beautypg.com

Dell POWEREDGE M1000E User Manual

Page 182

background image

150

Fabric OS Command Reference

53-1001764-02

cryptoCfg

2

--

dhchallenge

Establishes a link key agreement protocol between a node and an instance of
the primary or backup NetApp Lifetime Key Management (LKM) appliance.
This command generates the Diffie-Hellman challenge that is passed from
the node to the specified NetApp LKM appliance. When quorum
authentication is enabled and the quorum size is greater than zero, this
operation requires authentication of a quorum of authentication cards. This
command is valid on all nodes.

vault_IP_addr

Specifies the IP address of the NetApp LKM appliance. This operand is
required.

--

dhresponse

Accepts the LKM Diffie-Hellman response from the specified NetApp LKM
appliance and generates the link key on the node on which this command is
issued. The DH response occurs by an automatic trusted link establishment
method. The LKM appliance must be specified by its vault_IP_addr. The DH
challenge request must be approved on the Net App LKM appliance for this
command to succeed. When quorum authentication is enabled (Quorum Size
is > 0), this operation requires authentication of a quorum of authentication
cards.

vault_IP_addr

Specifies the IP address of the NetApp LKM appliance. This operand is
required.

--

zeroizeEE

Zeroizes all critical security parameters on the local encryption switch or
blade including all data encryption keys. This command is valid on all nodes.
This operation causes the encryption switch to reboot. When issued on a
chassis, it power-cycles the encryption blade only. This command prompts for
confirmation and should be exercised with caution.

slot

Specifies the slot number of the encryption engine to be zeroized on a bladed
system.

--

delete -file

Deletes an imported file. The file must be specified by its local name. This
command is valid on all nodes.

local_name

Specifies the file to be deleted form the local directory where certificates are
stored.

--

reg -KAClogin

Registers the node KAC login credentials (username and password) with the
configured key vaults. This command is valid only for the Thales nCipher
(NCKA) and HPSKM key vaults. This command must be run on each member
node.

primary|secondary

Specifies the key vault as primary or secondary.

For the NCKA, run this command on both a primary and a secondary key
vault. The system generates a username based on the switch WWN. The
username and group under which the username should be created on the
key vault are displayed when the command is executed. Configure the
password on the switch and create the same username on the key vault.

For the SKM, run this command only for the primary key vault. The login
credential must match a valid username/password pair configured on the key
vault. The same username/password must be configured on all the nodes of
any given encryption group to prevent connectivity issues between the SKM
and the switch. However, there is no enforcement from the switch to ensure