Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
261262263264265266267268269270
Fabric OS Encryption Administrator’s Guide 241
53-1002159-03
BES removal and replacement
6
23. Register the new node KAC Certificate with the HP SKM/ESKM appliances and create a
username and password for this node on the HP SKM Appliances under the group “Brocade.”
24. Create the username and password on the new node same as created on the HP SKM/ESKM
appliances. Use the following command:
cryptocfg --reg -KACLogin
25. From the new Brocade Encryption Switch, run the following command to set the default zone
as “allaccess” so the configuration from the existing Fabric is pushed to the new Brocade
Encryption Switch:
defzone -allaccess
26. Run the following command on the new Brocade Encryption Switch:
cfgsave
27. Replace the FC Cables to the new Brocade Encryption Switch.
28. Run the cfgsave command on any switch in that fabric. The fabric configuration from the
existing fabric is merged into the new Brocade Encryption Switch. Verify that defzone is now set
as no access.
29. This step will vary depending on whether or not HAC membership for the old Brocade
Encryption Switch is in place.
If HAC membership for the old Brocade Encryption Switch was in place, do the following for
moving container movement to the new Brocade Encryption Switch.
a. From the group leader, replace the old encryption engine with the new encryption engine.
cryptocfg --replace <WWN of Old BES> <WWN of new BES>
b. Issue commit.
cryptocfg --commit
c. From the group leader, replace the HAC membership from the old encryption engine to the
new encryption engine.
cryptocfg --replace -haclustermember <HA cluster name> <WWN of Old BES>
<WWN of New BES>
d. Issue commit.
cryptocfg --commit
e. If “manual” failback was set on the HAC, then user intervention is required to manually
failback the LUNs owned by the newly replaced Brocade Encryption Switch.
If HAC membership for old Brocade Encryption Switch was not in place, complete the following
steps to move the container to the new Brocade Encryption Switch:
a. From the group leader, replace the old encryption engine with the new encryption engine.
cryptocfg --replace <WWN of Old BES> <WWN of new BES>