The output of this command will display a listing of all imported CP certificates. Identify the

certificate associated with Node181 and then use it to re-register Node181 as follows:

Node182:admin->cryptocfg --reg -membernode 10:00:00:05:1e:55:33:33 <node181's

certificate file name> <node181's IP address>

Within a minute or two; the encryption group will re-converge.

Node181:admin->cryptocfg --show -groupcfg

Node182:admin->cryptocfg --show -groupcfg

Both nodes will now show a two node CONVERGED EG in which Node182 is the group leader

ode and Node181 is a member Node.

Pick one EG/EG Leader to be maintained.

Using that GL Node, deregister all Nodes which are in a DISCOVERING state as determined by

the output of the cryptocfg

Go to the other EG islands and delete the EGs.

In the one case where the other EG has a member node which is in a DISCOVERED state,

you will first need to eject that DISCOVERED Node prior to being allowed to delete that

other EG.

From the only remaining EG/EG leader, reregister the previously deregistered Nodes.

Confirm the EG is converged.

Encryption group merge and split use cases

step

show -groupmember -all command.

show -groupcfg command to verify

221

Table of Contents

Troubleshooting

Related Products for Brocade Communications Systems Brocade 8/12c

This manual is also suitable for:

Fabric os encryption

Brocade Communications Systems Brocade 8/12c Administrator's Manual page 241

Troubleshooting

Related Manuals for Brocade Communications Systems Brocade 8/12c

Related Products for Brocade Communications Systems Brocade 8/12c

This manual is also suitable for:

Table of Contents