beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 300

background image

280

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

53-1002923-01

Brocade Encryption Switch removal and replacement

6

6. Replace the old Brocade Encryption Switch with the new Brocade Encryption Switch and

reconnect the Mgmt link, I/O links, and FC cables.

7. Reconnect the I/O sync ports to the same private LAN as the I/O sync ports of the failed node.

8. Power on the new Brocade Encryption Switch. Note that the FC cables have not yet been

plugged in.

9. Set the IP address for the new Brocade Encryption Switch using the ipAddrSet command for

the Mgmt and I/O links. Check that the switch name and domain ID associated with the
replacement switch match that of the original.

10. If the encryption group (EG) has a system card authentication enabled, you need to reregister

the system card through the BNA client for the new EE. Refer to Chapter 2, Configuring
Encryption Using the Management Application.”

11. Initialize the new Brocade Encryption Switch node using following command.

Admin:switch> cryptocfg –-initnode

12. Zeroize the new Brocade Encryption Switch using the following command.

Admin:switch> cryptocfg –-zeroizeEE

13. Initialize the new EE using the following command.

Admin:switch> cryptocfg –-initEE

14. Register the new EE using the following command.

Admin:switch> cryptocfg –-regEE

15. Enable the new EE using the following command.

Admin:switch> cryptocfg –-enableEE

16. Invoke the following command to clean up the WWN base on the new Brocade Encryption

Switch if it was used earlier.

Admin:switch> cryptocfg –reclaim --cleanup

17. From the new Brocade Encryption Switch node, invoke the following command to export the CP

certificate of the new Brocade Encryption Switch.

Admin:switch> cryptocfg --export -scp -CPcert

path>

18. From the group leader node, invoke the following command to import the new Brocade

Encryption Switch node certificate on the group leader node.

Admin:switch> cryptocfg --import -scp

user>

19. From the group leader node, run the following command to register the new Brocade

Encryption Switch node as a member node on the group leader.

Admin:switch> cryptocfg --reg -membernode

IP address>

20. Export the KAC CSR from new node and sign the CSR from the HP SKM/ESKM Local CA.

See also other documents in the category Brocade Computer Accessories: