Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

287

53-1002923-01

Splitting an encryption group into two encryption groups

6

Splitting an encryption group into two encryption groups

In this example, which is represented in

Table 16

, you have one encryption group with four nodes

from which you want to remove two of the nodes and add them to a new encryption group.

1. Enter the following command on FOS1 to reclaim the VI/VT WWN base for FOS3:

Admin:switch> cryptocfg --reclaimWWN -membernode

When prompted, enter yes.

2. Enter the following command on FOS1 to propagate the change to all nodes in the EG:

Admin:switch> cryptocfg --commit

3. Enter the following command in FOS1 to eject node FOS3 from the EG:

Admin:switch> cryptocfg --eject -membernode

4. Enter the following command on FOS1 to deregister the ejected node from the encryption

group:

Admin:switch> cryptocfg --dereg -membernode

5. Enter the following command on FOS3 to clean up the encryption configuration on the

deregistered node:

Admin:switch> cryptocfg –-reclaimWWN –cleanup

When prompted, enter yes to each prompt.

6. Repeat steps 1–5 for FOS4.

7. Create a new EG on FOS3:

a. Create the group:

Admin:switch> cryptocfg --create -encgroup FOS3

b. Set the key vault type. (The same key vault type is used for both SKM and ESKM.)

Admin:switch> cryptocfg --set -keyvault SKM

TABLE 16

Splitting an encryption group

Encryption group

Nodes

Original EG

FOS1 (Group Leader)
FOS2
FOS3
FOS4

New EG1

FOS1 (Group Leader)
FOS2

New EG2

FOS3 (Group Leader)
FOS4