Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
168 Encryption Administrator’s Guide
53-1001201-04
Advanced encryption group configuration
3
Deleting an encryption group
You can delete an encryption group after removing all member nodes following the procedures
described in the previous section. The encryption group is deleted on the group leader after you
have removed all member nodes.
Before deleting the encryption group, it is highly recommended to remove the group leader from
the HA cluster and clear all CryptoTarget and tape pool configurations for the group.
The following example deletes the encryption group “brocade”.
1. Log into the group leader as Admin or SecurityAdmin
2. Enter the cryptocfg
--delete -encgroup command followed by the encryption group name.
SecurityAdmin:switch>cryptocfg --delete -encgroup brocade
Encryption group create status: Operation Succeeded.
Encryption group merge and split use cases
This section describes recovery scenarios for the following cases:
• “A member node failed and is replaced” on page 168
• “A member node reboots and comes back up” on page 170
• “A member node lost connection to the group leader” on page 170
• “A member node lost connection to all other nodes in the encryption group” on page 171
• “Several member nodes split off from an encryption group” on page 171
A member node failed and is replaced
Assumptions
N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are part of
an HA cluster. Assume that N3 failed and you want to replace the failed N3 node with an alternate
node N4.
Impact
When N3 failed, all devices hosted on the encryption engines of this node failed over to the peer
encryption engines in N1, and N1 now performs all of the failed node’s encryption services. Re-key
sessions owned by the failed encryption engine are failed over to N1.