beautypg.com

Configuration upload and download considerations – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 250

background image

230

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Configuration upload and download considerations

5

3. Ensure that these CryptoTarget Containers and LUNs actually fail over to node 2 (BES2) in the

HA cluster. Check for all LUNs in encryption enabled state on node 2 (BES2). This ensures that
I/O also fails over to node 2 (BES2) and continues during this process.

4. On node 1 (BES1) enable the encryption engine (EE), by issuing the following command.

Admin:switch> cryptocfg --enableEE

5. Start firmware download (upgrade) on the node 1 (BES1). Refer to the Fabric OS

Administrator’s Guide to review firmware download procedures.

6. After firmware download is complete and node 1 (BES1) is back up, make sure the encryption

engine is online.

7. On node 1 (BES1) initiate manual failback of CryptoTarget containers and associated LUNs

from node 2 (BES2) to node 1 (BES1) by issuing the following command.

Admin:switch> cryptocfg --failback -EE

8. Check that CryptoTarget Containers and associated LUNs fail back successfully on node 1

(BES1), and host I/O also moves from node 2 (BES2) to node 1 (BES1) and continues during
the failback process.

9. To upgrade node 2 (BES2), Repeat steps 2 to 8.

10. After all nodes in the Encryption Group have been upgraded, change back the failback mode to

auto from manual, if required, by issuing the following command.

Admin:switch> cryptocfg --set -failback auto

Configuration upload and download considerations

Security information is not included when you upload a configuration from an encryption switch or
blade. Extra steps are necessary before and after download to re-establish that information. The
following sections describe what information is included in a upload from an encryption group
leader and encryption group member load, what information is not included, and the steps to take
to re-establish the information.

Configuration upload at an encryption group leader node

A configuration upload performed at an encryption group leader node contains the following:

The local switch configuration.

Encryption group-related configuration.

The encryption group-wide configuration of CryptoTargets, disk and tape LUNs, tape pools, HA
clusters, security, and key vaults.

See also other documents in the category Brocade Computer Accessories: