Fabric OS Encryption Administrator's Guide
222 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Encryption group merge and split use cases
6
Configuration impact of encryption group split or node isolation
When a node is isolated from the encryption group or the encryption group is split to form separate
encryption group islands, the defined or registered node list in the encryption group is not equal to
the current active node list, and the encryption group is in a DEGRADED state rather than in a
CONVERGED state. Table 7 and Table 8 list configuration changes that are allowed and disallowed
under such conditions.
TABLE 7 Allowed Configuration Changes
Configuration Type Allowed configuration changes
Encryption group • Adding a node to the encryption group
• Removing a node from the encryption group
• Invoking a node leave command
• Deleting an encryption group
• Registering a member node (IP address, certificates)
HA cluster
• Removing an encryption engine from an HA cluster
• Deleting an HA cluster
Security & key vault
• Initializing a node
• Initializing an encryption engine
• Re-registering an encryption engine
• Zeroizing an encryption engine
TABLE 8 Disallowed Configuration Changes
Configuration Type Disallowed configuration changes
Security & key vault • Register or modify key vault settings
• Generating a master key
• Exporting a master key
• Restoring a master key
• Enabling or disabling encryption on an encryption engine
HA cluster
• Creating an HA cluster
• Adding an encryption engine to an HA cluster
• Modifying the failback mode
Crypto Device
(target/LUN/tape)
• Creating a CryptoTarget container
• Adding initiators or LUNs to a CryptoTarget container
• Removing initiators or LUNS from a CryptoTarget container
• Modifying LUNs or LUN policies
• Creating or deleting a tape pool
• Modifying a tape pool policy
• Starting a manual re-keying session
• Performing a manual failback of containers
• Deleting a CryptoTarget container