Adding a member node to an encryption group – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 178

160
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Adding a member node to an encryption group
3
Server SDK Version: 4.8.1
Encryption Node (Key Vault Client) Information:
Node KAC Certificate Validity: Yes
Time of Day on the Switch: 2010-03-17 17:22:05
Client SDK Version: 4.8.2.000017
Client Username: brcduser1
Client Usergroup: brocade
Connection Timeout: 10 seconds
Response Timeout: 10 seconds
Connection Idle Timeout: N/A
Key Vault configuration and connectivity checks successful, ready for key
operations.
Authentication Quorum Size: 0
Authentication Cards:
Certificate ID / label : qc.4250420d02048578 /
sumita:gorla:qc.4250420d02048578
Certificate ID / label : qc.4250420d02047881 /
sumita:gorla:qc.4250420d02047881
NODE LIST
Total Number of defined nodes: 2
Group Leader Node Name: 10:00:00:05:1e:53:8a:67
Encryption Group state: CLUSTER_STATE_CONVERGED
Node Name IP address Role
10:00:00:05:1e:53:8a:83 10.32.71.127 MemberNode (current node)
EE Slot: 0
SP state: Online
10:00:00:05:1e:53:8a:67 10.32.71.129 GroupLeader
EE Slot: 0
SP state: Online
Adding a member node to an encryption group
During the initialization phase a set of key pairs and certificates are generated on every node.
These certificates are used for mutual identification and authentication with other group members
and with KMIP. Every device must have a certificate in order to participate in a deployment of
encryption services. Some devices must have each other’s certificates in order to communicate.
Before adding a member node to an encryption group, ensure that the node has been properly
initialized and that all encryption engines are in an enabled state. See
After adding the member node to the encryption group, the following operations can still be
performed on the member node if necessary. Initially, these commands should not be necessary if
the initialization procedure was followed:
•
cryptocfg
--
initEE
•
cryptocfg
--
regEE
•
cryptocfg
--
enableEE