Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch

221

222

223

224

225

226

227

228

229

230

Fabric OS Encryption Administrator’s Guide 207

53-1002159-03

Encryption group and HA cluster maintenance

3. Determine the state of the node. Log in to the member node and enter the cryptocfg --show

-groupmember command followed by the node WWN. Provide a slot number if the encryption

engine is a blade.

SecurityAdmin:switch>cryptocfg --show -groupmember \

10:00:00:05:1e:41:99:bc

Node Name: 10:00:00:05:1e:41:99:bc (current node)

State: DEF_NODE_STATE_DISCOVERED

Role: MemberNode

IP Address: 10.32.33.145

Certificate: 10.32.33.145_my_cp_cert.pem

Current Master Key State: Saved

Current Master KeyID:

b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e

Alternate Master Key State: Not configured

Alternate Master KeyID:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot: 0

SP state: Online

Current Master KeyID:

b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e

Alternate Master KeyID:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

a. If the node is in the DISCOVERED state and the security processor (SP) state is online (as

shown above), you can remove the node from the encryption group. Complete step 4 and

step 5, which completes the procedure.

b. If the node is not in the DISCOVERED state, and you wish to remove the node from the

encryption group, you must first deregister the node. To do this, log in to the group leader

and enter the cryptocfg

--dereg -membernode command followed by the node WWN.

SecurityAdmin:switch>cryptocfg --dereg -membernode 10:00:00:05:1e:41:99:bc

Operation succeeded.

4. Reclaim the WWN of the member node.

a. Enter the cryptocfg

--reclaimWWN -membernode <node-WWN> command on the group

leader to reclaim the VI/VT WWN base for node to be removed.

When prompted, enter yes.

b. Enter the cryptocfg

--commit command on the group leader to propagate the change to

all nodes in the encryption group:

5. On the group leader, enter the cryptocfg

--eject -membernode command followed by the node

WWN.

SecurityAdmin:switch> cryptocfg --eject -membernode 10:00:00

:05:1e:55:3a:f0

WARNING: Before ejecting the membernode, ensure that the VI/VT WWN's

are reclaimed.

Refer to "cryptocfg --reclaimWWN" commands.

ARE YOU SURE (yes, y, no, n): [no] Node eject granted by protocol clients

[10:00:00:05:1e:55:3a:f0]

Eject node status: Operation Succeeded.

6. Log in to the member node and execute the cryptocfg --reclaimWWN -cleanup command.