HP 8/24 Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, Apri - Page 150
Key vault type: LKM, RKM, SKM, Failback mode: Auto or Manual
View all HP 8/24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 150 highlights
2 cryptoCfg cryptocfg --eject -membernode node_WWN cryptocfg --leave_encryption_group cryptocfg --genmasterkey cryptocfg --exportmasterkey [-file] cryptocfg --recovermasterkey currentMK | alternateMK -keyID keyID | -srcfile filename cryptocfg --show -groupcfg cryptocfg --show -groupmember -all | node_WWN Description Use these cryptoCfg commands to create or delete an encryption group, to add or remove group member nodes or key vaults, to manage keys including key recovery from backup, and to configure group-wide policies, such as failover and Heartbeat. An encryption group is a collection of encryption engines that share the same key vault and are managed as a group. All EEs in a node are part of the same encryption group. Fabric OS v6.2.0 supports up to four nodes per encryption group, and up to two encryption engines per node. The maximum number of EEs per encryption group is eight. With the exception of the --help and --show commands, all group configuration functions must be performed from the designated group leader. The encryption switch or blade on which you create the encryption group becomes the designated group leader. The group leader distributes all relevant configuration data to the member nodes in the encryption group. The groupCfg commands includes two display options that show group configuration and group member information. Refer to the Appendix of the Fabric OS Encryption Administrator's Guide for a more comprehensive explanation of system states. Use --show -groupcfg to display encryption group and member configuration parameters, including the following: • Encryption group name • Encryption group policies: - Failback mode: Auto or Manual - Heartbeat misses: value - Heartbeat timeout: value in seconds • For each configured key vault, primary and secondary, the command shows: - IP address - Certificate ID - Certificate label: user-generated file name - State: connected, disconnected, up, authentication failure, or unknown. - Key vault type: LKM, RKM, SKM If an SKM key vault is configured in HA mode, no connection information is displayed because the system is unable to detect the connection status of an SKM appliance in an HA configuration. Refer to the example section for an illustration. • Node list display includes: - Total number of defined nodes 122 Fabric OS Command Reference 53-1001186-01