Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 303

Advertising
background image

Fabric OS Encryption Administrator’s Guide (KMIP)

285

53-1002747-02

Brocade Encryption Switch removal and replacement

6

11. Invoke the following command to cleanup any WWN entries which are used earlier.

Admin:switch> cryptocfg --reclaim -cleanup

12. Recreate the EG with the same name as before using the following command.

Admin:switch> cryptocfg –-create –encgroup <EG name>

13. Invoke configdownload from the previous uploaded configuration.

14. Enable the switch using the switchenable command.

15. Deregister both key vaults using the following command.

Admin:switch> crypocfg –-dereg –keyvault <label name>

16. Export the KAC csr to a local machine.

Admin:switch> cryptocfg --export -scp -KACcsr

17. Sign the KAC csr using the local CA on the SSKM management console.

18. Configure the user name and password.

Admin:switch> cryptocfg --reg -KAClogin primary/secondary

19. Register the signed KAC certificate on the switch.

Admin:switch> cryptocfg --reg -KACcert

20. Register the key vaults as primary and secondary. For example:

Admin:switch> cryptocfg --reg -keyvault SSKM_10 local_ca_SSKM_10.pem
10.38.145.10 primary
Admin:switch> cryptocfg --reg -keyvault SSKM_10 local_ca_SSKM_10.pem
10.38.146.10 secondary

21. If a master key is not present, restore the master key from a backed up copy. Procedures will

differ depending on the backup media used (for example, recovery smart cards, from the key
vault, from a file on the network, or a file on a USB-attached device). Refer to Chapter 2,
“Configuring Encryption Using the Management Application.”

22. Check the encryption engine (EE) state using following command to ensure that the encryption

engine is online.

Admin:switch> cryptocfg --show -localEE

23. Set the defzone as allAccess on the new Brocade Encryption Switch, so the configuration from

the Fabric is pushed to new Brocade Encryption Switch.

24. Invoke the following command on the new Brocade Encryption Switch:

Admin:switch> cfgsave

25. Reconnect the FC Cables to the new Brocade Encryption Switch.

26. Invoke the cfgsave command on any switch in that fabric. The fabric configuration from the

existing fabric is merged into the new Brocade Encryption Switch.

Advertising
Popular Brands
Popular manuals