6
Encryption group merge and split use cases
Configuration impact of encryption group split or node isolation
When a node is isolated from the encryption group or the encryption group is split to form separate
encryption group islands, the defined or registered node list in the encryption group is not equal to
the current active node list, and the encryption group is in a DEGRADED state rather than in a
CONVERGED state.
under such conditions.
TABLE 7
Configuration Type
Encryption group
HA cluster
Security & key vault
TABLE 8
Configuration Type
Security & key vault
HA cluster
Crypto Device
(target/LUN/tape)
222
Table 7
and
Table 8
Allowed Configuration Changes
Allowed configuration changes
•
Adding a node to the encryption group
•
Removing a node from the encryption group
•
Invoking a node leave command
•
Deleting an encryption group
•
Registering a member node (IP address, certificates)
•
Removing an encryption engine from an HA cluster
•
Deleting an HA cluster
•
Initializing a node
•
Initializing an encryption engine
•
Re-registering an encryption engine
•
Zeroizing an encryption engine
Disallowed Configuration Changes
Disallowed configuration changes
•
Register or modify key vault settings
•
Generating a master key
•
Exporting a master key
•
Restoring a master key
•
Enabling or disabling encryption on an encryption engine
•
Creating an HA cluster
•
Adding an encryption engine to an HA cluster
•
Modifying the failback mode
•
Creating a CryptoTarget container
•
Adding initiators or LUNs to a CryptoTarget container
•
Removing initiators or LUNS from a CryptoTarget container
•
Modifying LUNs or LUN policies
•
Creating or deleting a tape pool
•
Modifying a tape pool policy
•
Starting a manual re-keying session
•
Performing a manual failback of containers
•
Deleting a CryptoTarget container
list configuration changes that are allowed and disallowed
Fabric OS Encryption Administrator's Guide
53-1002159-03