Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 4. Implementation scenarios and ... > Adding a second Encryption Switch fo... - Pg. 132

It is also possible to configure your CTCs so that only one EE in the HA cluster performs all the work and the second EE is purely standby in case the first EE fails or has its firmware updated. We will configure this active/standby scenario, because we already have one EE installed and running with all of our Fabric A CTCs. We will add a second EE for the purpose of HA. Typically, the requirement for HA suggests that dual fabrics are also in use. We will only show the steps for one fabric, but you can repeat the same steps for a second fabric. To add the second switch for HA, it already must be configured, registered with the TKLMs, and added to the EG. Because we already have described these tasks in previous sections, we will begin by assuming that these steps already have been performed and that the new SAN32B-E4 is FC-connected to the Fabric A switch. However, ensure that you do not forget to set the NTP time server on the new switch. With the new SAN32B-E4 Encryption Switch fabric attached and already in our EG, we are ready to define an HA cluster. First, we determine which EE is the Group Leader (GL) by issuing cryptocfg --show -groupmember -all for any of the existing EEs. Then after logging on to the GL, we issue the cryptocfg command, as shown in Example 4-28, to create an HA cluster named enc_ha_fabA. We must specify the WWN of the GL Encryption Switch, which was determined from the show groupmember output. You do not need to add the existing EE to the HA cluster. It is added automatically, because it is in the same fabric as the new EE that we have just added. Example 4-28 Using the CLI to create an HA cluster SAN32B-E4-1:admin> cryptocfg --create -hacluster enc_ha_fabA 10:00:00:05:1e:54:17:10