Adding an encryption engine to an ha cluster, Removing engines from an ha cluster, Swapping engines in an ha cluster – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

156

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

High availability clusters

3

NOTE

An HA cluster configuration must have two encryption engines before you can commit the
transaction with the cryptocfg

--

commit command. To commit an incomplete HA cluster, you have

the option to force the commit operation by issuing cryptocfg

--

commit

-

force. Use the forced

commit with caution, because the resulting configuration will not be functional and provide no
failover/failback capabilities.

Adding an encryption engine to an HA cluster

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

add

-

haclustemember command. Specify the HA cluster name and the

encryption engine node WWN. Provide a slot number if the encryption engine is a blade. The
following example adds a Brocade FS8-18 in slot 5 to the HA cluster HAC2.

FabricAdmin:switch> cryptocfg --add -haclustermember HAC2 \

10:00:00:60:5b:03:1c:90 5

EE Node WWN: 10:00:00:60:5b:03:1c:90 5 Slot number: 5Detected

Add HA cluster member status: Operation succeeded.

3. Add another encryption engine before committing the transaction.

NOTE

You cannot add the same node to the HA cluster.

Removing engines from an HA cluster

Removing the last engine from an HA cluster also removes the HA cluster. If only one engine is
removed from the cluster, you must either add another engine to the cluster, or remove the other
engine.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

remove

-

haclustemember command. Specify the HA cluster name and

the encryption engine node WWN. Provide a slot number if the encryption engine is a blade.
The following example removes a Brocade FS8-18 in slot 5 from the HA cluster HAC2.

FabricAdmin:switch> cryptocfg --remove -haclustermember HAC2 \

10:00:00:60:5b:03:1c:90 5

EE Node WWN: 10:00:00:60:5b:03:1c:90 5 Slot number: 5Detected

Remove HA cluster member status: Operation succeeded.

3. Either remove the second engine or add a replacement second engine, making sure all HA

clusters have exactly two engines.

Swapping engines in an HA cluster

Swapping engines is useful when replacing hardware. Swapping engines is different from removing
an engine and adding another because when you swap engines, the configured targets on the
former HA cluster member are moved to the new HA cluster member.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--

replace [

-

haclustermember HA_cluster_name] command.