Failover/failback example – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

254

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Encryption group and HA cluster maintenance

6

Performing a manual failback of an encryption engine

By default, failback occurs automatically if an encryption engine that failed was replaced or comes
back online. When manual failback policy is set in the encryption group, you must invoke a manual
failback of the encryption engine after the failing encryption engine was restored or replaced.
Failback includes all of the encryption engine’s target associations. Failback returns all encryption
operations to the original encryption engine after it has been restored, or it transfers operations to
a replacement encryption engine if the original encryption engine was replaced. The failback
operation can only be performed within an HA cluster.

1. Log in to the group leader as Admin or SecurityAdmin.

2. Enter the cryptocfg

--

failback

-

EE command. Specify the node WWN of the encryption engine

to which failover occurred earlier and which is now performing all encryption tasks (current
encryption engine), followed by the node WWN of the encryption engine to which failback
should occur (“new” encryption engine). Specify a slot number if the encryption engine is a
blade.

SecurityAdmin:switch>cryptocfg --failback -EE 10:00:00:05:1e:53:4c:91 \

10:00:00:05:1e:39:53:67

Operation Succeeded

Failover/failback example

The following example illustrates the states associated with the encryption engines during an
active failover and failback process.

•

EE2 fails over to EE1.

SecurityAdmin:switch> cryptocfg --show -hacluster -all

Encryption Group Name: brocade

Number of HA Clusters: 1

HA cluster name: HAC3- 2 EE entries

Status: Committed

WWN Slot Number Status
EE1 => 10:00:00:05:1e:53:89:dd 0 Online - Failover active
EE2 => 10:00:00:05:1e:53:fc:8a 0 Offline

•

The failed EE2 has come back online, Failover is still active:

SecurityAdmin:switch> cryptocfg --show -hacluster -all

Encryption Group Name: brocade

Number of HA Clusters: 1

HA cluster name: HAC3 - 2 EE entries

Status: Committed

WWN Slot Number Status

EE1 => 10:00:00:05:1e:53:89:dd 0 Online - Failover active

EE2 => 10:00:00:05:1e:53:fc:8a 0 Online

•

A manual failback is issued.

SecurityAdmin:switch> cryptocfg --failback -EE 10:00:00:05:1e:53:89:dd 0 \

10:00:00:05:1e:53:fc:8a 0

Operation succeeded.