beautypg.com

High availability clusters, Ha cluster configuration rules – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 182

background image

164

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

High availability clusters

3

2. Export the master key to the key vault. Make a note of the key ID and the passphrase. You will

need the Key ID and passphrase should you have to restore the master key from the key vault.

SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter the passphrase: passphrase
Master key exported. Key ID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2

3. Save the master key to a file.

SecurityAdmin:switch> cryptocfg --exportmasterkey -file
Master key file generated.

4. Export the master key to an SCP-capable external host:

SecurityAdmin:switch> cryptocfg --export -scp -currentMK \
192.168.38.245 mylogin GL_MK.mk
Password:
Operation succeeded.

High availability clusters

A high availability (HA) cluster consists of exactly two encryption engines configured to host the
same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single
fabric. Failback occurs automatically by default, but is configurable with a manual failback option.
All encryption engines in an encryption group share the same DEK for a disk or tape LUN.

HA cluster configuration rules

The following rules apply when configuring an HA cluster:

The encryption engines that are part of an HA cluster must belong to the same encryption
group and be part of the same fabric.

An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a
fabric transparent to host MPIO software.

HA cluster configuration and related operations must be performed on the group leader.

HA clusters of FS8-18 blades should not include blades in the same DCX Backbone chassis.

NOTE

In Fabric OS 6.3.0 and later, HA cluster creation is blocked when encryption engines belonging
to FS8-18 blades in the same DCX Backbone Chassis are specified.

Cluster links must be configured before creating an HA cluster. Refer to the section

“Configuring cluster links”

on page 146 for instructions.

Configuration changes must be committed before they take effect. Any operation related to an
HA cluster that is performed without a commit operation will not survive across switch reboots,
power cycles, CP failover, or HA reboots.

See also other documents in the category Brocade Computer Accessories: