Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 260

background image

230

Fabric OS Command Reference

53-1003131-01

cryptoCfg

2

OPERANDS

The cryptoCfg transaction management function has the following operands:

--help transcfg

Displays the synopsis for the transaction management function.

--commit

Commits the transaction. This command saves the defined configuration to
nonvolatile storage. Changes are persistent across reboots and power cycles.
This command overwrites existing configuration parameters and therefore
prompts for confirmation. This command is permitted only when the encryption
group is in a converged state.

The following operand is optional:

-force

Commits the transaction without confirmation.

--transabort transaction_ID

Aborts a pending database transaction for any device configurations invoked
earlier through the CLI or DCFM interfaces. The following operand is required:

transaction_ID

Specifies the ID of the transaction to be aborted. Use the --transshow command
to determine the currently pending transaction ID.

--transshow

Displays the pending database transaction for any device configurations invoked
earlier through the CLI or DCFM interfaces. The command displays the
transaction status (completed or pending), the transaction ID, and the transaction
owner (CLI or DCFM)

FUNCTION

6. Device decommissioning

SYNOPSIS

cryptocfg --help -decommission

cryptocfg --decommission -container container_name
-initiator initiatator _PWWN -LUN LUN_num

cryptocfg --delete -decommissionedkeyids

cryptocfg --show -decommissionedkeyids

cryptocfg --show -vendorspecifickeyid key_ID

DESCRIPTION

Use these cryptoCfg commands to decommission a disk LUN in the event that the storage device is to
be reprovisioned, retired, or returned to the vendor. The decommission function renders all data on the
disk media inaccessible before decommissioning the device.

Device decommissioning deletes or renders invalid all important information including keys stored in the
key vault, on the chip, and from the various internal caches, and it erases the metadata on the media to
ensure that the data on the decommissioned device is irrecoverable.

The following restrictions apply to device decommissioning:

Devices not encrypted on the Brocade Encryption platform or devices in cleartext cannot be
decommissioned with this command.

All nodes in the encryption group must run Fabric OS v6.4.0 or later.

All nodes in the encryption group must run Fabric OS v7.1.0 or later when keyvault type is not set to
DPM or LKM.