Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
Encryption Administrator’s Guide 173
53-1001201-04
Advanced encryption group configuration
3
Configuration impact of encryption group split or node isolation
When a node is isolated from the encryption group or the encryption group is split to form separate
encryption group islands, the defined or registered node list in the encryption group is not equal to
the current active node list, and the encryption group is in a DEGRADED state rather than in a
CONVERGED state. Table 10 and Table 11 list configuration changes that are allowed and
disallowed under such conditions.
TABLE 10 Allowed Configuration Changes
Configuration Type Allowed configuration changes
Encryption group • Adding a node to the encryption group
• Removing a node from the encryption group
• Invoking a node leave command
• Deleting an encryption group
• Registering a member node (IP address, certificates)
HA cluster
• Removing an encryption engine from an HA cluster
• Deleting an HA cluster
Security & key vault
• Initializing a node
• Initializing an encryption engine
• Re-registering an encryption engine
• Zeroizing an encryption engine
TABLE 11 Disallowed Configuration Changes
Configuration Type Disallowed configuration changes
Security & key vault • Register or modify key vault settings
• Generating a master key
• Exporting a master key
• Restoring a master key
• Enabling or disabling encryption on an encryption engine
HA cluster
• Creating an HA cluster
• Adding an encryption engine to an HA cluster
• Modifying the failback mode
Crypto Device
(target/LUN/tape)
• Creating a CryptoTarget container
• Adding initiators or LUNs to a CryptoTarget container
• Removing initiators or LUNS from a CryptoTarget container
• Modifying LUNs or LUN policies
• Creating or deleting a tape pool
• Modifying a tape pool policy
• Starting a manual re-keying session
• Performing a manual failback of containers
• Deleting a CryptoTarget container