beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 300

background image

282

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Brocade Encryption Switch removal and replacement

6

8. Power on the new Brocade Encryption Switch. Note that the FC cables have not yet been

plugged in.

9. Set the IP address for the new Brocade Encryption Switch using the ipAddrSet command for

the Mgmt and I/O links. Check that the switch name and domain ID associated with the
replacement switch match that of the original.

10. Zeroize the new Brocade Encryption Switch using the following command.

Admin:switch> cryptocfg –-zeroizeEE

11. If the encryption group (EG) has a system card authentication enabled, you need to reregister

the system card through the BNA client for the new EE. Refer to Chapter 2, Configuring
Encryption Using the Management Application.”

12. Initialize the new Brocade Encryption Switch node using following command.

Admin:switch> cryptocfg –-initnode

13. Initialize the new EE using the following command.

Admin:switch> cryptocfg –-initEE

14. Register the new EE using the following command.

Admin:switch> cryptocfg –-regEE

15. Enable the new EE using the following command.

Admin:switch> cryptocfg –-enableEE

16. Invoke the following command to clean up the WWN base on the new Brocade Encryption

Switch if it was used earlier.

Admin:switch> cryptocfg –-reclaim -cleanup

17. From the new Brocade Encryption Switch node, invoke the following command to export the CP

certificate of the new Brocade Encryption Switch.

Admin:switch> cryptocfg --export -scp -CPcert path>

18. From the group leader node, invoke the following command to import the new Brocade

Encryption Switch node certificate on the group leader node.

Admin:switch> cryptocfg --import -scp user>

19. From the group leader node, run the following command to register the new Brocade

Encryption Switch node as a member node on the group leader.

Admin:switch> cryptocfg --reg -membernode IP address>

20. Export the KAC CSR from the new node and sign the CSR from the SafeNet KeySecure Local

CA.

See also other documents in the category Brocade Computer Accessories: