Firmware upgrade and downgrade considerations, General guidelines – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 246
228
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Firmware upgrade and downgrade considerations
5
Firmware upgrade and downgrade considerations
Before upgrading or downgrading firmware, consider the following:
•
The encryption engine and the control processor or blade processor are reset after a firmware
upgrade. Disruption of encryption I/O can be avoided if an HA cluster is configured. If
encryption engines are configured in an HA cluster, perform firmware upgrades one encryption
engine at a time so that the partner switch in the HA cluster can take over I/O by failover during
a firmware upgrade. When switches form a DEK cluster, firmware upgrades should also be
performed one at a time for all switches in the DEK cluster to ensure that a host MPIO failover
path is always available.
•
The following warning can be ignored if the nodes in an EG are running different versions of
Fabric OS.
“2011/04/12-18:41:08, [SPM-1016], 17132, FID 128, WARNING, Security database is out of
sync.”
When the key vault type is set to KMIP, a firmware downgrade to Fabric OS 7.0.x or v6.4.x will
be blocked with the following error message “Downgrade is not allowed when key vault type is
KMIP. Please use "cryptocfg
--
set
-
keyvault type" to set a different key vault type other than
KMIP to disable the feature.” Please follow the steps noted in the error message to disable the
feature and thus allow a firmware downgrade to Fabric OS 7.0.x or v6.4.x.
•
A downgrade to Fabric OS 7.0.1 results in the loss of thin provision LUN information.
•
When doing a firmware upgrade to Fabric OS 7.0.0 or downgrade from Fabric OS 7.0.0, the
message SPM-1016 will be observed on v7.0.0 nodes in the encryption group (EG) when other
nodes in that EG that are still running versions earlier than Fabric OS 7.0.0. Although this is a
warning message, it is transient and is only observed during a firmware upgrade or downgrade
operation. The message can be ignored.
•
You cannot downgrade to a Fabric OS version prior to v6.2.0.
General guidelines
General guidelines for a firmware upgrade of encryption switches and a DCX Backbone chassis
with encryption blades in encryption groups, HA clusters, and DEK clusters are as follows:
•
Upgrade one node at time.
•
Do not perform a firmware upgrade when rekey operations and first-time encryption operations
are underway.
•
Do not start any manual rekey operations and first-time encryption operations during the
firmware upgrade process for all nodes in the HA/DEK cluster.
Guidelines for firmware upgrade of encryption switches and a DCX Backbone chassis with
encryption blades deployed in a DEK cluster with two HA clusters:
•
Upgrade nodes in one HA cluster at a time.
•
Within an HA cluster, upgrade one node at a time.