Dependencies for Failover and Failback

Entrust provides a vbscript called hcl-fs-service.vbs that is responsible for getting (via an online routine) and releasing (via an offline routine) keys from the KeyControl node for devices that are protected.

The order of events when disks are brought up or taken down is extremely important.

1. The cluster disk must be brought online for the node before the online routine is called.

   Note: The online routine calls hcl updateconfig, which handles the cases where Windows changes the order of disks on the system. This typically happens across reboots when there are multiple iSCSI targets configured on the same host.

2. The online routine calls hcl attach -a, which fetches keys for all devices that have been encrypted on that node. Therefore, this routine must be called before the CIFS service is brought online.
3. The offline routine calls hcl detach -a, which releases keys for all devices that have been encrypted on that node. Therefore, this routine must be called after the CIFS service is taken down.

The following illustrations show these dependencies: