Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 301
Fabric OS Encryption Administrator’s Guide (KMIP)
283
53-1002747-02
Brocade Encryption Switch removal and replacement
6
21. Import the signed CSR/Cert onto the new node.
22. Register back the signed KAC CSR/Cert onto the new node using the following command.
Admin:switch> cryptocfg --reg –KACcert
23. Register the username and password on the new node that are used by the other nodes in the
EG (created on the SafeNet KeySecure appliance) using the following command.
Admin:switch> cryptocfg --reg –KACLogin
24. Check the EE state using the following command to ensure that the EE is online.
Admin:switch> cryptocfg -–show –localEE
25. From the new Brocade Encryption Switch, invoke the following command to set the default
zone as allAccess so the configuration from the existing Fabric is pushed to the new Brocade
Encryption Switch.
Admin:switch> defzone –allaccess
26. Invoke the following command on the new Brocade Encryption Switch.
Admin:switch> cfgsave
27. Replace the FC Cables to the new Brocade Encryption Switch.
28. Invoke the cfgsave command on any switch in that fabric. The fabric configuration from the
existing fabric will be merged into the new Brocade Encryption Switch.
29. Verify that defzone is set as no access.
30. If HA cluster membership for the old Brocade Encryption Switch was in place, move container
movement to the new Brocade Encryption Switch using the following procedure.
a. Replace the old EE with the new EE using the following command on the group leader.
Admin:switch> cryptocfg –-replace <WWN of Old BES> <WWN of new BES>
b. Issue commit.
Admin:switch> cryptocfg --commit
c. Replace the HA cluster membership from the old EE to the new EE using the following
command on the group leader.
Admin:switch> cryptocfg -–replace –haclustermember <HA cluster name> <WWN
of old Brocade Encryption Switch> <WWN of new Brocade Encryption Switch>
d. Issue commit.
Admin:switch> cryptocfg --commit
e. If “manual” failback was set on the HA cluster, user intervention will be required to
manually fail back the LUNs owned by the newly replaced Brocade Encryption Switch.