HP StorageWorks 8/8 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01, - Page 167
primary|secondary, Specifies the key vault as primary or secondary.
View all HP StorageWorks 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 167 highlights
cryptoCfg 2 vault_IP_addr Specifies the IP address of the NetApp LKM appliance. This operand is required. --dhresponse vault_IP_addr Accepts the LKM Diffie-Hellman response from the specified NetApp LKM appliance and generates the link key on the node on which this command is issued. The DH response occurs by an automatic trusted link establishment method. The LKM appliance must be specified by its vault_IP_addr. The DH challenge request must be approved on the Net App LKM appliance for this command to succeed. When quorum authentication is enabled (Quorum Size is > 0), this operation requires authentication of a quorum of authentication cards. Specifies the IP address of the NetApp LKM appliance. This operand is required. --zeroizeEE slot_number Zeroizes all critical security parameters on the local encryption switch or blade including all data encryption keys. This command is valid on all nodes. This command prompts for confirmation and should be exercised with caution. Specifies the slot number of the encryption engine to be zeroized on a bladed system. --delete -file local_name Deletes an imported file. The file must be specified by its local name. This command is valid on all nodes. Specifies the file to be deleted form the local directory where certificates are stored. --reg -KAClogin Registers the node KAC login credentials (username and password) with the configured key vaults. This command is valid only for the Thales nCipher (NCKA) and HPSKM key vaults. This command must be run on each member node. primary|secondary Specifies the key vault as primary or secondary. For the NCKA, run this command on both a primary and a secondary key vault. The system generates a username based on the switch WWN. The username and group under which the username should be created on the key vault are displayed when the command is executed. Configure the password on the switch and create the same username on the key vault. For the SKM, run this command only for the primary key vault. The login credential must match a valid username/password pair configured on the key vault. The same username/password must be configured on all the nodes of any given encryption group to prevent connectivity issues between the SKM and the switch. However, there is no enforcement from the switch to ensure the same username is configured on all nodes. Different encryption groups can use different usernames so long as all nodes in the group have the same username. Changing the username using -KAClogin renders the previously created keys inaccessible. When changing the username you must do the same on the key vault, and you must change the key owner for all keys of all LUNs through the SKM GUI. For downgrade considerations, refer to the Fabric OS Encryption Administrator's Guide. Fabric OS Command Reference 137 53-1001337-01