beautypg.com

High availability cluster configuration, Ha cluster configuration rules – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 150

background image

132

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

High availability cluster configuration

3

State: DEF_NODE_STATE_DISCOVERED

Role: MemberNode

IP Address: 10.32.244.60

Certificate: enc1_cpcert.pem

Current Link Key State: Not configured

Current Link KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Alternate Link Key State:Not configured

Alternate Link KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot:

0

SP state: Unknown State

Current Link KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Alternate Link KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

NOTE

When exporting a certificate to a location other than your home directory, you must specify a
fully qualified path that includes the target directory and file name. When exporting to USB
storage, certificates are stored by default in a predetermined directory, and you only need to
provide a file name for the certificate. An easy way to track exported certificates is by using the
base certificate name with the appropriate file extension (*.pem) and prefixing the name with
a character string that identifies the certificate’s originator, for example, the switch IP address
or host name.

High availability cluster configuration

An HA cluster consists of two encryption engines configured to host the same CryptoTargets and to
provide Active/Standby failover and failback capabilities in a single fabric. Failover is automatic
(not configurable). Failback occurs automatically by default, but is configurable with a manual
failback option. All encryption engines in an encryption group share the same DEK for a disk or
tape LUN.

An HA cluster has the following limitations:

The encryption engines that are part of an HA cluster must belong to the same encryption
group and be part of the same fabric.

An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a
fabric transparent to host MPIO software.

NOTE

The CLI does not allow creation of an HA cluster if the node is not in the encryption group.

HA cluster configuration rules

The following rules apply when configuring an HA cluster:

All HA cluster configuration and related operations must be performed on the group leader.

Cluster links must be configured before creating an HA cluster. Refer to the section

“Configuring cluster links”

on page 118 for instructions.

See also other documents in the category Brocade Computer Accessories: