beautypg.com

Dell POWEREDGE M1000E User Manual

Page 178

background image

146

Fabric OS Command Reference

53-1001764-02

cryptoCfg

2

Use the --show localEE command to display encryption engine configuration parameters
pertaining to the local node. The command displays the following information:

EE Slot: Encryption engine slot number.

SP state: Security processor state. For a complete listing of SP states, refer to the Encryption
Administrator’s Guide, Appendix A.

Current master key ID (or primary link key ID) - Key ID or zero if not configured.

Alternate master key ID (or secondary link key- Key ID or zero if not configured.

HA cluster name to which this EE belongs, or "No HA cluster membership".

EE Attributes: The following attributes are displayed:

-

Link IP Address: Link IP address

-

Link GW IP Address: Link gateway W IP address

-

Link Net Mask: Link net mask

-

Link MAC Address: Link MAC address

-

Link MTU: The maximum transmission unit of the link

-

Link State: DOWN unless the EE is part of an HA cluster

-

Route Mode: Always “shared;” this parameter is not configurable

-

Media Type: TAPE, DISK, DISK/TAPE, or NOT DEFINED

-

Rebalance Recommended: No, Yes, or EE Busy (unspecified, try again to determine
rebalance recommendation)

-

System Card Label: Displayed only if a system card is registered

-

System Card CID: Displayed only if a system card is registered.

Remote EE Reachability: If the EE is part of an encryption group, the following information is
displayed for the peer. Node WWN/Slot, EE IP Address, EE State, and IO Link State. On a chassis
with multiple encryption blades, remote reachability information is displayed for all encryption
groups.

Note

The initial setup includes preparatory steps that are outside the scope of the cryptoCfg command.
For preinitialization procedures, refer to the Fabric OS Encryption Administrator’s Guide.

Operands

The cryptoCfg node initialization and configuration function has the following operands:

--

help -nodecfg

Displays the synopsis for the node initialization and configuration function.
This command is valid on all nodes.

--

initnode

Initializes the node to prepare for the configuration of encryption options.
Initialization must be performed on every node before configuration options
may be set and encryption may be enabled.

This command prompts for confirmation, because the --initnode function
overwrites any previously generated identification or authentication data on
the node. Successful execution generates the node CP certificate, the key
authentication center (KAC) certificate, the FIPS Crypto Officer, and the FIPS
User key pairs.

Some of the certificates generated with this command may need to be
exported so that they can be registered with external entities, such as the key
vault or the group leader, for mutual authentication. Refer to the Fabric OS
Encryption Administrator’s Guide for details.

See also other documents in the category Dell Computer Accessories: