Encryption group database manual operations, Manually synchronizing the security database, Table 8 – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Fabric OS Encryption Administrator’s Guide (KMIP)

263

53-1002747-02

Encryption group database manual operations

6

Encryption group database manual operations

Manual intervention may be necessary if the encryption group databases or security databases of
encryption group members are not synchronized. The following sections describe manual
operations that enable you to do the following:

•

Synchronize the encryption group database.

•

Synchronize the security database.

•

Abort a pending database transaction.

Manually synchronizing the encryption group database

The

--

sync

-

encgroup command manually synchronizes the encryption group database belonging

to the group leader node with the databases of all member nodes that are out of sync. If this
command is invoked when the encryption group databases are in sync, the command is ignored.

NOTE

When the encryption group is out of sync and the group leader reboots, the newly selected group
leader pushes its database information to all other members. The new group leader’s database
information may be different from what was set up before the group leader was rebooted.

Manually synchronizing the security database

This operation can resolve problems with master key propagation (and connectivity issues between
peer node encryption engines in an encryption group). The synchronization occurs every time this
command is executed regardless of whether or not the security database was synchronized across
all nodes in the encryption group.

TABLE 8

Disallowed Configuration Changes

Configuration Type

Disallowed configuration changes

Security & key vault

•

Register or modify key vault settings

•

Generating a master key

•

Exporting a master key

•

Restoring a master key

•

Enabling or disabling encryption on an encryption engine

HA cluster

•

Creating an HA cluster

•

Adding an encryption engine to an HA cluster

•

Modifying the failback mode

Crypto Device
(target/LUN/tape)

•

Creating a CryptoTarget container

•

Adding initiators or LUNs to a CryptoTarget container

•

Removing initiators or LUNS from a CryptoTarget container

•

Modifying LUNs or LUN policies

•

Creating or deleting a tape pool

•

Modifying a tape pool policy

•

Starting a manual rekeying session

•

Performing a manual failback of containers

•

Deleting a CryptoTarget container