Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 273

Advertising
background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

255

53-1002925-01

Brocade Encryption Switch removal and replacement

6

b. Approve the TEP for this node on the LKM/SSKM.

c. Invoke the following command on the new node after approval of the trustee on

LKM/SSKM.

Admin:switch> cryptocfg --dhresponse <Key Vault IP>

d. Remove the trustee link for the failed node from the LKM/SSKM appliances.

17. Check the encryption engine (EE) state using following command to ensure that the encryption

engine is online.

Admin:switch> cryptocfg --show -localEE

18. Set the defzone as allAccess on the new Brocade Encryption Switch, so the configuration from

the Fabric is pushed to new Brocade Encryption Switch.

19. Invoke the following command on the new Brocade Encryption Switch:

Admin:switch> cfgsave

20. Reconnect the FC Cables to the new Brocade Encryption Switch.

21. Invoke the cfgsave command on any switch in that fabric. The fabric configuration from the

existing fabric is merged into the new Brocade Encryption Switch.

22. Verify that defzone is set as no access.

23. If HA cluster membership for the old Brocade Encryption Switch was in place. Do the following

for moving container movement to the new Brocade Encryption Switch.

a. Replace the old EE with the new EE using the following command on the group leader.

Admin:switch> cryptocfg -–replace <WWN of Old BES> <WWN of new BES>

b. Issue commit.

Admin:switch> cryptocfg --commit

c. Replace the HAC membership from the old EE to the new EE using the following command

on the group leader.

Admin:switch> cryptocfg –-replace –haclustermember <HA cluster name> <WWN

of Old BES> <WWN of New BES>

d. Issue commit.

Admin:switch> cryptocfg –-commit

e. If “manual” failback was set on the HA cluster, you must manually fail back the LUNs

owned by the newly replaced Brocade Encryption Switch.

24. If HA cluster membership for the old Brocade Encryption Switch was not in place. Do the

following for moving container to the New BES.

a. Replace the old EE with the new EE using following command on the group leader.

Admin:switch> cryptocfg -–replace <WWN of Old BES> <WWN of new BES>

b. Issue commit.

Admin:switch> cryptocfg --commit

Advertising
Popular Brands
Popular manuals