Brocade Fabric OS Encryption Administrator’s Guide Support Manual de usuario Pagina 272
- Pagina / 300
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
254 Fabric OS Encryption Administrator’s Guide (LKM/SSKM)
53-1002925-01
Brocade Encryption Switch removal and replacement
6
Single-node EG Replacement
1. Upload the configuration stored on the Brocade Encryption Switch you are replacing using the
FOS configupload command.
2. Power off the Brocade Encryption Switch. Remove the Mgmt Link, I/O links, and FC cables from
the Brocade Encryption Switch, noting where each was attached so that the replacement
Brocade Encryption Switch can be cabled properly.
3. Power on the new Brocade Encryption Switch. Note that the FC cables have not yet been
plugged in.
4. Set the IP address for the new Brocade Encryption Switch using the ipAddrSet command for
both Mgmt and I/O links. Check that the switch name and domain ID associated with the
replacement switch match that of the original.
5. Initialize the new Brocade Encryption Switch node using following command:
Admin:switch> cryptocfg --initnode
6. Zeroize the new Brocade Encryption Switch.
Admin:switch> cryptocfg --zeroizeEE
7. If system card authentication was enabled, you must re-register the system card through the
BNA client for the new encryption engine.
8. Initialize the new encryption engine using the following command.
Admin:switch> cryptocfg --initEE [slotnumber]
9. Register the new encryption engine using the following command.
Admin:switch> cryptocfg --regEE [slotnumber]
10. Enable the new encryption engine using the following command.
Admin:switch> cryptocfg --enableEE [slotnumber]
11. Invoke the following command to cleanup any WWN entries which are used earlier.
Admin:switch> cryptocfg --reclaim -cleanup
12. Recreate the EG with the same name as before using the following command.
Admin:switch> cryptocfg –-create –encgroup <EG name>
13. Invoke configdownload from the previous uploaded configuration.
14. Enable the switch using the switchenable command.
15. Deregister both key vaults using the following command.
Admin:switch> crypocfg –-dereg –keyvault <label name>
16. Establish the trusted link with both the primary and secondary LKM/SSKMs from this node.
a. Invoke the following command on the new node:
Admin:switch> cryptocfg --dhchallenge <Key Vault IP>
- Fabric OS Encryption 1
- Administrator’s Guide 1
- Environments 1
- Document History 2
- Contents 3
- 53-1002925-01 10
- Appendix B LUN Policies 11
- About This Document 13
- What’s new in this document 14
- Document conventions 14
- Notes, cautions, and warnings 15
- Additional information 16
- Getting technical help 17
- Document feedback 18
- Encryption Overview 19
- Terminology 20
- The Brocade Encryption Switch 22
- The FS8-18 blade 23
- FIPS mode 23
- Performance licensing 23
- Usage limitations 24
- FIGURE 2 Encryption overview 25
- FIGURE 3 Frame redirection 26
- IO Sync LAN 27
- FIGURE 5 DEK life cycle 28
- Support for virtual fabrics 29
- Encryption Center features 32
- Encryption user privileges 33
- Smart card usage 34
- Using system cards 39
- Deregistering system cards 41
- Using smart cards 41
- Tracking smart cards 41
- Editing smart cards 44
- Network connections 45
- Blade processor links 45
- (KAC) certificate 46
- Encryption preparation 52
- Creating an encryption group 52
- (LKM/SSKM) 56
- --initnode command 61
- --set -keyvault command 61
- --reg keyvault command 61
- High availability clusters 68
- Creating HA clusters 69
- Failback option 71
- Invoking failback 71
- Adding an encryption target 72
- 4. Click Next 73
- FIGURE 44 Next Steps screen 79
- Configuring storage arrays 87
- Moving targets 90
- Tape LUN statistics 92
- Encryption engine rebalancing 97
- Security settings 98
- Setting zeroization 99
- Redirection zones 101
- Disk device decommissioning 101
- Decommissioning Disk LUNs 102
