Setting heartbeat signaling values – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 162
142
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Steps for connecting to a DPM appliance
3
Setting heartbeat signaling values
Encryption group nodes use heartbeat signaling to communicate to one another and to their
associated key vaults. The default heartbeat signaling values are three retries (heartbeat misses)
with a two-second timeout (heartbeat timeout) between each retry. If three consecutive heartbeats
are missed (the equivalent of six seconds without contact), the encryption group leader node
declares a member node as unreachable, resulting in an encryption group split scenario (EG split).
It is highly recommended that all nodes comprising your encryption group and your key vaults be a
part of a dedicated management LAN or on a LAN that is stable and not congested to avoid the
possibility of an EG split. The default values are appropriate for a LAN that is stable and not
congested.
In the unlikely scenario of an EG split, the encryption group automatically begins an auto-recovery
process. No user intervention is required unless the congestion in the network or network loss is
prolonged or continuous. Under such conditions, auto-recovery will most likely fail, as the
encryption group leader node will not be able to establish a clean series of heartbeats with the
other member nodes. Refer to
“EG split possibilities requiring manual recovery”
manual recovery procedures.
If the management network becomes congested or unreliable, resulting in excessive auto-recovery
processing or the need for manual recovery from EG splits, it is possible to set larger heartbeat and
heartbeat timeout values to mitigate the chances of having the EG split while the network issues
are being addressed. The following commands are issued from the encryption group leader nodes
to change the heartbeat signaling values.
switch:admin-> cryptocfg -set -hbmisses <number>
switch:admin-> cryptocfg -set -hbtimeout <time>
Where:
NOTE
The collective time allowed (the heartbeat timeout value multiplied by the heartbeat misses) cannot
exceed 30 seconds. (This is enforced by Fabric OS.)
If the group leader is the only member in the encryption group, proceed to
Fabric OS encryption group leader”
To add encryption group members, see
“Adding a member node to an encryption group”
<number>
Sets the number of heartbeat misses allowed in a node that is part of an encryption
group before the node is declared unreachable. This value is set in conjunction with the
timeout value. It must be configured at the group leader node and is distributed to all
member nodes in the encryption group. The value entered specifies the number of
heartbeat misses. The default value is 3. Valid values are integers ranging from
3–14.
<time>
Sets the timeout value for the heartbeat. This parameter must be configured at the
group leader node and is distributed to all member nodes in the encryption group. The
value entered specifies the heartbeat timeout in seconds. The default value is 2
seconds. Valid values are integers ranging from 2–9.