HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 243

Encryption group database manual operations, Manually synchronizing the encryption group database

Page 243 highlights

Encryption group database manual operations 6 Encryption group database manual operations Manual intervention may be necessary if the encryption group databases or security databases of encryption group members are not synchronized. The following sections describe manual operations that enable you to do the following: • synchronize the encryption group database. • synchronize the security database. • abort a pending database transaction. Manually synchronizing the encryption group database The - -sync -encgroup command manually synchronizes the encryption group database belonging to the group leader node with the databases of all member nodes that are out of sync. If this command is invoked when the encryption group databases are in sync, the command is ignored. NOTE When the encryption group is out of sync and the group leader reboots, the newly selected group leader pushes its database information to all other members. The new group leader's database information may be different from what was set up before the group leader was rebooted. Manually synchronizing the security database This operation can resolve problems with master key propagation. The synchronization occurs every time this command is executed regardless of whether or not the security database was in sync across all nodes in the encryption group. Use the - -sync -securitydb command to distribute the security database from the group leader node to all member nodes. This command is valid only on the group leader. Aborting a pending database transaction You can abort a pending database transaction for any device configurations invoked earlier through the CLI or Management application interfaces by completing the following steps. 1. Use the - -transshow command to determine the currently pending transaction ID. The - -transshow command displays the pending database transaction for any device configurations invoked earlier through the CLI or DCFM interfaces. The command displays the transaction status (completed or pending), the transaction ID, and the transaction owner (CLI or DCFM). 2. Use the - -transabort command to abort the transaction, where specifies the ID of the transaction to be aborted. Key vault diagnostics With the introduction of Fabric OS 7.0.0, you can run key vault diagnostics tests to identify any key vault connectivity or key operation errors. You configure the key vault diagnostic test using the cryptocfg --kvdiag command. Fabric OS Encryption Administrator's Guide 223 53-1002159-03

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282

Fabric OS Encryption Administrator’s Guide
223
53-1002159-03
Encryption group database manual operations
6
Encryption group database manual operations
Manual intervention may be necessary if the encryption group databases or security databases of
encryption group members are not synchronized. The following sections describe manual
operations that enable you to do the following:
synchronize the encryption group database.
synchronize the security database.
abort a pending database transaction.
Manually synchronizing the encryption group database
The
- -sync -encgroup
command manually synchronizes the encryption group database belonging to
the group leader node with the databases of all member nodes that are out of sync. If this
command is invoked when the encryption group databases are in sync, the command is ignored.
NOTE
When the encryption group is out of sync and the group leader reboots, the newly selected group
leader pushes its database information to all other members. The new group leader’s database
information may be different from what was set up before the group leader was rebooted.
Manually synchronizing the security database
This operation can resolve problems with master key propagation. The synchronization occurs
every time this command is executed regardless of whether or not the security database was in
sync across all nodes in the encryption group.
Use the
- -sync -securitydb
command to distribute the security database from the group leader
node to all member nodes. This command is valid only on the group leader.
Aborting a pending database transaction
You can abort a pending database transaction for any device configurations invoked earlier through
the CLI or Management application interfaces by completing the following steps.
1.
Use the
- -transshow
command to determine the currently pending transaction ID.
The
- -transshow
command displays the pending database transaction for any device
configurations invoked earlier through the CLI or DCFM interfaces. The command displays the
transaction status (completed or pending), the transaction ID, and the transaction owner (CLI
or DCFM).
2.
Use the
- -transabort <transaction_ID>
command to abort the transaction, where
<transaction_ID>
specifies the ID of the transaction to be aborted.
Key vault diagnostics
With the introduction of Fabric OS 7.0.0, you can run key vault diagnostics tests to identify any key
vault connectivity or key operation errors. You configure the key vault diagnostic test using the
cryptocfg
--
kvdiag
command.