High availability (ha) clusters, Ha cluster configuration rules – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 86
68
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
High availability (HA) clusters
2
High availability (HA) clusters
A high availability (HA) cluster cluster consists of exactly two encryption engines configured to host
the same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single
fabric. One encryption engine can take over encryption and decryption tasks for the other
encryption engine if that member fails or becomes unreachable.
NOTE
High Availability clusters between two EEs should not be confused with High Availability opaque
mode that is supported in KMIP.
When creating a new HA Cluster, add one engine to create the cluster, then add the second engine.
You can make multiple changes to the HA Clusters list; the changes are not applied to the switch
until you click OK.
Both engines in an HA cluster must be in the same fabric, as well as the same encryption group.
NOTE
An IP address is required for the management port for any cluster-related operations.
HA cluster configuration rules
The following rules apply when configuring an HA cluster:
•
The encryption engines that are part of an HA cluster must belong to the same encryption
group and be part of the same fabric.
•
An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a
fabric transparent to host MPIO software.
•
HA cluster configuration and related operations must be performed on the group leader.
•
HA clusters of FS8-18 blades should not include blades in the same DCX Backbone chassis.
NOTE
In Fabric OS 6.3.0 and later, HA cluster creation is blocked when encryption engines belonging
to FS8-18 blades in the same DCX Backbone chassis are specified.
•
Cluster links must be configured before creating an HA cluster. Refer to the section
“Configuring cluster links”
on page 135 for instructions.
•
It is recommended that the HA cluster configuration be completed before you configure
storage devices for encryption.
•
It is mandatory that the two encryption engines in the HA cluster belong to two different nodes
for true redundancy. This is always true for Brocade Encryption Switches, but is not true if two
FS8-18 blades in the same DCX Backbone chassis are confgiured in the same HA cluster.
NOTE
An IP address is required for the management port for any cluster-related operations.