Manualshelf

Data Center Fabric Manager Professional User Manual v10.3.X (53-1001355-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series SAN Network Advisor Software
461462463464465466467468469470
434 DCFM Professional User Manual
53-1001355-01
LKM appliance cluster support
A
LKM appliance cluster support
LKM appliances can be clustered together to provide high availability (HA) failover/failback
capabilities. When LKM appliances are clustered, both LKMs in the cluster must be registered and
configured with the link keys before starting any crypto operations. If two LKM key vaults are
configured, they must be clustered. If only a single LKM key vault is configured, it may be clustered
for backup purposes, but it will not be directly used by the switch.
The following rules apply to key archival and retrieval operations in an HA key vault deployment
scenario:
For key archival operations:
- Before the LKM key is used for cryptographic operations, the key is archived to both key
vaults (primary and secondary). If either of them is not available, Key archival operations
will fail.
- If key archival fails because of key vault failure, an ERROR is logged.
For key retrieval operations:
- Key retrieval operations are requested from either the primary or secondary LKM,
whichever is operational and reachable from the encryption switch or blade.
In the event of a fatal key vault error, replace the failed LKM and link the replacement LKM to the
existing LKM. Refer to the LKM product documentation for further information on replacing a failed
LKM.
Establishing the trusted link
You must generate the trusted link establishment package (TEP) on all nodes to obtain a trusted
acceptance package (TAP) before you can establish a trusted link between each node and the
NetApp LKM appliance. You must have a card reader attached to your PC or workstation to
complete the procedure.
NOTE
Complete all steps required to establish a trusted link between LKM and the encryption group
members for each node before proceeding to the next node.
1. Open an SSH connection to the NetApp LKM appliance and log in.
host$ssh admin@10.33.54.231
admin@10.33.54.231's password:
Copyright (c) 2001-2008 NetApp, Inc.
All rights reserved
+--------------------------------+
| NetApp Appliance Management CLI |
| Authorized use only! |
+--------------------------------+
Cannot read termcapdatabase;
using dumb terminal settings.
Checking system tamper status:
No physical intrusion detected.