Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

251

252

253

254

255

256

257

258

259

260

Fabric OS Encryption Administrator’s Guide 237

53-1002159-03

FS8-18 blade removal and replacement

2. Check the status of the resumed re-key session.

FabricAdmin:switch> cryptocfg --show -rekey -all

• Read all data off the LUN and write it to another LUN. In this case, you can cancel the re-key

session by removing the LUN from its container and force committing the transaction.

Stop all traffic I/O from the initiators accessing the LUN before removing the LUN to avoid I/O

failure between the initiators and the LUN. If the LUN is exposed to more than one initiator

under different LUN Numbers, remove all exposed LUN Numbers. When there are multiple

paths to a LUN, you must remove the LUNs from all exposed CryptoTarget containers before

you commit the transaction. Failure to do so may result in a potentially catastrophic situation

where one path ends up being exposed through the encryption switch and another path has

direct access to the device from a host outside the protected realm of the encryption platform.

1. Enter the cryptocfg

--remove -LUN command followed by the CryptoTarget container

name, the LUN Number, and the initiator PWWN.

FabricAdmin:switch>cryptocfg --remove -LUN my_disk_tgt 0x0

10:00:00:00:c9:2b:c9:3a

Operation Succeeded

2. Commit the configuration with the -force option to completely remove the LUN and all

associated configuration data in the configuration database. The data remains on the

removed LUN in an encrypted state.

FabricAdmin:switch>cryptocfg --commit -force

Operation Succeeded

FS8-18 blade removal and replacement

The following procedure uses an FS8-18 blade installed in DCX_1 slot 4 as an example. If an

FS8-18 blade fails and must be replaced, complete the following steps:

1. From the Group Leader, enter the following command to reclaim the VI/VT WWN base for the

encryption engine to be removed from the encryption group.

cryptocfg --reclaimWWN —EE <DCX1_WWN> 4

When prompted, enter Yes.

NOTE

Do not execute the above command with the -list option between steps 1 and 4.

2. Enter the following command to propagate the change throughout the encryption group.

cryptocfg --commit

3. Remove the IO links and FC cables from the FS8-18 blade, noting where each was attached.

4. Remove the failed blade.

5. Insert the new FS8-18 blade in the same slot (in this example, slot 4) in the chassis.

6. Connect the IO sync ports to the same private LAN as IO sync ports of the failed blade, and

confirm that the IP address of the I/O sync ports (Ge0 and Ge1) are same as the previous IP

addresses.