High availability clusters, Ha cluster configuration rules – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 168
148
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
High availability clusters
3
SecurityAdmin:switch> cryptocfg --show -groupmember -all
NODE LIST
Total Number of defined nodes:2
Group Leader Node Name: 10:00:00:05:1e:41:9a:7e
Encryption Group state: CLUSTER_STATE_CONVERGED
Node Name: 10:00:00:05:1e:41:9a:7e (current node)
State: DEF_NODE_STATE_DISCOVERED
Role: GroupLeader
IP Address: 10.32.244.71
Certificate: GL_cpcert.pem
Current Master Key State: Not configured
Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master Key State:Not configured
Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
EE Slot: 0
SP state: Operational; Need Valid KEK
Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership
Node Name: 10:00:00:05:1e:39:14:00
State: DEF_NODE_STATE_DISCOVERED
Role: MemberNode
IP Address: 10.32.244.60
Certificate: enc1_cpcert.pem
Current Master Key State: Not configured
Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master Key State:Not configured
Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
EE Slot: 0
SP state: Unknown State
Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership
High availability clusters
A high availability (HA) cluster consists of exactly two encryption engines configured to host the
same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single
fabric. Failback occurs automatically by default, but is configurable with a manual failback option.
All encryption engines in an encryption group share the same DEK for a disk or tape LUN.
HA cluster configuration rules
The following rules apply when configuring an HA cluster:
•
The encryption engines that are part of an HA cluster must belong to the same encryption
group and be part of the same fabric.
•
An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a
fabric transparent to host MPIO software.
•
HA cluster configuration and related operations must be performed on the group leader.