Dell Brocade 6520 Command Reference Supporting Fabric OS v7.1.0 - Page 210
cryptocfg --sync -encgroup
View all Dell Brocade 6520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 210 highlights
2 cryptoCfg cryptocfg --show -mkexported_keyids key_id cryptocfg --show -groupcfg cryptocfg --show -groupmember -all | node_WWN cryptocfg --show -egstatus -cfg | -stat cryptocfg --sync -encgroup cryptocfg --sync -securitydb cryptocfg --perfshow [slot] [-tx | -rx | -tx -rx] [-t interval] DESCRIPTION Use these cryptoCfg commands to create or delete an encryption group, to add or remove group member nodes, key vaults, and authentication cards, to enable or disable system cards, to enable quorum authentication and set the quorum size, to manage keys including key recovery from backup, to configure group-wide policies, and to sync the encryption group databases. An encryption group is a collection of encryption engines that share the same key vault and are managed as a group. All EEs in a node are part of the same encryption group. An encryption group can include up to four nodes, and each node can contain up to four encryption engines. The maximum number of EEs per encryption group is sixteen (four per member node). With the exception of the --help and --show commands, all group configuration functions must be performed from the designated group leader. The encryption switch or blade on which you create the encryption group becomes the designated group leader. The group leader distributes all relevant configuration data to the member nodes in the encryption group. The groupCfg commands include three display options that show group configuration, runtime status, and group member information. Refer to the Appendix of the Fabric OS Encryption Administrator's Guide for a more comprehensive explanation of system states. Use the --show -groupcfg command to display encryption group and member configuration parameters, including the following parameters: • Encryption group name: user-defined label • Encryption group policies: - Failback mode: Auto or Manual - Replication mode: Enabled or Disabled - Heartbeat misses: numeric value - Heartbeat timeout: value in seconds - Key Vault Type: LKM, DPM, SKM, TEKA, KMIP, or TKLM - System Card: Disabled or Enabled • For each configured key vault, primary and secondary, the command shows: - IP address: The key vault IP address - Certificate ID: the key vault certificate name - State: connected, disconnected, up, authentication failure, or unknown. - Type: LKM, DPM, SKM, TEKA, or TKLM If an SKM key vault is configured in HA mode, no connection information is displayed because the system is unable to detect the connection status of an SKM appliance in an HA configuration. 182 Fabric OS Command Reference 53-1002746-01