Dell POWEREDGE M1000E User Manual
Page 212
184
Fabric OS Command Reference
53-1002746-01
cryptoCfg
2
-
IP address: the node IP address
-
Certificate: the node CP certificate name (user-defined)
-
Current master key (or primary link key) state: Not configured, Saved, Created, Propagated,
Valid, or Invalid.
-
Current master key ID (or primary link key ID): Shows key ID or zero if not configured.
-
Alternate master key (or secondary link key) state: Not configured, Saved, Created,
Propagated, Valid, or Invalid.
-
Alternate master key ID (or secondary link key ID): Shows key ID or zeroif not configured.
•
For each encryption engine, the command displays the following parameters:
-
EE slot number: the encryption engine slot number
-
SP state: refer to the appendix in the Fabric OS Encryption Administrator's Guide. Current
master key ID (if DPM is configured) or primary link key ID (if LKM is configured).
-
Alternate master key ID (if DPM is configured) or secondary link keyID (if LKM is configured).
-
HA cluster name to which this encryption engine belongs, or "No HA cluster membership".
-
Media Type: DISK, TAPE, or MEDIA NOT DEFINED.
Use the --show -egstatus command with the -stat or -cfg option to display configuration or status
information for all nodes in the encryption group. This command displays a superset of information
included in the -groupcfg, -groupmember and -hacluster show commands. Refer to these commands
for a description of display details.
NOTES
All encryption engines in the encryption group must be interconnected through a dedicated local area
network (LAN), preferably on the same subnet and on the same VLAN using the GbE ports on the
encryption switch or blade. The two GbE ports of each member node (Eth0 and Eth1) should be
connected to the same IP Network, the same subnet, and the same VLAN. Configure the GbE ports (I/O
sync links) with an IP address for the eth0 Ethernet interface, and also configure a gateway for these I/O
sync links. Refer to the ipAddrSet help page for instructions on configuring the Ethernet interface.
These I/O sync link connections must be established before you enable the EEs for encryption. If these
configuration steps are not performed, you cannot create an HA cluster, perform a first-time encryption,
or initiate a rekeying session.
OPERANDS
The cryptoCfg group configuration function has the following operands:
--help -groupcfg
Displays the synopsis for the group configuration function. This command is valid
on all nodes.
--create -encgroup
Creates an encryption group. The node on which this command is invoked
becomes the group leader. You must specify a name when creating an encryption
group. If stale encryption configurations exist on the node, this command displays
a warning and prompts for confirmations to delete the configurations before
creating the encryption group. A "no" response aborts the operation.
encryption_group_name
Specifies the name of the encryption group to be created. The name can be up to
15 characters long and include alphanumeric characters and underscores. White
space, hyphens, and other special characters are not permitted.
--delete -encgroup
Deletes an encryption group with the specified name. This command is valid only
on the group leader. This command fails if the encryption group has more than
one node, or if any HA cluster configurations, CryptoTarget container/LUN
configurations, or tape pool configurations exist in the encryption group. Remove
excess member nodes and clear all HA cluster, CryptoTarget container/LUN, or
tape pool configurations before deleting an encryption group.