Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 300

282
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Brocade Encryption Switch removal and replacement
6
8. Power on the new Brocade Encryption Switch. Note that the FC cables have not yet been
plugged in.
9. Set the IP address for the new Brocade Encryption Switch using the ipAddrSet command for
the Mgmt and I/O links. Check that the switch name and domain ID associated with the
replacement switch match that of the original.
10. Zeroize the new Brocade Encryption Switch using the following command.
Admin:switch> cryptocfg –-zeroizeEE
11. If the encryption group (EG) has a system card authentication enabled, you need to reregister
the system card through the BNA client for the new EE. Refer to Chapter 2, Configuring
Encryption Using the Management Application.”
12. Initialize the new Brocade Encryption Switch node using following command.
Admin:switch> cryptocfg –-initnode
13. Initialize the new EE using the following command.
Admin:switch> cryptocfg –-initEE
14. Register the new EE using the following command.
Admin:switch> cryptocfg –-regEE
15. Enable the new EE using the following command.
Admin:switch> cryptocfg –-enableEE
16. Invoke the following command to clean up the WWN base on the new Brocade Encryption
Switch if it was used earlier.
Admin:switch> cryptocfg –-reclaim -cleanup
17. From the new Brocade Encryption Switch node, invoke the following command to export the CP
certificate of the new Brocade Encryption Switch.
Admin:switch> cryptocfg --export -scp -CPcert
18. From the group leader node, invoke the following command to import the new Brocade
Encryption Switch node certificate on the group leader node.
Admin:switch> cryptocfg --import -scp
19. From the group leader node, run the following command to register the new Brocade
Encryption Switch node as a member node on the group leader.
Admin:switch> cryptocfg --reg -membernode
20. Export the KAC CSR from the new node and sign the CSR from the SafeNet KeySecure Local
CA.