Brocade Communications Systems Brocade 8/12c Administrator's Manual page 260

6
BES removal and replacement
9. Set the IP address for the new Brocade Encryption Switch using the ipaddrset command for
10. Zeroize the new Brocade Encryption Switch.
11. If the encryption group has a system card authentication enabled, you must re-register the
12. Initialize the new Brocade Encryption Switch node.
13. From the New Brocade Encryption Switch node, run the following command to export the CP
14. From the group leader node, run the following command to import the New Brocade Encryption
15. From the group leader node, run the following command to register the New Brocade
16. Initialize the new encryption engine.
17. Register the new encryption engine.
18. Enable the new encryption engine.
19. Check the encryption engine state is online.
20. Export the KAC CSR from New Node and sign the CSR from the HP SKM/ESKM Local CA.
21. Import the signed CSR/Certificate onto the New Node.
22. Register back the signed KAC CSR/Certificate onto the New Node using the following
240
the Mgmt Link and IO link. Check that the switch name and domain ID associated with the
replacement switch matches that of the original.
cryptocfg --zeroizeEE
The Brocade Encryption Switch reboots automatically.
system card through the Management application client for the new encryption engine.
cryptocfg --initnode
certificate of the New Brocade Encryption Switch:
cryptocfg --export -scp -CPcert <host IP> <host user> <host file path>
Switch node certificate on the group leader node:
cryptocfg --import -scp <Certificate file name> <host IP> <host user> <host
file path>
Encryption Switch node as a member node on the group leader:
cryptocfg --reg -membernode <New BES WWN>
cryptocfg --initEE [slotnumber]
cryptocfg --regEE [slotnumber]
cryptocfg --enableEE [slotnumber]
cryptocfg --show -localEE
command:
cryptocfg --reg -KACcert
<Cert file Name> <Old IP address>
Fabric OS Encryption Administrator's Guide
53-1002159-03