Fabric OS Command Reference
163
53-1001764-01
cryptoCfg
2
For the SKM, run this command only for the primary key vault. The login
credential must match a valid username/password pair configured on the key
vault.
The same username/password must be configured on all the nodes of
any given encryption group to prevent \ivity issues between the SKM and
the switch. However, there is no enforcement from the switch to ensure the
same username is configured on all nodes
. Different encryption groups can
use different usernames so long as all nodes in the group have the same
username. Changing the username using
-KAClogin
renders the previously
created keys inaccessible. When changing the username you must do the same
on the key vault, and you must change the key owner for all keys of all LUNs
through the SKM GUI. For downgrade considerations, refer to the
Fabric OS
Encryption Administrator's Guide
.
--show
Displays node configuration information. This command requires one of the
following mutually exclusive operands:
-localEE
Displays encryption engine information local to the node.
-file -all
Displays all imported certificates. The
-all
parameter is required with the
--show
-file
command.
--rebalance
[
slot
]
Rebalances the disk and tape containers to maximize throughput. Rebalancing is
recommended after containers have been added, removed, moved, failed over,
and failed back. This is a disruptive operation. You may have to restart backup
applications after rebalancing is complete. Optionally specify a slot number on
bladed systems.
--kvdiag -enable
Enables the keyvault diagnostics. When enabled, this command checks
connectivity, configuration parameter retrieval, and readiness for key retrieval and
archival at specified intervals. You can configure the tests to run separately for
each encryption node. The actions of this command are diagnostic only; no
corrective measures are taken. Key vault connectivity errors are reported through
RASlog messages. Logs are stored in /etc/fabos/mace/kvdiag.log. The key vault
diagnostics is by default enabled.
--kvdiag -disable
Disables the key vault diagnostics.
--kvdiag -show
Displays the current configuration of the key vault diagnostics, including the
enabled status, configured time interval, and test types.
--kvdiag -interval interval
Specifies the time interval at which the test is repeated (in minutes). Valid values
are 1 through 2147483647. The default value is 5 minutes. This operand is valid
only if key vault diagnostics is enabled.
--kvdiag -type
type
Specifies the type of key vault test. Valid test types include the following:
connect
Monitors key vault connectivity. Disconnect and reconnect events generate a
RASlog message.
config
Retrieves configuration parameters from the key vault.
Содержание Fabric OS v7.0.1
Страница 1: ...53 1002447 01 15 December 2011 Fabric OS Command Reference Supporting Fabric OS v7 0 1 ...
Страница 6: ...vi Fabric OS Command Reference 53 1002447 01 ...
Страница 30: ...4 Fabric OS Command Reference 53 1002447 01 Using the command line interface 1 ...
Страница 118: ...92 Fabric OS Command Reference 53 1001764 01 ceePortLedTest 22 ceePortLedTest DESCRIPTION See portLedTest SEE ALSO None ...
Страница 270: ...244 Fabric OS Command Reference 53 1001764 01 exit 22 exit DESCRIPTION See logout SEE ALSO None ...
Страница 1132: ...1106 Fabric OS Command Reference 53 1002447 01 General Fabric OS commands and permissions A ...