Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 266

Advertising
background image

248

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

FS8-18 blade removal and replacement

6

3. If the replaced FS8-18 blade is in member node, invoke the following command to reclaim the

base WWN.

FabricAdmin:switch> cryptocfg --reclaimWWN –EE <failed EE WWN> <slot number>

4. Issue commit.

FabricAdmin:switch> cryptocfg --commit

5. Replace the old FS8-18 blade with the new FS8-18 blade and reconnect the FC cables and I/O

Link cables.

6. Insert the new FS8-18 blade in the same slot of the chassis that was used by the old FS8-18

blade. Reconnect the I/O sync ports to the same private LAN as the I/O sync ports of the old
blade, and confirm that the IP address of the I/O sync ports (Ge0 and Ge1) is same as the
previous IP address.

7. Zeroize the new encryption engine (EE) using the following command:

FabricAdmin:switch> cryptocfg –-zeroizeEE [slotnumber]

8. Invoke slotpoweroff and slotpoweron commands.

FabricAdmin:switch> slotpoweroff [slotnumber]

FabricAdmin:switch> slotpoweron [slotnumber]

9. If the encryption group (EG) has a system card authentication enabled, you need to reregister

the system card through the BNA client for the new EE. Refer to Chapter 2, Configuring
Encryption Using the Management Application.”

10. Initialize the new EE using the following command:

FabricAdmin:switch> cryptocfg –-initEE [slotnumber]

11. Register the new EE using the following command:

FabricAdmin:switch> cryptocfg -–regEE [slotnumber]

12. Enable the new EE using the following command:

FabricAdmin:switch> cryptocfg –-enableEE [slotnumber]

13. Do one of the following:

If the new blade is the only EE in the DCX Backbone chassis, go to step 14

If the new blade is not the only EE in the DCX Backbone chassis, go to step 15.

14. If the new blade is the only EE in the DCX Backbone chassis:

a. Establish the trusted link with both primary and secondary LKM/SSKMs for the new blade.

b. Invoke the following command on the DCX Backbone.

Admin:switch> cryptocfg --dhchallenge <Key Vault IP>

c. Approve the TEP for this node on the LKM/SSKM.

Advertising
Popular Brands
Popular manuals