Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch
271272273274275276277278279280
262 Fabric OS Encryption Administrator’s Guide (DPM)
53-1002720-02
Encryption group merge and split use cases
6
The above manual configuration recovery procedure will work nearly identically for all combinations
of EG split scenarios. Simply perform the following steps for the other scenarios:
Pick one EG/EG Leader to be maintained.
Using that GL Node, deregister all Nodes which are in a DISCOVERING state as determined by
the output of the cryptocfg
--show -groupmember -all command.
Go to the other EG islands and delete the EGs.
- In the one case where the other EG has a member node which is in a DISCOVERED state,
you will first need to eject that DISCOVERED Node prior to being allowed to delete that
other EG.
From the only remaining EG/EG leader, reregister the previously deregistered Nodes.
Confirm the EG is converged.
Configuration impact of encryption group split or node isolation
When a node is isolated from the encryption group or the encryption group is split to form separate
encryption group islands, the defined or registered node list in the encryption group is not equal to
the current active node list, and the encryption group is in a DEGRADED state rather than in a
CONVERGED state. Table 7 and Table 8 list configuration changes that are allowed and disallowed
under such conditions
.
TABLE 7 Allowed Configuration Changes
Configuration Type Allowed configuration changes
Encryption group Adding a node to the encryption group
Removing a node from the encryption group
Invoking a node leave command
Deleting an encryption group
Registering a member node (IP address, certificates)
HA cluster
Removing an encryption engine from an HA cluster
Deleting an HA cluster
Security & key vault
Initializing a node
Initializing an encryption engine
Re-registering an encryption engine
Zeroizing an encryption engine
TABLE 8 Disallowed Configuration Changes
Configuration Type Disallowed configuration changes
Security & key vault Register or modify key vault settings
Generating a master key
Exporting a master key
Restoring a master key
Enabling or disabling encryption on an encryption engine
HA cluster
Creating an HA cluster
Adding an encryption engine to an HA cluster
Modifying the failback mode