Node is a group leader node, Node is a member node, Setting encryption node initialization – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 166

Advertising
background image

148

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Setting encryption node initialization

3

IP Address change of a node within an encryption group

Modifying the IP address of a node that is part of an encryption group is disruptive in terms of
cluster operation. The change causes the encryption group to split, and if the node was part of an
HA cluster, failover/failback capability is lost. The ipAddrSet command issues no warning and you
are not prevented from changing a node IP address that is part of a configured encryption group or
HA cluster. The recommended steps for modifying the IP address of a node are provided below. the
procedures are based on whether the node is a group leader or a member node.

Node is a group leader node

1. Log in to the group leader as Admin or SecurityAdmin.

2. Reboot the encryption switch/DCX Backbone chassis (both active and standby central

processors) so the existing group leader fails over and one of the member nodes assumes the
role of group leader.

a. If the Encryption Group (EG) is not a single node EG, reboot the encryption switch/DCX

Backbone chassis (both active and standby central processors) so the existing group
leader fails over and one of the member nodes assumes the role of group leader.

b. If the node is a single node EG, complete the following steps:

1. Delete the encryption group.

2. Change the IP of the switch.

3. Create the encryption group.

3. After the encryption group is converged, complete the steps noted in

“Node is a member

node”

.

Node is a member node

1. Log in to the group leader as Admin or SecurityAdmin.

2. Eject and deregister the node from the encryption group.

3. Change the IP address of the member node using the new IP address.

4. Reboot the member node (the node on which the IP address has been modified).

5. Reregister the node with the group leader using new IP address.

Setting encryption node initialization

When an encryption node is initialized, the following security parameters and certificates are
generated:

FIPS crypto officer

FIPS user

Node CP certificate

A signed Key Authentication Center

(

KAC) certificate

A KAC Certificate Signing Request (CSR)

Advertising
Popular Brands
Popular manuals