Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

Encryption Administrator’s Guide 113

53-1001201-04

Key vault configuration

LKM Key vault High Availability handling

The NetApp LKM key vault supports HA capability where multiple LKM appliances can be clustered

together to provide HA failover/failback capabilities. This capability is not supported. The LKMs

should not be clustered, and if they are configured in cluster, that cluster should be broken. Both

LKMs must be registered and configured with the link keys before starting any crypto operations.

The following rules apply to key archival and retrieval operations in an HA key vault deployment

scenario:

• For key archival operations:

• Before the LKM key is used for cryptographic operations, the key is archived to both Key

Vaults (Primary and secondary). If either of them is not available, Key archival operations

will fail.

• If key archival fails because of key vault failure, an ERROR is logged.

• For key retrieval operations:

• Key retrieval operations are requested from either the primary or secondary LKM,

whichever is operational and reachable from the encryption switch or blade.

In the event of a fatal key vault error, replace the failed LKM and link the replacement LKM to the

existing LKM. After key synchronization has reached 100%, the LKM cluster must be broken. Refer

to the LKM product documentation for further information on replacing a failed LKM.