Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
211212213214215216217218219220
192 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Configuration upload and download considerations
5
cryptocfg --disableEE
3. Make sure that these Crypto Target Containers and LUNs actually failover to node 2 (BES2) in
the HA cluster. Check for all LUNs in encryption enabled state on node 2 (BES2). This ensures
that I/O also fails over to node 2 (BES2) and continues during this process.
4. On node 1 (BES1) enable the Encryption Engine, by issuing the following command.
cryptocfg --enableEE
5. Start firmware download (upgrade) on the node 1 (BES1). Refer to the Fabric OS
Administrator’s Guide if necessary to review firmware download procedures.
6. After firmware download is complete and node 1 (BES1) is back up, make sure the encryption
engine is online.
7. On node 1 (BES1) initiate manual failback of CryptoTarget containers and associated LUNs
from node 2 (BES2) to node 1 (BES1) by issuing the following command.
cryptocfg --failback -EE
8. Check that Crypto Target Containers and associated LUNs fail back successfully on node 1
(BES1) and host I/O also moves from node 2 (BES2) to node 1 (BES1) and continues during
the failback process.
9. To upgrade node 2 (BES2), Repeat steps 2 to 8.
10. After all nodes in the Encryption Group have been upgraded, change back the failback mode to
auto from manual, if required by issuing the following command.
cryptocfg --set -failback auto
Configuration upload and download considerations
Security information is not included when you upload a configuration from an encryption switch or
blade. Extra steps are necessary before and after download to re-establish that information. The
following sections describe what information is included in a upload from an encryption group
leader and encryption group member load, what information is not included, and the steps to take
to re-establish the information.
Configuration upload at an encryption group leader node
A configuration upload performed at an encryption group leader node contains the following:
The local switch configuration.
Encryption group-related configuration.
The encryption group-wide configuration of Crypto Targets, disk and tape LUNs, tape pools, HA
clusters, security, and key vaults.