Encryption group merge and split use cases, A member node failed and is replaced, Impact – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 271: Recovery

Advertising
background image

Fabric OS Encryption Administrator’s Guide (KMIP)

253

53-1002747-02

Encryption group merge and split use cases

6

After the failback completes, the cryptocfg

--

show

-

hacluster

-

all command no longer

reports active failover.

SecurityAdmin:switch> cryptocfg --show -hacluster -all
Encryption Group Name: brocade_1
Number of HA Clusters: 1

HA cluster name: HAC3 - 2 EE entries
Status: Committed
WWN

Slot Number Status

EE1 => 10:00:00:05:1e:53:89:dd 0 Online
EE2 => 10:00:00:05:1e:53:fc:8a 0 Online

Encryption group merge and split use cases

This section describes the following recovery scenarios and related operations:

“A member node failed and is replaced”

on page 253

“A member node reboots and comes back up”

on page 254

“A member node lost connection to the group leader”

on page 255

“A member node lost connection to all other nodes in the encryption group”

on page 255

“Several member nodes split off from an encryption group”

on page 256

“Adjusting heartbeat signaling values”

on page 257

“EG split possibilities requiring manual recovery”

on page 258

A member node failed and is replaced

Assume N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are
part of an HA cluster. Assume that N3 failed and you want to replace the failed N3 node with an
alternate node N4.

Impact

When N3 failed, all devices hosted on the encryption engines of this node failed over to the peer
encryption engines in N1, and N1 now performs all of the failed node’s encryption services. Rekey
sessions owned by the failed encryption engine are failed over to N1.

Recovery

1. Deregister the node N3 from the group leader node.

SecurityAdmin:switch> cryptocfg –-dereg –membernode <N3 switchWWN>

2. Reclaim the WWN base of the failed Brocade Encryption Switch.

SecurityAdmin:switch> cryptocfg --reclaim WWN –membernode <N3 switchWWN>

3. Synchronize the crypto configurations across all member nodes.

SecurityAdmin:switch> cryptocfg –-commit

Advertising
Popular Brands
Popular manuals