Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

181

182

183

184

185

186

187

188

189

190

Encryption Administrator’s Guide 167

53-1001201-04

Advanced encryption group configuration

1. Log into the group leader as Admin or SecurityAdmin.

2. If the node is part of an HA cluster, perform the following steps:

a. Remove the node from the HA cluster with the cryptocfg

--rem -haclustermember

command. Refer to the section “High Availability (HA) cluster configuration” on page 129

for instructions.

b. Clear all CryptoTarget configurations from the member node with the cryptocfg

--delete

-container command. Refer to the section “Deleting a CryptoTarget container” on

page 142 for instructions.

3. Determine the state of the node. Log into the member node and enter the cryptocfg

--show

-groupmember command followed by the node WWN. Provide a slot number if the encryption

engine is a blade.

SecurityAdmin:switch>cryptocfg --show -groupmember \

10:00:00:05:1e:41:99:bc

Node Name: 10:00:00:05:1e:41:99:bc (current node)

State: DEF_NODE_STATE_DISCOVERED

Role: MemberNode

IP Address: 10.32.33.145

Certificate: 10.32.33.145_my_cp_cert.pem

Current Master Key State: Saved

Current Master KeyID:

b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e

Alternate Master Key State: Not configured

Alternate Master KeyID:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot: 0

SP state: Online

Current Master KeyID:

b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e

Alternate Master KeyID:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

a. If the node is in the DISCOVERED State and the security processor (SP) state is online as

shown, and you wish to remove the node from the encryption group permanently, proceed

to step 4.

b. If the node is not in the DISCOVERED State, and you wish to remove the node from the

encryption group permanently, de-register the node. Log into the group leader and enter

the cryptocfg

--dereg -membernode command followed by the node WWN.

SecurityAdmin:switch>cryptocfg --dereg -membernode 10:00:00:05:1e:41:99:bc

Operation succeeded.

4. Perform one of the following steps to remove the member node from the encryption group.

a. Log into the member node and enter the

cryptocfg --leave_encryption_group command.

This command clears all node states pertaining to group membership.

SecurityAdmin:switch>cryptocfg --leave_encryption_group

Leave node status: Operation Succeeded.

b. On the group leader, enter the cryptocfg --eject -membernode command followed by the

node WWN. This command removes the node from the encryption group.

SecurityAdmin:switch>cryptocfg --eject -membernode 10:00:00:05:1e:41:99:bc

Eject node status: Operation Succeeded.