Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
161162163164165166167168169170
Encryption Administrator’s Guide 149
53-1001341-02
Firmware download considerations
5
Specific guidelines and procedures
The following are specific guidelines for a firmware upgrade of the encryption switch or blade when
deployed in HA cluster. The guidelines are based on the following scenario:
There are 2 nodes (BES1 and BES2) in the HA cluster.
Each node hosts certain number of CryptoTarget containers and associated LUNs.
node 1 (BES1) needs to be upgraded first.
1. Change the failback mode to manual if it was set to auto by issuing the following command:
cryptocfg --set -failback manual
2. On node 1 (BES1), disable the encryption engine to force the failover of CryptoTarget
containers and associated LUNs onto the HA cluster peer member node 2 (BES2) by issuing
the following command.
cryptocfg --disableEE
3. Make sure that these Crypto Target Containers and LUNs actually failover to node 2 (BES2) in
the HA cluster. Check for all LUNs in encryption enabled state on node 2 (BES2). This ensures
that I/O also fails over to node 2 (BES2) and continues during this process.
4. On node 1 (BES1) enable the Encryption Engine, by issuing the following command.
cryptocfg --enableEE
5. Start firmware download (upgrade) on the node 1 (BES1). Refer to the Fabric OS
Administrator’s Guide if necessary to review firmware download procedures.
6. After firmware download is complete and node 1 (BES1) is back up, make sure the encryption
engine is online.
7. On node 1 (BES1) initiate manual failback of CryptoTarget containers and associated LUNs
from node 2 (BES2) to node 1 (BES1) by issuing the following command.
cryptocfg --failback -EE
8. Check that Crypto Target Containers and associated LUNs fail back successfully on node 1
(BES1) and host I/O also moves from node 2 (BES2) to node 1 (BES1) and continues during
the failback process.
9. To upgrade node 2 (BES2), Repeat steps 2 to 8.
10. After all nodes in the Encryption Group have been upgraded, change back the failback mode to
auto from manual, if required by issuing the following command.
cryptocfg --set -failback auto