Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario Pagina 309
- Pagina / 332
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Fabric OS Encryption Administrator’s Guide (DPM) 289
53-1002922-01
Brocade Encryption Switch removal and replacement
6
12. Recreate the EG with the same name as before using the following command.
Admin:switch> cryptocfg –-create –encgroup <EG name>
13. Invoke configdownload from the previous uploaded configuration.
14. Enable the switch using the switchenable command.
15. Deregister both key vaults using the following command.
Admin:switch> crypocfg –-dereg –keyvault <label name>
16. Export the KAC CSR from new node and sign the CSR from the CA that signed the failed node
CSR.
17. Submit the CSR to a CA.
18. Import the signed KAC certificate onto the new node using the cryptocfg
--import command.
19. Register back the signed KAC CSR/Certificate onto the new node using the following
command:
Admin:switch> cryptocfg --reg -KACcert
20. Register the new node KAC Certificate with the DPM appliances and create an identity for this
node on the DPM appliance in the Identity Group and associate the identity with the newly
created signed certificate.
21. Register the DPM appliance cluster virtual IP and CA certificate onto this node. Import the key
vault certificate file using the following command:
Admin:switch> cryptocfg --import -scp
22. The DPM appliance can then be registered using the imported file using the following
command:
Admin:switch> cryptocfg --reg -keyvault
23. Remove the existing identity of the failed node from the DPM appliance Identity Group.
24. If a master key is not present, restore the master key from a backed up copy. Procedures will
differ depending on the backup media used (for example, recovery smart cards, from the key
vault, from a file on the network, or a file on a USB-attached device). Refer to Chapter 2,
“Configuring Encryption Using the Management Application.”
25. Check the encryption engine (EE) state using following command to ensure that the encryption
engine is online.
Admin:switch> cryptocfg --show -localEE
26. Set the defzone as allAccess on the new Brocade Encryption Switch, so the configuration from
the Fabric is pushed to new Brocade Encryption Switch.
27. Invoke the following command on the new Brocade Encryption Switch:
Admin:switch> cfgsave
28. Reconnect the FC Cables to the new Brocade Encryption Switch.
29. Invoke the cfgsave command on any switch in that fabric. The fabric configuration from the
existing fabric is merged into the new Brocade Encryption Switch.
- Fabric OS Encryption 1
- Document History 2
- Document Title iii 3
- 53-1002720-02 3
- Contents 5
- 53-1002922-01 10
- About This Document 15
- What’s new in this document 16
- Document conventions 16
- Command syntax conventions 17
- Notes, cautions, and warnings 17
- Additional information 18
- Getting technical help 19
- Document feedback 20
- Encryption Overview 21
- Terminology 22
- The Brocade Encryption Switch 24
- The FS8-18 blade 25
- FIPS mode 25
- Performance licensing 25
- Usage limitations 26
- FIGURE 2 Encryption overview 27
- FIGURE 3 Frame redirection 28
- IO Sync LAN 29
- FIGURE 5 DEK life cycle 30
- Master key management 31
- Support for virtual fabrics 31
- Encryption Center features 34
- Encryption user privileges 35
- Smart card usage 36
- Using system cards 41
- Deregistering system cards 43
- Using smart cards 43
- Tracking smart cards 44
- Editing smart cards 46
- Network connections 47
- Blade processor links 47
- (KAC) certificate 48
- Encryption preparation 55
- Creating an encryption group 55
- --initnode command 65
- --set -keyvault command 65
- --reg keyvault command 65
- Creating HA clusters 72
- Failback option 74
- Invoking failback 74
- Adding an encryption target 75
- FIGURE 46 Next Steps screen 83
- Configuring storage arrays 91
- Remote replication LUNs 91
- Moving targets 96
- Tape LUN statistics 99
- Encryption engine rebalancing 103
- Master keys 104
- Active master key 105
- Alternate master key 105
- Master key actions 106
- ATTENTION 107
- Creating a master key 113
- Security settings 114
- Setting zeroization 115
- Redirection zones 117
- Disk device decommissioning 117
- Decommissioning disk LUNs 118
- Displaying Universal IDs 120
- Setting disk LUN Re-key All 121
- Thin provisioned LUNs 125
- Thin Provisioning support 126
- General tab 133
- Members tab 135
- Members tab Remove button 136
- Security tab 137
- HA Clusters tab 139
- Tape Pools tab 141
- Adding tape pools 142
- Engine Operations tab 143
- TABLE 3 Encryption acronyms 144
- In this chapter 145
- Overview 146
- Command validation checks 146
- (Continued) 148
- Cryptocfg Help command output 150
- Management LAN configuration 150
- Configuring cluster links 151
- Node is a group leader node 152
- Node is a member node 152
- • FIPS crypto officer 153
- • FIPS user 153
- • Node CP certificate 153
- Submitting the CSR to a CA 156
- • cryptocfg --initEE 163
- • cryptocfg --regEE 163
- • cryptocfg --enableEE 163
- High availability clusters 168
- Creating an HA cluster 169
- Policy Configuration Examples 172
- Re-exporting a master key 173
- Viewing the master key IDs 174
- Zoning considerations 177
- Frame redirection zoning 178
- Gathering information 182
- Crypto LUN configuration 186
- Discovering a LUN 187
- Configuring a Crypto LUN 187
- Configuring a tape LUN 191
- Decommissioning LUNs 195
- SRDF LUNs 199
- SRDF pairs 200
- Adding replication LUNs 201
- Reading metadata after sync 202
- -newLUN option 203
- TF snapshot rekeying details 208
- ID> <initiator PWWN> 209
- -not_ready option of TF 209
- <initiator PWWN> 209
- Tape pool configuration 213
- Tape pool labeling 214
- NetBackup labeling 215
- NetWorker labeling 215
- Creating a tape pool 216
- Deleting a tape pool 216
- Modifying a tape pool 217
- First-time encryption 222
- Data rekeying 225
- Resource allocation 226
- Rekeying modes 226
- Deployment Scenarios 231
- --rdcreate [host wwn] 240
- FIGURE 103 FCIP deployment 242
- Data mirroring deployment 243
- VMware ESX server deployments 245
- General guidelines 248
- Enabling a disabled LUN 253
- HP-UX considerations 253
- AIX considerations 253
- Disk metadata 254
- Tape metadata 254
- Tape data compression 255
- Tape pools 255
- Tape block zero handling 256
- Tape key expiry 256
- Avoid double encryption 258
- PID failover 258
- Manual rekey 259
- Latency in rekey operations 259
- Key vault best practices 263
- Tape device LUN mapping 263
- Deleting an encryption group 269
- Removing an HA cluster member 269
- Deleting an HA cluster member 273
- Failover/failback example 274
- Recovery 275
- -hbmisses and -hbtimeout 280
- Key vault diagnostics 286
- --perfshow 287
- -portperfshow 287
- Command Activity 291
- Problem Resolution 291
- General errors and conditions 292
- LUN policy troubleshooting 299
- MPIO and internal LUN states 301
- Multi-node EG replacement 302
- Single-node EG replacement 304
- Multi-node EG Case 305
- Single-node EG Replacement 308
- Deregistering a DPM key vault 310
- FIGURE 111 DPM Clients page 311
- TABLE 15 Compatibility Matrix 313
- Encryption group Nodes 314
- State and Status Information 317
- Security processor KEK status 318
- Encrypted LUN states 318
- TABLE 22 Tape LUN states 321
Relacionado con productos y manuales para Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support
Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario
(324 paginas)
(324 paginas)
Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario
(322 paginas)
(322 paginas)
Accesorios De Computador Brocade Fabric OS Feature Support Matrix (Supporting Fabri Manual de usuario
(12 paginas)
(12 paginas)
Accesorios De Computador Brocade Fabric OS Command Reference (Supporting Fabric OS Manual de usuario
(127 paginas)
(127 paginas)
Accesorios De Computador Brocade Fabric OS Software Licensing Guide (Supporting Fab Manual de usuario
(58 paginas)
(58 paginas)
Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario
(300 paginas)
(300 paginas)
Accesorios De Computador Brocade Fabric OS Upgrade Guide (Supporting Fabric OS v7.3 Manual de usuario
(34 paginas)
(34 paginas)
Accesorios De Computador Brocade Fabric OS Troubleshooting and Diagnostics Guide (S Manual de usuario
(130 paginas)
(130 paginas)
Accesorios De Computador Brocade Fabric Watch Administrators Guide (Supporting Fabr Manual de usuario
(116 paginas)
(116 paginas)
Accesorios De Computador Brocade Flow Vision Administrators Guide (Supporting Fabri Manual de usuario
(90 paginas)
(90 paginas)
Accesorios De Computador Brocade Monitoring and Alerting Policy Suite Administrator Manual de usuario
(114 paginas)
(114 paginas)
Accesorios De Computador Brocade EZSwitchSetup Administrator’s Guide (Supporting 30 Manual de usuario
(64 paginas)
(64 paginas)
Accesorios De Computador Brocade FICON Administrator’s Guide (Supporting Fabric OS Manual de usuario
(126 paginas)
(126 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.078 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales