Setting an HA Group Member to Standby

Some HA group members can be designated as standby members. Standby members do not perform any cryptographic operations unless all active members have failed (see Standby Members for details). They are useful as a last resort against loss of application service.

Prerequisites

>The partition you want to designate as a standby member must already be a member of the HA group (see Adding/Removing an HA Group Member).

>The Crypto Officer must perform this procedure.

To set an HA group member to standby

1.[Optional] Check the serial number of the member you wish to set to standby mode.

lunacm:> hagroup listgroups

2.Set the desired member to standby mode by specifying the serial number.

lunacm:> hagroup addstandby -group <label> -serialnumber <member_serialnum>

lunacm:> hagroup addstandby -group myHAgroup -serialnumber 2855496365544

        The member 2855496365544 was successfully added to the standby list for the HA Group myHAgroup.


Command Result : No Error
To make a standby HA member active

NOTE   By default, a Luna Cloud HSM service from Thales DPoD is always added to an HA group as a standby member. If you prefer to use the Luna Cloud HSM service as an active HA member, you must first edit the following toggle in the Chrystoki.conf/crystoki.ini configuration file (see Configuration File Summary):

[Toggles]
lunacm_cv_ha_ui = 0

1.[Optional] Check the serial number of the standby member.

lunacm:> hagroup listgroups

        If you would like to see synchronization data for group myHAgroup,
        please enter the password for the group members. Sync info
        not available in HA Only mode.

        Enter the password: ********


              HA auto recovery:  disabled
              HA recovery mode:  activeBasic
   Maximum auto recovery retry:  0
   Auto recovery poll interval:  60 seconds
                    HA logging:  disabled
            Only Show HA Slots:  no

                HA Group Label:  myHAgroup
               HA Group Number:  11238700701509
              HA Group Slot ID:  5
               Synchronization:  enabled
                 Group Members:  154438865287, 1238700701509
                    Needs sync:  no
              Standby Members:  2855496365544


Slot #    Member S/N                      Member Label    Status
======    ==========                      ============    ======
     0  154438865287                              par0     alive
     1  1238700701509                             par1     alive
     2  2855496365544                             par2     alive

2.Remove the member from standby and return it to active HA use.

lunacm:> hagroup removestandby -group <label> -serialnumber <member_serialnum>

lunacm:> hagroup removestandby -group myHAgroup -serialnumber 2855496365544

        The member 2855496365544 was successfully removed from the standby list for the HA Group myHAgroup.


Command Result : No Error