Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch

151

152

153

154

155

156

157

158

159

160

Fabric OS Encryption Administrator’s Guide 139

53-1002159-03

High availability cluster configuration

Adding an encryption engine to an HA cluster

1. Log in to the group leader as Admin or SecurityAdmin.

2. Enter the cryptocfg --add -haclustemember command. Specify the HA cluster name and the

encryption engine node WWN. Provide a slot number if the encryption engine is a blade. The

following example adds a Brocade FS8-18 in slot 5 to the HA cluster HAC2.

SecurityAdmin:switch>cryptocfg --add -haclustermember HAC2 \

10:00:00:60:5b:03:1c:90 5

EE Node WWN: 10:00:00:60:5b:03:1c:90 5 Slot number: 5Detected

Add HA cluster member status: Operation succeeded.

3. Add another encryption engine before committing the transaction.

NOTE

You cannot add the same node to the HA cluster.

Failover/failback policy configuration

Failover/failback policy parameters as outlined in Table 5 can be set for the entire encryption group

on the group leader.

Use the cryptocfg

--set command with the appropriate parameter to set the values for the policy.

Policies are automatically propagated to all member nodes in the encryption group.

TABLE 5 Group-wide policies

Policy name cryptocfg --set parameters Description

Failover policy -failbackmode auto |

manual

Sets the failback mode. Valid values for failback mode are:

• auto - Enables automatic failback mode. Failback occurs

automatically within an HA cluster when an encryption

switch or blade that failed earlier has been restored or

replaced. Automatic failback mode is enabled by default.

• manual - Enables manual failback mode. In this mode,

failback must be initiated manually when an encryption

switch or blade that failed earlier has been restored or

replaced.

Heartbeat

misses

-hbmisses value Sets the number of Heartbeat misses allowed in a node that is

part of an encryption group before the node is declared

unreachable and the standby takes over. The default value is 3.

The range is 1-15 in integer increments only.

Heartbeat

timeout

-hbtimeout value Sets the time-out value for the Heartbeat in seconds. The

default value is 2 seconds. Valid values are integers in the range

between 1 and 30 seconds.

NOTE: The relationship between -hbmisses and -hbtimeout

determines the total amount of time allowed before a

node is declared unreachable. If a switch does not sense

a heartbeat within the heartbeat timeout value, it is

counts as a heartbeat miss. The default values result in

a total time of 6 seconds (timeout value of two seconds

times three misses). A total time of 6 to 10 seconds is

recommended. A smaller value may cause a node to be

declared unreachable prematurely, while a larger value

could result in inefficiency.