Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 300

Advertising
background image

282

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Brocade Encryption Switch removal and replacement

6

8. Power on the new Brocade Encryption Switch. Note that the FC cables have not yet been

plugged in.

9. Set the IP address for the new Brocade Encryption Switch using the ipAddrSet command for

the Mgmt and I/O links. Check that the switch name and domain ID associated with the
replacement switch match that of the original.

10. Zeroize the new Brocade Encryption Switch using the following command.

Admin:switch> cryptocfg –-zeroizeEE

11. If the encryption group (EG) has a system card authentication enabled, you need to reregister

the system card through the BNA client for the new EE. Refer to Chapter 2, Configuring
Encryption Using the Management Application.”

12. Initialize the new Brocade Encryption Switch node using following command.

Admin:switch> cryptocfg –-initnode

13. Initialize the new EE using the following command.

Admin:switch> cryptocfg –-initEE

14. Register the new EE using the following command.

Admin:switch> cryptocfg –-regEE

15. Enable the new EE using the following command.

Admin:switch> cryptocfg –-enableEE

16. Invoke the following command to clean up the WWN base on the new Brocade Encryption

Switch if it was used earlier.

Admin:switch> cryptocfg –-reclaim -cleanup

17. From the new Brocade Encryption Switch node, invoke the following command to export the CP

certificate of the new Brocade Encryption Switch.

Admin:switch> cryptocfg --export -scp -CPcert <host IP> <host user> <host file
path>

18. From the group leader node, invoke the following command to import the new Brocade

Encryption Switch node certificate on the group leader node.

Admin:switch> cryptocfg --import -scp <Certificate file name> <host IP> <host
user> <host file path>

19. From the group leader node, run the following command to register the new Brocade

Encryption Switch node as a member node on the group leader.

Admin:switch> cryptocfg --reg -membernode <New BES WWN> <Cert file Name> <Old
IP address>

20. Export the KAC CSR from the new node and sign the CSR from the SafeNet KeySecure Local

CA.

Advertising
Popular Brands
Popular manuals