- Displaying Universal IDs 104
- Setting disk LUN Re-key All 105
- Thin provisioned LUNs 109
- Thin provisioning support 110
- General tab 117
- Members tab 118
- Members tab Remove button 120
- Security tab 121
- HA Clusters tab 123
- Link Keys tab 124
- Tape Pools tab 126
- Adding tape pools 127
- Engine Operations tab 128
- TABLE 3 Encryption acronyms 129
- In this chapter 131
- Overview 132
- Command validation checks 132
- (Continued) 134
- Cryptocfg Help command output 135
- Management LAN configuration 136
- Configuring cluster links 136
- Node is a group leader node 138
- Node is a member node 138
- • Node CP certificate 140
- Establishing the trusted link 145
- [output truncated] 146
- Creating an HA cluster 151
- TABLE 5 Group-wide policies 152
- Zoning considerations 153
- Frame redirection zoning 154
- Gathering information 158
- Crypto LUN configuration 162
- Discovering a LUN 163
- Configuring a Crypto LUN 164
- Configuring a tape LUN 167
- Modify example 169
- Decommissioning LUNs 175
- Tape pool configuration 179
- Tape pool labeling 180
- NetBackup labeling 181
- NetWorker labeling 181
- Creating a tape pool 182
- Deleting a tape pool 183
- Modifying a tape pool 183
- First-time encryption 184
- Data rekeying 187
- Resource allocation 188
- Rekeying modes 188
- 10:00:00:05:1e:53:37:99 191
- Operation Succeeded 191
- Deployment Scenarios 193
- --rdcreate [host wwn] 202
- VMware ESX server deployments 205
- General guidelines 210
- HP-UX considerations 214
- AIX Considerations 215
- Enabling a disabled LUN 215
- Disk metadata 216
- Tape metadata 216
- Tape data compression 217
- Tape pools 217
- Tape block zero handling 218
- Tape key expiry 218
- DF compatibility for tapes 218
- Avoid double encryption 221
- PID failover 221
- Key Vault Best Practices 225
- Tape Device LUN Mapping 225
- Deleting an encryption group 231
- Removing an HA cluster member 231
- Deleting an HA cluster member 235
- Failover/failback example 236
- Recovery 237
- -hbmisses and -hbtimeout 242
- Key vault diagnostics 248
- Command Activity 254
- Problem Resolution 254
- General errors and conditions 255
- SSKM recommendations 256
- LUN policy troubleshooting 262
- MPIO and internal LUN states 264
- Multi-node EG replacement 265
- Single-node EG replacement 267
- Multi-node EG Case 269
- Single-node EG Replacement 272
- Encryption group Nodes 276
- State and Status Information 279
- Security processor KEK status 280
- Encrypted LUN states 280
- TABLE 21 Tape LUN states 283
- LUN Policies 285
Relacionado con productos y manuales para Accesorios De Computador Brocade Fabric OS Encryption Administrator’s Guide Support
Accesorios De Computador Brocade Fabric OS Upgrade Guide (Supporting Fabric OS v7.3 Manual de usuario
(34 paginas)
(34 paginas)
Accesorios De Computador Brocade Fabric OS Troubleshooting and Diagnostics Guide (S Manual de usuario
(130 paginas)
(130 paginas)
Accesorios De Computador Brocade Fabric Watch Administrators Guide (Supporting Fabr Manual de usuario
(116 paginas)
(116 paginas)
Accesorios De Computador Brocade Flow Vision Administrators Guide (Supporting Fabri Manual de usuario
(90 paginas)
(90 paginas)
Accesorios De Computador Brocade Monitoring and Alerting Policy Suite Administrator Manual de usuario
(114 paginas)
(114 paginas)
Accesorios De Computador Brocade EZSwitchSetup Administrator’s Guide (Supporting 30 Manual de usuario
(64 paginas)
(64 paginas)
Accesorios De Computador Brocade FICON Administrator’s Guide (Supporting Fabric OS Manual de usuario
(126 paginas)
(126 paginas)
Accesorios De Computador Brocade Web Tools Administrators Guide (Supporting Fabric Manual de usuario
(274 paginas)
(274 paginas)
Accesorios De Computador Brocade 7800 Extension Switch Hardware Reference Manual Manual de usuario
(66 paginas)
(66 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.050 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales