Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June 2010)
168 Fabric OS Encryption Administrator’s Guide
53-1001864-01
Configuration upload and download considerations
5
10. After all nodes in the Encryption Group have been upgraded, change back the failback mode to
auto from manual, if required by issuing the following command.
cryptocfg --set -failback auto
Configuration upload and download considerations
Important information is not included when you upload a configuration from an encryption switch
or blade. Extra steps are necessary before and after download to re-establish that information. The
following sections describe what information is included in a upload from an encryption group
leader and encryption group member load, what information is not included, and the steps to take
to re-establish the information.
Configuration Upload at an encryption group leader node
A configuration upload performed at an encryption group leader node contains the following:
• The local switch configuration.
• Encryption group-related configuration.
• The encryption group-wide configuration of Crypto Targets, disk and tape LUNs, tape pools, HA
clusters, security, and key vaults.
Configuration upload at an encryption group member node
A configuration upload at an individual encryption group member node contains the following
• The local switch configuration.
• Encryption group-related configuration.
Information not included in an upload
The following certificates will be not be present when the configuration is downloaded.
• External certificates imported on the switch:
- key vault certificate
- peer node/switch certificate
- authentication card certificate
• Certificates generated internally:
- KAC certificate
- CP certificate
- FIPS officer and user certificates
The Authentication Quorum size is included in the configuration upload for read-only purposes, but
is not set by a configuration download.