beautypg.com

Specific guidelines for ha clusters – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 249

background image

Fabric OS Encryption Administrator’s Guide (DPM)

229

53-1002922-01

Firmware upgrade and downgrade considerations

5

Guidelines for firmware upgrade of encryption switches and a DCX Backbone chassis with
encryption blades deployed in a DEK cluster with two HA clusters:

Upgrade nodes in one HA cluster at a time.

Within an HA cluster, upgrade one node at a time.

Guidelines for firmware upgrade of encryption switches and a DCX Backbone chassis with
encryption blades deployed in DEK cluster with No HA cluster (each node hosting one path).

-

Upgrade one node at a time.

-

In the case of active/passive arrays, upgrade the node which is hosting the passive path
first. Upgrade the node which is hosting active path next. The Host MPIO ensures that I/O
fails over and fails back from active to passive and back to active during this firmware
upgrade process.

-

In the case of active/active arrays, upgrade order of nodes does not matter, but you still
must upgrade one node at a time. The Host MPIO ensures that I/O fails over and fails back
from one active path to another active path during this firmware upgrade process.

All nodes in an encryption group must be at the same firmware level before starting a rekey or
first-time encryption operation.

A firmware consistency check for Fabric OS 6.4.0(x) and later is enforced in an encryption
group if any of the v6.4.0(x) features is enabled, for example, device decommission, disk tape
co-existence, and replication. If any Fabric OS 6.4.0(x) feature is in an enabled state, then any
firmware download to Fabric OS v6.3.x or earlier is blocked.

-

Do not try registering a node running Fabric OS 6.3.x or earlier to an encryption group
when all nodes are running Fabric OS 6.4.0(x) with one or more Fabric OS 6.4.0(x) features
enabled.

-

Disable all Fabric OS 6.4.0(x) features before ejecting a node running Fabric OS 6.4.0(x)
and registering the node as a member of an encryption group with nodes running Fabric
OS 6.3.x or earlier.

Specific guidelines for HA clusters

The following are specific guidelines for a firmware upgrade of the encryption switch or blade when
deployed in HA cluster. The guidelines are based on the following scenario:

There are 2 nodes (BES1 and BES2) in the HA cluster.

Each node hosts certain number of CryptoTarget containers and associated LUNs.

Node 1 (BES1) needs to be upgraded first.

1. Change the failback mode to manual if it was set to auto by issuing the following command on

the group leader:

Admin:switch> cryptocfg --set -failbackmode manual

2. On node 1 (BES1), disable the encryption engine to force the failover of CryptoTarget

containers and associated LUNs onto the HA cluster peer member node 2 (BES2) by issuing
the following command.

Admin:switch> cryptocfg --disableEE