Configuration upload and download considerations – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 250
230
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Configuration upload and download considerations
5
3. Ensure that these CryptoTarget Containers and LUNs actually fail over to node 2 (BES2) in the
HA cluster. Check for all LUNs in encryption enabled state on node 2 (BES2). This ensures that
I/O also fails over to node 2 (BES2) and continues during this process.
4. On node 1 (BES1) enable the encryption engine (EE), by issuing the following command.
Admin:switch> cryptocfg --enableEE
5. Start firmware download (upgrade) on the node 1 (BES1). Refer to the Fabric OS
Administrator’s Guide to review firmware download procedures.
6. After firmware download is complete and node 1 (BES1) is back up, make sure the encryption
engine is online.
7. On node 1 (BES1) initiate manual failback of CryptoTarget containers and associated LUNs
from node 2 (BES2) to node 1 (BES1) by issuing the following command.
Admin:switch> cryptocfg --failback -EE
8. Check that CryptoTarget Containers and associated LUNs fail back successfully on node 1
(BES1), and host I/O also moves from node 2 (BES2) to node 1 (BES1) and continues during
the failback process.
9. To upgrade node 2 (BES2), Repeat steps 2 to 8.
10. After all nodes in the Encryption Group have been upgraded, change back the failback mode to
auto from manual, if required, by issuing the following command.
Admin:switch> cryptocfg --set -failback auto
Configuration upload and download considerations
Security information is not included when you upload a configuration from an encryption switch or
blade. Extra steps are necessary before and after download to re-establish that information. The
following sections describe what information is included in a upload from an encryption group
leader and encryption group member load, what information is not included, and the steps to take
to re-establish the information.
Configuration upload at an encryption group leader node
A configuration upload performed at an encryption group leader node contains the following:
•
The local switch configuration.
•
Encryption group-related configuration.
•
The encryption group-wide configuration of CryptoTargets, disk and tape LUNs, tape pools, HA
clusters, security, and key vaults.