HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 210
Firmware download considerations, Firmware upgrades and downgrades
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 210 highlights
5 Firmware download considerations Firmware download considerations The encryption engine and the control processor or blade processor are reset after a firmware upgrade. Disruption of encryption I/O can be avoided if an HA cluster is configured. If encryption engines are configured in an HA cluster, perform firmware upgrades one encryption engine at a time so that the partner switch in the HA cluster can take over I/O by failover during firmware upgrade. When switches form a DEK cluster, firmware upgrades should also be performed one at a time for all switches in the DEK cluster to ensure that a host MPIO failover path is always available. Firmware upgrades and downgrades A downgrade to Fabric OS v6.2.0 results in the loss of the following functionality: • Fabric OS v6.2.0 supports only one HP SKM/ESKM key vault. Registering a second HP SKM/ESKM key vault will be blocked. • Fabric OS v6.2.0 uses brcduser1 as a standard user name when creating a Brocade group on SKM/ESKM. If you downgrade from version 6.3.0 or later to version 6.2.0, the user name is overwritten to brcduser1, and the Brocade group user name must be changed to brcduser1. • When doing a firmware upgrade to Fabric OS v7.0.0 or downgrade from Fabric OS v7.0.0, the message SPM-1016 will be observed on version 7.0.0 nodes in the encryption group (EG) when other nodes in that EG that are still running versions earlier than Fabric OS v7.0.0. Although this is a warning message, it is transient and is only observed during a firmware upgrade or downgrade operation. The message can be ignored. • The following warning can be ignored if the nodes in the EG are running different versions of Fabric OS. "2011/04/12-18:41:08, [SPM-1016], 17132, FID 128, WARNING, Security database is out of sync." General guidelines for a firmware upgrade of encryption switches and a DCX or DCX-4S with encryption blades in encryption groups, HA clusters, and DEK clusters are as follows: • Upgrade one node at time. • Do not perform a firmware upgrade when re-key operations and first time encryption operations are underway. • Do not start any manual re-key operations and first-time encryption operations during the firmware upgrade process for all nodes in the HA/DEK cluster. Guidelines for firmware upgrade of encryption switches and a DCX or DCX-4S with encryption blades deployed in a DEK cluster with two HA clusters: • Upgrade nodes in one HA cluster at a time. • Within an HA cluster, upgrade one node at a time. Guidelines for firmware upgrade of encryption switches and a DCX or DCX-4S with encryption blades deployed in DEK cluster with No HA cluster (each node hosting one path). • Upgrade one node at a time. • In the case of active/passive arrays, upgrade the node which is hosting the passive path first. Upgrade the node which is hosting active path next. The Host MPIO ensures that I/O fails over and fails back from active to passive and back to active during this firmware upgrade process. 190 Fabric OS Encryption Administrator's Guide 53-1002159-03