beautypg.com

Downgrading firmware from fabric os 7.1.0 – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 275

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

257

53-1002925-01

Downgrading firmware from Fabric OS 7.1.0

6

Downgrading firmware from Fabric OS 7.1.0

If you are attempting to download firmware to a Fabric OS version earlier than v6.4.0, for example,
v6.3.0(x), you might be prompted with the following error message, even if there are no failed
decommissioned LUNs, and even if no decommissioned key ID list exists on a node:

"Downgrade is not allowed for this key vault type, as device decommission feature is in use. Please
use cryptocfg

--

delete

-

decommissionedkeyids to disable device decommission. Make sure that

no LUN is undergoing decommission or is in failed state.”

If a device decommission firmware consistency check is enabled in the encryption group, firmware
downgrades to a Fabric OS version earlier than v6.4. will be blocked until the firmware consistency
check for device decommission feature is disabled.

The firmware consistency check for device decommission is enabled when you execute the
following:

SecurityAdmin:switch> cryptocfg --decommission -container

-initiator -LUN

The firmware consistency check for device decommission is disabled when you execute the
following:

SecurityAdmin:switch> cryptocfg --delete –decommissionedkeyids

The success of the operation does not mandate that the firmware consistency check be
disabled for device decommission.

NOTE

When disabling the firmware consistency check, there should be no LUNs with pending
decommission or in a failed state. If the firmware download to a version earlier than Fabric OS 6.4.0
is disallowed because of any LUNs under decommission or in a failed state, you must either
complete decommissioning or remove the offending LUNs before retrying cryptocfg

--

delete

-

decommissionedkeyids to disable the firmware consistency check.

NOTE

You should not join a Fabric OS 6.3.0(x) node into an encryption group or eject a node with Fabric
OS 6.4.0 and later when the firmware consistency check for the device decommission feature is
enabled in the encryption group.

See also other documents in the category Brocade Computer Accessories: