Deleting an encryption group, Removing an ha cluster member – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 269
Fabric OS Encryption Administrator’s Guide (DPM)
249
53-1002922-01
Encryption group and HA cluster maintenance
6
Deleting an encryption group
You can delete an encryption group after removing all member nodes following the procedures
described in the previous section. The encryption group is deleted on the group leader after you
have removed all member nodes.
Before deleting the encryption group, it is highly recommended that you remove the group leader
from the HA cluster and clear all CryptoTarget and tape pool configurations for the group.
The following example deletes the encryption group “brocade”.
1. Log in to the group leader as Admin or SecurityAdmin
2. Enter the cryptocfg
--
delete
-
encgroup command followed by the encryption group name.
SecurityAdmin:switch> cryptocfg --delete -encgroup CRYPTO_LSWAT
This will permanently delete the encryption group configuration
ARE YOU SURE (yes, y, no, n): [no] y
Encryption group delete status: Operation Succeeded.
Removing an HA cluster member
Removing an encryption engine from an HA cluster “breaks” the HA cluster by removing the
failover/failback capability for the removed encryption engines, However, the removal of an
encryption engine does not affect the relationship between configured containers and the
encryption engine that is removed from the HA cluster. The containers still belong to this encryption
engine and encryption operations continue.
The remove command should not be used if an encryption engine which failed over exists in the HA
Cluster. Refer to the section
“Replacing an HA cluster member”
on page 251 for instructions on
replacing a failed encryption engine in an HA cluster.
1. Log in to the group leader as Admin or SecurityAdmin.
2. Enter the cryptocfg
--
remove
-
haclustermember command. Specify the HA cluster name and
the node WWN to be removed. Provide a slot number if the encryption engine is a blade. The
following example removes HA cluster member 10:00:00:05:1e:53:74:87 from the HA cluster
HAC2.
SecurityAdmin:switch>cryptocfg --remove -haclustermember HAC2 \
10:00:00:05:1e:53:74:87
Remove HA cluster member status: Operation Succeeded.
3. Enter cryptocfg
--
commit to commit the transaction.