Failback option, Invoking failback, Configuring encryption storage targets – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 89
Fabric OS Encryption Administrator’s Guide (KMIP)
71
53-1002747-02
Configuring encryption storage targets
2
Failback option
The Failback option determines the behavior when a failed encryption engine is restarted. When
the first encryption engine comes back online, the encryption group’s failback setting (auto or
manual) determines how the encryption engine resumes encrypting and decrypting traffic to its
encryption targets.
•
In auto mode, when the first encryption engine restarts, it automatically resumes encrypting
and decrypting traffic to its encryption targets.
•
In manual mode, the second encryption engine continues handling the traffic until you
manually invoke failback using the CLI or BNA, or until the second encryption engine fails.
When the encryption engine recovers, it can automatically fail back its CryptoTarget containers
if the second encryption engine is not hosting them.
Invoking failback
To invoke failback to the restarted encryption engine from BNA, complete the following steps:
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box (Refer to
2. Select an encryption group from the Encryption Center Devices table to which the encryption
engine belongs, then click Group > HA Clusters.
The Encryption Group Properties dialog box displays, with the HA Clusters tab selected (Refer
to
).
3. Select the online encryption engine, then click Failback.
4. Click OK, then close the Encryption Center dialog box.
Configuring encryption storage targets
Adding an encryption target maps storage devices and hosts to virtual targets and virtual initiators
within the encryption switch. The storage encryption wizard enables you to configure encryption for
a storage device (target).
NOTE
It is recommended that you configure the host and target in the same zone before configuring them
for encryption. If the host and target are not already in the same zone, you can still configure them
for encryption, but you will need to configure them in the same zone before you can commit the
changes. If you attempt to close the Encryption Targets dialog box without committing the changes,
you are reminded of uncommitted changes in BNA.
The wizard steps are as follows:
1. Select Encryption Engine
2. Select Target
3. Select Hosts
4. Name Container
5. Confirmation