beautypg.com

Dell POWEREDGE M1000E User Manual

Page 184

background image

152

Fabric OS Command Reference

53-1001764-02

cryptoCfg

2

cryptocfg --show -groupmember -all | node_WWN

cryptocfg --show -egstatus -cfg | -stat

cryptocfg --sync -encgroup

cryptocfg --sync -securitydb

Description

Use these cryptoCfg commands to create or delete an encryption group, to add or remove group
member nodes, key vaults, and authentication cards, to enable or disable system cards, to enable
quorum authentication and set the quorum size, to manage keys including key recovery from
backup, to configure group-wide policies, and to sync the encryption group databases.

An encryption group is a collection of encryption engines that share the same key vault and are
managed as a group. All EEs in a node are part of the same encryption group. Fabric OS v6.2.0 and
later support up to four nodes per encryption group, and up to two encryption engines per node.
The maximum number of EEs per encryption group is sixteen (four per member node).

With the exception of the --help and --show commands, all group configuration functions must
be performed from the designated group leader. The encryption switch or blade on which you
create the encryption group becomes the designated group leader. The group leader distributes all
relevant configuration data to the member nodes in the encryption group.

The groupCfg commands include three display options that show group configuration, runtime
status, and group member information. Refer to the Appendix of the Fabric OS Encryption
Administrator’s Guide for a more comprehensive explanation of system states.

Use --show -groupcfg to display encryption group and member configuration parameters,
including the following:

Encryption group name: user-defined label

Encryption group policies:

-

Failback mode: Auto or Manual

-

Replication mode: Enabled or Disabled

-

Heartbeat misses: numeric value

-

Heartbeat timeout: value in seconds

-

Key Vault Type: LKM, RKM, SKM, or NCKA

-

System Card: Disabled or Enabled

For each configured key vault, primary and secondary, the command shows:

-

IP address: The key vault IP address

-

Certificate ID: the key vault certificate name

-

State: connected, disconnected, up, authentication failure, or unknown.

-

Type: LKM, RKM, SKM, or NCKA
If an SKM key vault is configured in HA mode, no connection information is displayed
because the system is unable to detect the connection status of an SKM appliance in an
HA configuration.

See also other documents in the category Dell Computer Accessories: