HP 8/8 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 131
High Availability (HA) cluster configuration, HA cluster configuration rules, Creating an HA cluster
View all HP 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 131 highlights
High Availability (HA) cluster configuration 3 High Availability (HA) cluster configuration An HA cluster consists of two encryption engines configured to host the same CryptoTargets and to provide Active/Standby failover and failback capabilities in a single fabric. Failover is automatic (not configurable). Failback occurs automatically by default, but is configurable with a manual failback option. All encryption engines in an HA cluster share the same DEK for a disk or tape LUN. An HA cluster has the following limitations: • The encryption engines that are part of an HA cluster must belong to the same encryption group and be part of the same fabric. • An HA cluster cannot span fabrics and it cannot provide failover/failback capability within a fabric transparent to host MPIO software. NOTE Failure to ensure that HA cluster members are part of the same encryption group dissolves the HA cluster and the encryption engines lose their failover capability. HA cluster configuration rules The following rules apply when configuring an HA cluster: • All HA cluster configuration and related operations must be performed on the group leader. • Cluster links must be configured before creating an HA cluster. Refer to the section "Configuring cluster links" on page 98 for instructions. • Configuration changes must be committed before they take effect. Any operation related to an HA cluster that is performed without a commit operation will not survive across switch reboots, power cycles, CP failover, or HA reboots. • It is recommended that the HA cluster configuration be completed before you configure storage devices for encryption. • It is mandatory that the two encryption engines in the HA cluster belong to two different nodes for true redundancy. This is always the case for Brocade encryption switches, but is not true if two FS8-18 blades in the same DCX or DCX-4S chassis are configured in the same HA cluster. In Fabric OS version 6.3.0 and later releases, HA cluster creation is blocked when encryption engines belonging to FS8-18 blades in the same DCX or DCX-4S are specified. Creating an HA cluster 1. Log into the group leader as Admin or SecurityAdmin. 2. Enter the cryptocfg --create -hacluster command. Specify a name for the HA cluster and optionally add the node WWN of the encryption engine you wish to include in the HA cluster. Provide a slot number if the encryption engine is a blade. The following example creates an HA cluster named "HAC1" with two encryption engines. SecurityAdmin:switch>cryptocfg --create -hacluster HAC1 \ 11:22:33:44:55:66:77:00 10:00:00:05:1e:53:74:87 3 EE Node WWN: 11:22:33:44:55:66:77:00 Slot number: 0 Detected EE Node WWN: 10:00:00:05:1e:53:74:87 Slot number: 3 Detected Create HA cluster status: Operation succeeded. Fabric OS Encryption Administrator's Guide 113 53-1001864-01