Deregistering a dpm key vault – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 310

Advertising
background image

290

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Deregistering a DPM key vault

6

30. Verify that defzone is set as no access.

31. If HA cluster membership for the old Brocade Encryption Switch was in place. Do the following

for moving container movement to the new Brocade Encryption Switch.

a. Replace the old EE with the new EE using the following command on the group leader.

Admin:switch> cryptocfg -–replace <WWN of Old BES> <WWN of new BES>

b. Issue commit.

Admin:switch> cryptocfg --commit

c. Replace the HAC membership from the old EE to the new EE using the following command

on the group leader.

Admin:switch> cryptocfg –-replace –haclustermember <HA cluster name> <WWN

of Old BES> <WWN of New BES>

d. Issue commit.

Admin:switch> cryptocfg –-commit

e. If “manual” failback was set on the HA cluster, you must manually fail back the LUNs

owned by the newly replaced Brocade Encryption Switch.

32. If HA cluster membership for the old Brocade Encryption Switch was not in place. Do the

following for moving container to the New BES.

a. Replace the old EE with the new EE using following command on the group leader.

Admin:switch> cryptocfg -–replace <WWN of Old BES> <WWN of new BES>

b. Issue commit.

Admin:switch> cryptocfg --commit

33. Check the EG state using the following command to ensure that the entire EG is in a converged

and In Sync state.

Admin:switch> cryptocfg –-show –groupcfg

Deregistering a DPM key vault

Each Brocade Encryption Switch is associated with an identity and a client on the DPM 3.2 server.
Before reregistering the DPM server on the Brocade Encryption Switch, make sure the previous
client entry is removed from the DPM server.

You can identify the client name of the Brocade Encryption Switch on the DPM Key Vault using the
cryptocfg

--

show

-

groupcfg command, which displays the Client Username. A sample output is

provided.

SecurityAdmin:switch> cryptocfg --show -groupcfg

Primary Key Vault:

IP address: 10.11.1.111 Certificate ID: RSA

Certificate label: dpm

State: Connected

Advertising
Popular Brands
Popular manuals