Loss Of Encryption Group Leader After Power Outage - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
6
Loss of encryption group leader after power outage
Loss of encryption group leader after power outage
When all nodes in an encryption group, HA Cluster, or DEK Cluster are powered down due to
catastrophic disaster or power outage to whole data center, and the group leader node either fails
to come back up when the other nodes are powered on, or the group leader is kept powered down,
the member nodes might lose information and knowledge about the encryption group. If this
happens, no crypto operations or commands (except node initialization) are available on the
member node after the power-cycle. This condition persists until the group leader back is online.
When a group leader node fails to come back up, the group leader node can be replaced. Two
scenarios are considered:
•
•
Use the following procedure when encryption group information is not lost by the member nodes
and one of the member nodes has taken the role of group leader:
1. From the new group leader node, deregister the old group leader node (which has failed) from
2. Reclaim the WWN base of the failed Brocade Encryption Switch.
3. Synchronize the crypto configurations across all member nodes.
NOTE
When attempting to reclaim a failed Brocade Encryption Switch, do not execute
cryptocfg
4. For any containers hosted on the failed group leader node, issue the cryptocfg
5. Synchronize the crypto configurations across all member nodes.
Use the following procedure to replace the failed group leader node with a new node when
encryption group information is lost by member nodes:
1. On the new node, perform the switch/node initialization steps as described in Chapter 3.
2. Create an encryption group on the new node with the same encryption group name as before.
3. Use the configDownload command to download previously uploaded group leader node and
4. For any containers hosted on the failed group leader node, issue the cryptocfg
334
When encryption group information is not lost by member nodes
When encryption group information is also lost by member nodes
the encryption group.
FabricAdmin:switch> cryptocfg –-dereg –membernode <failed GLswitchWWN>
FabricAdmin:switch> cryptocfg --reclaimWWN –membernode <failed GLswitchWWN>
FabricAdmin:switch> cryptocfg –-commit
transabort. Doing so will cause subsequent reclaim attempts to fail.
–-
command to change the WWN association of containers from the failed group leader node to
the new group leader node (or any other member node in the encryption group) for all
containers on the encryption engine.
FabricAdmin:switch> cryptocfg –-commit
encryption group configuration files to the new node.
command to change the WWN association of containers from failed group leader node to the
new group leader node for all containers on the encryption engine.
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
replace
--
replace
--
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the StoreFabric SN6500B and is the answer not in the manual?