Encryption group merge and split use cases, A member node failed and is replaced, Impact – Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 269: Recovery

Advertising
background image

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

249

53-1002923-01

Encryption group merge and split use cases

6

After the failback completes, the cryptocfg

--

show

-

hacluster

-

all command no longer

reports active failover.

SecurityAdmin:switch> cryptocfg --show -hacluster -all

Encryption Group Name: brocade_1

Number of HA Clusters: 1

HA cluster name: HAC3 - 2 EE entries

Status: Committed

WWN

Slot Number Status

EE1 => 10:00:00:05:1e:53:89:dd 0 Online

EE2 => 10:00:00:05:1e:53:fc:8a 0 Online

Encryption group merge and split use cases

This section describes the following recovery scenarios and related operations:

“A member node failed and is replaced”

on page 249

“A member node reboots and comes back up”

on page 250

“A member node lost connection to the group leader”

on page 251

“A member node lost connection to all other nodes in the encryption group”

on page 251

“Several member nodes split off from an encryption group”

on page 252

“Adjusting heartbeat signaling values”

on page 253

“EG split possibilities requiring manual recovery”

on page 254

A member node failed and is replaced

Assume N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are
part of an HA cluster. Assume that N3 failed and you want to replace the failed N3 node with an
alternate node N4.

Impact

When N3 failed, all devices hosted on the encryption engines of this node failed over to the peer
encryption engines in N1, and N1 now performs all of the failed node’s encryption services. Rekey
sessions owned by the failed encryption engine are failed over to N1.

Recovery

1. Deregister the node N3 from the group leader node.

SecurityAdmin:switch> cryptocfg –-dereg –membernode <N3 switchWWN>

2. Reclaim the WWN base of the failed Brocade Encryption Switch.

SecurityAdmin:switch> cryptocfg --reclaim WWN –membernode <N3 switchWWN>

3. Synchronize the crypto configurations across all member nodes.

SecurityAdmin:switch> cryptocfg –-commit

Advertising
See also other documents in the category Brocade Computer Accessories: