Dell POWEREDGE M1000E User Manual
Page 205
Fabric OS Command Reference
177
53-1002746-01
cryptoCfg
2
For the SKM, run this command only for the primary key vault. The login
credential must match a valid username/password pair configured on the key
vault. The same username/password must be configured on all the nodes of
any given encryption group to prevent \ivity issues between the SKM and
the switch. However, there is no enforcement from the switch to ensure the
same username is configured on all nodes. Different encryption groups can
use different usernames so long as all nodes in the group have the same
username. Changing the username using -KAClogin renders the previously
created keys inaccessible. When changing the username you must do the same
on the key vault, and you must change the key owner for all keys of all LUNs
through the SKM GUI. For downgrade considerations, refer to the Fabric OS
Encryption Administrator's Guide.
--show
Displays node configuration information. This command requires one of the
following mutually exclusive operands:
-localEE
Displays encryption engine information local to the node.
-file -all
Displays all imported certificates. The -all parameter is required with the --show
-file command.
--rebalance [slot]
Rebalances the disk and tape containers to maximize throughput. Rebalancing is
recommended after containers have been added, removed, moved, failed over,
and failed back. This is a disruptive operation. You may have to restart backup
applications after rebalancing is complete. Optionally specify a slot number on
bladed systems.
--kvdiag -enable
Enables the keyvault diagnostics. When enabled, this command checks
connectivity, configuration parameter retrieval, and readiness for key retrieval and
archival at specified intervals. You can configure the tests to run separately for
each encryption node. The actions of this command are diagnostic only; no
corrective measures are taken. Key vault connectivity errors are reported through
RASlog messages. Logs are stored in /etc/fabos/mace/kvdiag.log. The key vault
diagnostics is by default enabled.
--kvdiag -disable
Disables the key vault diagnostics.
--kvdiag -show
Displays the current configuration of the key vault diagnostics, including the
enabled status, configured time interval, and test types.
--kvdiag -interval interval
Specifies the time interval at which the test is repeated (in minutes). Valid values
are 1 through 2147483647. The default value is 5 minutes. This operand is valid
only if key vault diagnostics is enabled.
--kvdiag -type type
Specifies the type of key vault test. Valid test types include the following:
connect
Monitors key vault connectivity. Disconnect and reconnect events generate a
RASlog message.
config
Retrieves configuration parameters from the key vault.