HP Brocade 8/12c Brocade Fabric OS Command Reference Manual Supporting Fabric - Page 213
Device decommissioning deletes or renders invalid all important information including keys stored
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 213 highlights
cryptoCfg 2 Operands The cryptoCfg transaction management function has the following operands: --help transcfg Displays the synopsis for the transaction management function. --commit Commits the transaction. This command saves the defined configuration to nonvolatile storage. Changes are persistent across reboots and power cycles. This command overwrites existing configuration parameters and therefore prompts for confirmation. This command is permitted only when the encryption group is in a converged state. The following operand is optional: -force Commits the transaction without confirmation. --transabort transaction_ID Aborts a pending database transaction for any device configurations invoked earlier through the CLI or DCFM interfaces. The following operand is required: transaction_ID Specifies the ID of the transaction to be aborted. Use --transshow to determine the currently pending transaction ID. --transshow Displays the pending database transaction for any device configurations invoked earlier through the CLI or DCFM interfaces. The command displays the transaction status (completed or pending), the transaction ID, and the transaction owner (CLI or DCFM) Function 6. Device decommissioning Synopsis cryptocfg --help -decommission cryptocfg --decommission -container container_name -initiator initiatator _PWWN -LUN LUN_num cryptocfg --delete -decommissionedkeyids cryptocfg --show -decommissionedkeyids cryptocfg --show -vendorspecifickeyid key_ID Description Use these cryptoCfg commands to decommission a disk LUN in the event that the storage device is to be reprovisioned, retired, or returned to the vendor. The decommission function renders all data on the disk media inaccessible before decommissioning the device. Device decommissioning deletes or renders invalid all important information including keys stored in the key vault, on the chip, and from the various internal caches, and it erases the metadata on the media to ensure that the data on the decommissioned device is irrecoverable. The following restrictions apply to device decommissioning: • Devices not encrypted on the Brocade Encryption platform or devices in cleartext cannot be decommissioned with this command. • All nodes in the encryption group must run Fabric OS v6.4.0 or later. • Device decommissioning does not work across a reboot. Rebooting terminates an ongoing decommissioning process and the command must be reissued after completing the reboot. • Device decommissioning is supported only with the LKM and RKM key vaults. • Decommissioning of tape devices or snap drive volumes is currently no supported. • Decommissioning does not automatically delete the keys. You must manually delete the keys from the key vault to complete the operation. Fabric OS Command Reference 181 53-1001764-01