Fabric OS Encryption Administrator's Guide
238 Fabric OS Encryption Administrator’s Guide
53-1002159-03
BES removal and replacement
6
7. Zeroize the new encryption engine.
cryptocfg --zeroizeEE 4
The new encryption engine will power off and power on again automatically.
8. If a system card authentication is needed to enable the encryption engine, re-register the
system card through the Management application client for the new encryption engine.
9. Initialize the new encryption engine.
cryptocfg --initEE 4
10. Register the new encryption engine.
cryptocfg --regEE 4
11. Enable the new encryption engine.
cryptocfg --enableEE 4
12. Verify that this blade encryption engine has the same Master Key as rest of Encryption Engines
in the Encryption Group using the cryptocfg
--show -groupmember -all command.
13. Check the encryption engine state using the cryptocfg
--show -localEE command to ensure
that the encryption engine is online.
14. Check the encryption group state using the cryptocfg
--show -groupcfg command to ensure
that entire encryption group is in the converged and In Sync states.
NOTE
Because the FS8-18 blade was inserted to the same slot as the previous one, no change of
HAC container ownership is required. The HAC configuration is retained as is. If manual
failback was set on the HAC, then user intervention is required to manually failback the LUNs
owned by the newly replaced encryption engine. There is no change in crypto-target container
ownership. The container ownerships are retained as is.
BES removal and replacement
Multi Node EG Case
The following procedure uses Brocade Encryption Switch (BES) 3 as the BES to be removed from an
encryption group with the group leader designated as BES1. Two scenarios are considered:
• When the Brocade Encryption Switch has failed
• When the Brocade Encryption Switch has not failed
When BES3 has failed, complete the following steps:
1. Deregister BES3 from the encryption group.
cryptocfg –-dereg –membernode <switchWWN>