Fabric OS Encryption Administrator's Guide
Fabric OS Encryption Administrator’s Guide 137
53-1002159-03
High availability cluster configuration
3
No HA cluster membership
Node Name: 10:00:00:05:1e:39:14:00
State: DEF_NODE_STATE_DISCOVERED
Role: MemberNode
IP Address: 10.32.244.60
Certificate: enc1_cpcert.pem
Current Master Key State: Not configured
Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master Key State:Not configured
Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
EE Slot: 0
SP state: Unknown State
Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership
High availability cluster configuration
An HA cluster consists of two encryption engines configured to host the same CryptoTargets and to
provide Active/Standby failover and failback capabilities in a single fabric. Failover is automatic
(not configurable). Failback occurs automatically by default, but is configurable with a manual
failback option. All encryption engines in an encryption group share the same DEK for a disk or
tape LUN.
An HA cluster has the following limitations:
• The encryption engines that are part of an HA cluster must belong to the same encryption
group and be part of the same fabric.
• An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a
fabric transparent to host MPIO software.
NOTE
The CLI does not allow creation of an HA cluster if the node is not in the encryption group.
HA cluster configuration rules
The following rules apply when configuring an HA cluster:
• All HA cluster configuration and related operations must be performed on the group leader.
• Cluster links must be configured before creating an HA cluster. Refer to the section
“Configuring cluster links” on page 116 for instructions.
• Configuration changes must be committed before they take effect. Any operation related to an
HA cluster that is performed without a commit operation will not survive across switch reboots,
power cycles, CP failover, or HA reboots.