High availability clusters, Ha cluster configuration rules – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 182
164
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
High availability clusters
3
2. Export the master key to the key vault. Make a note of the key ID and the passphrase. You will
need the Key ID and passphrase should you have to restore the master key from the key vault.
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter the passphrase: passphrase
Master key exported. Key ID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2
3. Save the master key to a file.
SecurityAdmin:switch> cryptocfg --exportmasterkey -file
Master key file generated.
4. Export the master key to an SCP-capable external host:
SecurityAdmin:switch> cryptocfg --export -scp -currentMK \
192.168.38.245 mylogin GL_MK.mk
Password:
Operation succeeded.
High availability clusters
A high availability (HA) cluster consists of exactly two encryption engines configured to host the
same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single
fabric. Failback occurs automatically by default, but is configurable with a manual failback option.
All encryption engines in an encryption group share the same DEK for a disk or tape LUN.
HA cluster configuration rules
The following rules apply when configuring an HA cluster:
•
The encryption engines that are part of an HA cluster must belong to the same encryption
group and be part of the same fabric.
•
An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a
fabric transparent to host MPIO software.
•
HA cluster configuration and related operations must be performed on the group leader.
•
HA clusters of FS8-18 blades should not include blades in the same DCX Backbone chassis.
NOTE
In Fabric OS 6.3.0 and later, HA cluster creation is blocked when encryption engines belonging
to FS8-18 blades in the same DCX Backbone Chassis are specified.
•
Cluster links must be configured before creating an HA cluster. Refer to the section
on page 146 for instructions.
•
Configuration changes must be committed before they take effect. Any operation related to an
HA cluster that is performed without a commit operation will not survive across switch reboots,
power cycles, CP failover, or HA reboots.