Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12

181

182

183

184

185

186

187

188

189

190

Fabric OS Encryption Administrator’s Guide 167

53-1001864-01

Firmware download considerations

• A firmware consistency check for Fabric OS version 6.4.0 is enforced in an encryption group if

any of the Fabric OS version 6.4.0 features are enabled. If any Fabric OS version 6.4.0 feature

is in an enabled state then any firmware download to Fabric OS version 6.3.x or earlier versions

is blocked.

- Do not try to use configupload from Fabric OS version 6.4.0 and then configdownload to

Fabric OS version 6.3.x or earlier versions with any Fabric OS version 6.4.0 feature in an

enabled state.

- Do not try registering a node running Fabric OS version 6.3.x or earlier to an encryption

group when all nodes are running Fabric OS version 6.4.0 with one or more Fabric OS

version 6.4.0 features enabled.

- Disable all Fabric OS version 6.4.0 features before ejecting a node running Fabric OS

version 6.4.0 and registering the node as a member of an encryption group with nodes

running Fabric OS version 6.3.x or earlier versions.

Specific guidelines for HA clusters

The following are specific guidelines for a firmware upgrade of the encryption switch or blade when

deployed in HA cluster. The guidelines are based on the following scenario:

• There are 2 nodes (BES1 and BES2) in the HA cluster.

• Each node hosts certain number of CryptoTarget containers and associated LUNs.

• node 1 (BES1) needs to be upgraded first.

1. Change the failback mode to manual if it was set to auto by issuing the following command:

cryptocfg --set -failback manual

2. On node 1 (BES1), disable the encryption engine to force the failover of CryptoTarget

containers and associated LUNs onto the HA cluster peer member node 2 (BES2) by issuing

the following command.

cryptocfg --disableEE

3. Make sure that these Crypto Target Containers and LUNs actually failover to node 2 (BES2) in

the HA cluster. Check for all LUNs in encryption enabled state on node 2 (BES2). This ensures

that I/O also fails over to node 2 (BES2) and continues during this process.

4. On node 1 (BES1) enable the Encryption Engine, by issuing the following command.

cryptocfg --enableEE

5. Start firmware download (upgrade) on the node 1 (BES1). Refer to the Fabric OS

Administrator’s Guide if necessary to review firmware download procedures.

6. After firmware download is complete and node 1 (BES1) is back up, make sure the encryption

engine is online.

7. On node 1 (BES1) initiate manual failback of CryptoTarget containers and associated LUNs

from node 2 (BES2) to node 1 (BES1) by issuing the following command.

cryptocfg --failback -EE

8. Check that Crypto Target Containers and associated LUNs fail back successfully on node 1

(BES1) and host I/O also moves from node 2 (BES2) to node 1 (BES1) and continues during

the failback process.

9. To upgrade node 2 (BES2), Repeat steps 2 to 8.