beautypg.com

Steps after configuration download – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 252

background image

232

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Configuration upload and download considerations

5

Configuration download at the encryption group leader

The configuration download contains the encryption group-wide configuration information about
CryptoTargets, disk and tape LUNs, tape pools, HA clusters, security, and key vaults. The encryption
group leader first applies the encryption group-wide configuration information to the local
configuration database and then distributes the configuration to all members in the encryption
group. Also any layer-2 and switch specific configuration information is applied locally to the
encryption group leader.

Configuration download at an encryption group member

Switch specific configuration information pertaining to the member switch or blade is applied.
Information specific to the encryption group leader is filtered out.

Steps after configuration download

For all opaque key vaults, restore or generate and backup the master key. In a multiple node
encryption group, the master key is propagated from the group leader node.

1. Use the following command to enable the encryption engine.

Admin:switch> cryptocfg --enableEE [slot num]

2. Commit the configuration.

Admin:switch> cryptocfg --commit

3. If there are containers that belonged to the old encryption switch or blade, then after

configdownload is run, use the following command to change the ownership of containers to
the new encryption switch or blade, assuming the host and target physical zone exists.

Admin:switch> cryptocfg --replace

4. Commit the configuration.

Admin:switch> cryptocfg --commit

5. Use the following command to check if the switch or blade has the master key.

Admin:switch> cryptocfg --show -groupmember

6. If a master key is not present, restore the master key from backed up copy. Procedures will

differ depending on the backup media used (from recovery smart cards, from the key vault,
from a file on the network or a file on a USB-attached device). If new master key needs to be
generated, generate the master key and back it up.

If authentication cards are used, set the authentication quorum size from the encryption group
leader node after importing and registering the necessary number of Authentication Card
certificates.

See also other documents in the category Brocade Computer Accessories: