Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 268

Advertising
background image

250

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

FS8-18 blade removal and replacement

6

6. If the encryption group (EG) has a system card authentication enabled, you need to reregister

the system card through the BNA client for the new EE. Refer to Chapter 2, Configuring
Encryption Using the Management Application.”

7. Initialize the new EE using the following command:

FabricAdmin:switch> cryptocfg –-initEE [slotnumber]

8. Register the new EE using the following command:

FabricAdmin:switch> cryptocfg –-regEE [slotnumber]

9. Enable the new EE using the following command:

FabricAdmin:switch> cryptocfg –-enableEE [slotnumber]

10. Do one of the following:

If the new blade is the only EE in the DCX Backbone chassis, go to step 11.

If the new blade is not the only EE in the DCX Backbone chassis, go to step 12.

11. If the new blade is the only EE in the DCX Backbone chassis:

a. Establish the trusted link with both the primary and secondary LKM/SSKMs for the new

blade.

b. Invoke the following command on the DCX Backbone.

Admin:switch> cryptocfg --dhchallenge <Key Vault IP>

c. Approve the TEP for this node on the LKM/SSKM.

d. Invoke the following command on the DCX Backbone after approval of the trustee on

LKM/SSKM.

Admin:switch> cryptocfg --dhresponse <Key Vault IP>

e. Remove the trustee link for the failed blade from the LKM/SSKM appliance.

f.

Go to step 13.

12. If the new blade is not the only EE in the DCX Backbone chassis, invoke the cryptocfg

--

show

–localEE to verify that the new blade EE has the same link key (primary and secondary) as the
other EEs in the DCX Backbone chassis.

NOTE

Establishing the trusted link with LKM/SSKMs in the cluster for the new blade is not needed.

13. Check the EE state using the following command to ensure the EE is online.

FabricAdmin:switch> cryptocfg --show –localEE

NOTE

Because the FS8-18 blade was inserted in the same slot as the previous blade, no change of
HA cluster container ownership is required; the HA cluster configuration is retained.

Advertising
Popular Brands
Popular manuals