beautypg.com

Dell POWEREDGE M1000E User Manual

Page 187

background image

Fabric OS Command Reference

155

53-1001764-02

cryptoCfg

2

encryption_group_name

Specifies the name of the encryption group to be created. The name can be
up to 15 characters long and include alphanumeric characters and
underscores. White space, hyphens, and other special characters are not
permitted.

--

delete -encgroup

Deletes an encryption group with the specified name. This command is valid
only on the group leader. This command fails if the encryption group has
more than one node, or if any HA cluster configurations, CryptoTarget
container/LUN configurations, or tape pool configurations exist in the
encryption group. Remove excess member nodes and clear all HA cluster,
CryptoTarget container/LUN, or tape pool configurations before deleting an
encryption group.

encryption_group_name

Specifies the name of the encryption group to be deleted. This operand is
required when deleting an encryption group.

--

reg -keyvault

Registers the specified key vault (primary or secondary) with the encryption
engines of all nodes present in an encryption group. Upon successful
registration, a connection to the key vault is automatically established. This
command is valid only on the group leader. Registered certificates are
distributed from the group leader to all member nodes in the encryption
group. Each node in the encryption group distributes the certificates to their
respective encryption engines.

The following operands are required when registering a key vault:

cert_label

Specifies the key vault certificate label. This is a user-generated name for the
specified key vault. Use cryptocfg --show -groupcfg to view the key vault
label after registration is complete.

certfile

Specifies the certificate file. This file must be imported prior to registering the
key vault and reside in the predetermined directory where certificates are
stored. In the case of the HP SKM, this operand specifies the CA file, which is
the certificate of the signing authority on the SKM. Use --show -file -all for a
listing of imported certificates.

hostname | ip_address

Specifies the key vault by providing either a host name or IP address. If you
are registering a key vault that is part of an RKM cluster, the value for
ip_address is the virtual IP address for the RKM cluster and not the address
of the actual key vault.

primary | secondary

Specifies the key vault as either primary or secondary. The secondary key
vault serves as backup.

--

dereg -keyvault

Removes the registration for a specified key vault. The key vault registration is
identified by specifying the certificate label. Removing a key vault registration
disconnects the key vault. This command is valid only on the group leader.

cert_label

Specifies the key vault certificate label. This operand is required when
removing the registration for a key vault.