Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 270

Advertising
background image

252

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Brocade Encryption Switch removal and replacement

6

11. Initialize the new Brocade Encryption Switch node using following command.

Admin:switch> cryptocfg –-initnode

12. Zeroize the new Brocade Encryption Switch using the following command.

Admin:switch> cryptocfg –-zeroizeEE

13. Initialize the new EE using the following command.

Admin:switch> cryptocfg –-initEE

14. Register the new EE using the following command.

Admin:switch> cryptocfg –-regEE

15. Enable the new EE using the following command.

Admin:switch> cryptocfg –-enableEE

16. Invoke the following command to clean up the WWN base on the new Brocade Encryption

Switch if it was used earlier.

Admin:switch> cryptocfg –-reclaim -cleanup

17. From the new Brocade Encryption Switch node, invoke the following command to export the CP

certificate of the new Brocade Encryption Switch.

Admin:switch> cryptocfg --export -scp -CPcert <host IP> <host user> <host file

path>

18. From the group leader node, invoke the following command to import the new Brocade

Encryption Switch node certificate on the group leader node.

Admin:switch> cryptocfg --import -scp <Certificate file name> <host IP> <host

user> <host file path>

19. From the group leader node, run the following command to register the new Brocade

Encryption Switch node as a member node on the group leader.

Admin:switch> cryptocfg --reg -membernode <New BES WWN> <Cert file Name> <Old

IP address>

20. Register the node KAC Cert on the LKM/SSKM cluster (both the primary and secondary

LKM/SSKMs).

21. Establish the trusted link with both the primary and secondary LKM/SKMs from this node.

22. Invoke the following command on the new node:

Admin:switch> cryptocfg --dhchallenge <Key Vault IP>

23. Approve the TEP for this node on the LKM/SSKM.

24. Invoke the following command on the new node after approval of the trustee on LKM/SSKM.

Admin:switch> cryptocfg --dhresponse <Key Vault IP>

25. Remove the trustee link for the failed node from the LKM/SSKM appliances.

26. Check the EE state using the following command to ensure that the EE is online.

Advertising
Popular Brands
Popular manuals