beautypg.com

Dell POWEREDGE M1000E User Manual

Page 186

background image

154

Fabric OS Command Reference

53-1001764-02

cryptoCfg

2

For each node, the display includes the following:

-

Node Name: the node WWN

-

State: DISCOVERED = The node is part of the encryption group.

DISCOVERING = The node is in the process of discovery.

-

Role: GroupLeader or MemberNode

-

IP address: the node IP address

-

Certificate: the node CP certificate name (user-defined)

-

Current master key (or primary link key) state: Not configured, Saved, Created, Propagated,
Valid, or Invalid.

-

Current master key ID (or primary link key ID): Shows key ID or zero if not configured.

-

Alternate master key (or secondary link key) state: Not configured, Saved, Created,
Propagated, Valid, or Invalid.

-

Alternate master key ID (or secondary link key ID): Shows key ID or zero if not configured.

For each encryption engine, the command displays the following:

-

EE slot number: the encryption engine slot number

-

SP state: refer to the appendix in the Fabric OS Encryption Administrator’s Guide

-

Current master key ID (if RKM is configured) or primary link key ID (if LKM is configured).

-

Alternate master key ID (if RKM is configured) or secondary link keyID (if LKM is
configured).

-

HA cluster name to which this encryption engine belongs, or “No HA cluster membership”.

-

Media Type: DISK, TAPE, or MEDIA NOT DEFINED.

Use --show -egstatus with the -stat or -cfg option to display configuration or status information for
all nodes in the encryption group. This command displays a superset of information included in the
-groupcfg, -groupmember and -hacluster show commands. Refer to these commands for a
description of display details.

Note

All encryption engines s in the encryption group must be interconnected through a dedicated local
area network (LAN), preferably on the same subnet and on the same VLAN using the GbE ports on
the encryption switch or blade. The two GbE ports of each member node (Eth0 and Eth1) should be
connected to the same IP Network, the same subnet, and the same VLAN. Configure the GbE ports
(I/O sync links) with an IP address for the eth0 Ethernet interface, and also configure a gateway for
these I/O sync links. Refer to the ipAddrSet help page for instructions on configuring the Ethernet
interface.

These I/O sync link connections must be established before you enable the EEs for encryption. If
these configuration steps are not performed, you cannot create an HA cluster, perform a first-time
encryption, or initiate a rekeying session.

Operands

The cryptoCfg group configuration function has the following operands:

--

help -groupcfg

Displays the synopsis for the group configuration function. This command is
valid on all nodes.

--

create -encgroup

Creates an encryption group. The node on which this command is invoked
becomes the group leader. You must specify a name when creating an
encryption group.