beautypg.com

Section – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 278

background image

258

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

Encryption group merge and split use cases

6

6. Verify your encryption group is re-converged.

Node181:admin-> cryptocfg --show -groupcfg

Node182:admin-> cryptocfg --show -groupcfg

Both nodes will now show a two node CONVERGED EG in which Node182 is the group leader
ode and Node181 is a member Node.

The above manual configuration recovery procedure will work nearly identically for all combinations
of EG split scenarios. Simply perform the following steps for the other scenarios:

Pick one EG/EG Leader to be maintained.

Using that GL Node, deregister all Nodes which are in a DISCOVERING state as determined by
the output of the cryptocfg

--

show

-

groupmember

-

all command.

Go to the other EG islands and delete the EGs.

-

In the one case where the other EG has a member node which is in a DISCOVERED state,
you will first need to eject that DISCOVERED Node prior to being allowed to delete that
other EG.

From the only remaining EG/EG leader, reregister the previously deregistered Nodes.

Confirm the EG is converged.

Configuration impact of encryption group split or node isolation

When a node is isolated from the encryption group or the encryption group is split to form separate
encryption group islands, the defined or registered node list in the encryption group is not equal to
the current active node list, and the encryption group is in a DEGRADED state rather than in a
CONVERGED state.

Table 7

and

Table 8

list configuration changes that are allowed and disallowed

under such conditions

.

TABLE 7

Allowed Configuration Changes

Configuration Type

Allowed configuration changes

Encryption group

Adding a node to the encryption group

Removing a node from the encryption group

Invoking a node leave command

Deleting an encryption group

Registering a member node (IP address, certificates)

HA cluster

Removing an encryption engine from an HA cluster

Deleting an HA cluster

Security & key vault

Initializing a node

Initializing an encryption engine

Re-registering an encryption engine

Zeroizing an encryption engine

See also other documents in the category Brocade Computer Accessories: