beautypg.com

Single-node eg replacement – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 272

background image

254

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Brocade Encryption Switch removal and replacement

6

Single-node EG Replacement

1. Upload the configuration stored on the Brocade Encryption Switch you are replacing using the

FOS configupload command.

2. Power off the Brocade Encryption Switch. Remove the Mgmt Link, I/O links, and FC cables from

the Brocade Encryption Switch, noting where each was attached so that the replacement
Brocade Encryption Switch can be cabled properly.

3. Power on the new Brocade Encryption Switch. Note that the FC cables have not yet been

plugged in.

4. Set the IP address for the new Brocade Encryption Switch using the ipAddrSet command for

both Mgmt and I/O links. Check that the switch name and domain ID associated with the
replacement switch match that of the original.

5. Initialize the new Brocade Encryption Switch node using following command:

Admin:switch> cryptocfg --initnode

6. Zeroize the new Brocade Encryption Switch.

Admin:switch> cryptocfg --zeroizeEE

7. If system card authentication was enabled, you must re-register the system card through the

BNA client for the new encryption engine.

8. Initialize the new encryption engine using the following command.

Admin:switch> cryptocfg --initEE [slotnumber]

9. Register the new encryption engine using the following command.

Admin:switch> cryptocfg --regEE [slotnumber]

10. Enable the new encryption engine using the following command.

Admin:switch> cryptocfg --enableEE [slotnumber]

11. Invoke the following command to cleanup any WWN entries which are used earlier.

Admin:switch> cryptocfg --reclaim -cleanup

12. Recreate the EG with the same name as before using the following command.

Admin:switch> cryptocfg –-create –encgroup

13. Invoke configdownload from the previous uploaded configuration.

14. Enable the switch using the switchenable command.

15. Deregister both key vaults using the following command.

Admin:switch> crypocfg –-dereg –keyvault

16. Establish the trusted link with both the primary and secondary LKM/SSKMs from this node.

a. Invoke the following command on the new node:

Admin:switch> cryptocfg --dhchallenge

See also other documents in the category Brocade Computer Accessories: