Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 264

Advertising
background image

246

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Encryption group and HA cluster maintenance

6

IP Address: 10.32.33.145
Certificate: 10.32.33.145_my_cp_cert.pem
Current Master Key State: Saved
Current Master KeyID:
b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e
Alternate Master Key State: Not configured
Alternate Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot: 0
SP state: Online
Current Master KeyID:
b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e
Alternate Master KeyID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership

a. If the node is in the DISCOVERED state and the security processor (SP) state is online (as

shown above), you can remove the node from the encryption group. Complete step 4 and
step 5, which completes the procedure.

b. If the node is not in the DISCOVERED state, and you want to remove the node from the

encryption group, you must first deregister the node. To do this, log in to the group leader
and enter the cryptocfg

--

dereg

-

membernode command followed by the node WWN.

SecurityAdmin:switch> cryptocfg --dereg -membernode 10:00:00:05:1e:41:99:bc
Operation succeeded.

4. Reclaim the WWN of the member node.

a. Enter the cryptocfg

--

reclaimWWN

-

membernode <node

-

WWN> command on the group

leader to reclaim the VI/VT WWN base for node to be removed.

When prompted, enter yes.

b. Enter the cryptocfg

--

commit command on the group leader to propagate the change to

all nodes in the encryption group:

5. On the group leader, enter the cryptocfg

--

eject

-

membernode

command

followed by the

node WWN.

SecurityAdmin:switch> cryptocfg --eject -membernode 10:00:00
:05:1e:55:3a:f0
WARNING: Before ejecting the membernode, ensure that the VI/VT WWN's
are reclaimed.
Refer to "cryptocfg --reclaimWWN" commands.
ARE YOU SURE (yes, y, no, n): [no] Node eject granted by protocol clients
[10:00:00:05:1e:55:3a:f0]
Eject node status: Operation Succeeded.

6. Deregister the member node to converge the encryption group.

SecurityAdmin:switch> cryptocfg --dereg -membernode 10:00:00:05:1e:55:3a:f0

7. Log in to the member node and execute the cryptocfg

--

reclaimWWN

-

cleanup command.

Advertising
Popular Brands
Popular manuals