beautypg.com

Encryption group merge and split use cases, A member node failed and is replaced, Impact – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 237: Recovery

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

219

53-1002925-01

Encryption group merge and split use cases

6

After the failback completes, the cryptocfg

--

show

-

hacluster

-

all command no longer

reports active failover.

SecurityAdmin:switch> cryptocfg --show -hacluster -all

Encryption Group Name: brocade_1

Number of HA Clusters: 1

HA cluster name: HAC3 - 2 EE entries

Status: Committed

WWN

Slot Number Status

EE1 => 10:00:00:05:1e:53:89:dd 0 Online

EE2 => 10:00:00:05:1e:53:fc:8a 0 Online

Encryption group merge and split use cases

This section describes the following recovery scenarios and related operations:

“A member node failed and is replaced”

on page 219

“A member node reboots and comes back up”

on page 220

“A member node lost connection to the group leader”

on page 221

“A member node lost connection to all other nodes in the encryption group”

on page 221

“Several member nodes split off from an encryption group”

on page 222

“Adjusting heartbeat signaling values”

on page 223

“EG split possibilities requiring manual recovery”

on page 224

A member node failed and is replaced

Assume N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are
part of an HA cluster. Assume that N3 failed and you want to replace the failed N3 node with an
alternate node N4.

Impact

When N3 failed, all devices hosted on the encryption engines of this node failed over to the peer
encryption engines in N1, and N1 now performs all of the failed node’s encryption services. Rekey
sessions owned by the failed encryption engine are failed over to N1.

Recovery

1. Deregister the node N3 from the group leader node.

SecurityAdmin:switch> cryptocfg –-dereg –membernode

2. Reclaim the WWN base of the failed Brocade Encryption Switch.

SecurityAdmin:switch> cryptocfg --reclaim WWN –membernode

3. Synchronize the crypto configurations across all member nodes.

SecurityAdmin:switch> cryptocfg –-commit

See also other documents in the category Brocade Computer Accessories: