manualshive.com logo in svg

NetApp AFF A700s, Руководство пользователя

Поделиться
Скачать
NetApp AFF A700s Скачать руководство пользователя страница 5

b. Verify that the 

Restored

 column displays 

yes

 for all authentication keys and that all key managers

display 

available

security key-manager query

c. Shut down the impaired controller.

3. If you saw the message This command is not supported when onboard key management is enabled,

display the keys stored in the onboard key manager: 

security key-manager key show -detail

a. If the 

Restored

 column displays 

yes

 manually back up the onboard key management information:

Go to advanced privilege mode and enter 

y

 when prompted to continue: 

set -priv advanced

Enter the command to display the OKM backup information: 

security key-manager backup

show

Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.

Return to admin mode: 

set -priv admin

Shut down the impaired controller.

b. If the 

Restored

 column displays anything other than 

yes

:

Run the key-manager setup wizard: 

security key-manager setup -node

target/impaired node name

Enter the customer’s onboard key management passphrase at the prompt. If the
passphrase cannot be provided, contact 

mysupport.netapp.com

Verify that the 

Restored

 column displays 

yes

 for all authentication key: 

security key-

manager key show -detail

Go to advanced privilege mode and enter 

y

 when prompted to continue: 

set -priv advanced

Enter the command to display the OKM backup information: 

security key-manager backup

show

Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.

Return to admin mode: 

set -priv admin

You can safely shutdown the controller.

Verify NSE configuration

Steps

1. Display the key IDs of the authentication keys that are stored on the key management servers: 

security

key-manager query

If the 

Restored

 column displays 

yes

 and all key managers display 

available

, it’s safe to shut down

the impaired controller.

If the 

Restored

 column displays anything other than 

yes

, or if any key manager displays

unavailable

, you need to complete some additional steps.

If you see the message This command is not supported when onboard key management is enabled,
you need to complete some other additional steps

2. If the 

Restored

 column displayed anything other than 

yes

, or if any key manager displayed

3

Содержание AFF A700s

Страница 1: ...edia ONTAP Systems NetApp June 13 2022 This PDF was generated from https docs netapp com us en ontap systems a700s bootmedia replace overview html on June 13 2022 Always check docs netapp com for the...

Страница 2: ...ard encryption keys AFF A700s 1 Shut down the controller AFF A700s 8 Replace the boot media AFF A700s 8 Transfer the boot image to the boot media AFF A700s 12 Boot the recovery image AFF A700s 17 Rest...

Страница 3: ...atus of the onboard encryption keys you must check the status of the impaired controller disable automatic giveback and check the version of ONTAP that is running If you have a cluster with more than...

Страница 4: ...ume show is encrypted true If any volumes are listed in the output NVE is configured and you need to verify the NVE configuration If no volumes are listed check whether NSE is configured 3 Check wheth...

Страница 5: ...ssphrase at the prompt If the passphrase cannot be provided contact mysupport netapp com Verify that the Restored column displays yes for all authentication key security key manager key show detail Go...

Страница 6: ...recover OKM Return to admin mode set priv admin Shut down the impaired controller b If the Restored column displays anything other than yes Run the key manager setup wizard security key manager setup...

Страница 7: ...ager types If the Key Manager type displays external and the Restored column displays yes it s safe to shut down the impaired controller If the Key Manager type displays onboard and the Restored colum...

Страница 8: ...arate file or your log file You ll need it in disaster scenarios where you might need to manually recover OKM g Return to admin mode set priv admin h You can safely shut down the controller Verify NSE...

Страница 9: ...c You can safely shut down the controller 3 If the Key Manager type displays onboard and the Restored column displays anything other than yes a Enter the onboard security key manager sync command secu...

Страница 10: ...your log file This command may not work if the boot device is corrupted or non functional Replace the boot media AFF A700s You must remove the controller module from the chassis open it and then repl...

Страница 11: ...ch Locking pin 1 Slide the controller module out of the chassis Make sure that you support the bottom of the controller module as you slide it out of the chassis 2 Place the controller module on a sta...

Страница 12: ...oot media by the lit LED near the boot media and then replace the boot media You need a Phillips head screwdriver to remove the screw that holds the boot media in place 1 If you are not already ground...

Страница 13: ...g the sides of the boot media gently rotate the boot media up and then pull the boot media straight out of the socket and set it aside 5 Align the edges of the replacement boot media with the boot med...

Страница 14: ...econd boot media You can install the system image to the replacement boot media using the image on second boot media installed in the controller module This is the primary method for transferring the...

Страница 15: ...l the way into the system until the controller module locking hooks begin to rise firmly push on the locking hooks to finish seating the controller module and then swing the locking hooks into the loc...

Страница 16: ...sing a USB flash drive This procedure should only be used if the secondary boot media restore failed or if the image tgz file is not found on the secondary boot media You must have a USB flash drive f...

Страница 17: ...roller module Make sure that you install the USB flash drive in the slot labeled for USB devices and not in the USB console port 7 Gently push the controller module all the way into the system until t...

Страница 18: ...eencryption support value bootarg keymanager support value bootarg onboard_keymanager value d Save the environment variables you changed with the savenv command e Confirm your changes using the printe...

Страница 19: ...essage perform a giveback from the healthy controller If your system is in Then An HA pair After the impaired controller is displaying the Waiting for giveback message perform a giveback from the heal...

Страница 20: ...d to reboot the controller No network connection a Press n when prompted to restore the backup configuration b Reboot the system when prompted by the system c Select the Update flash from backup confi...

Страница 21: ...NVE as needed AFF A700s Once environment variables are checked you must complete steps specific to systems that have Onboard Key Manager OKM NetApp Storage Encryption NSE or NetApp Volume Encryption...

Страница 22: ...G9iAAEAAAAEAAAAcAEAAAAAAADuD byAAAAACEAAAAAAAAA QAAAAAAAAABvOlH0AAAAAMh7qDLRyH1DBz12piVdy9ATSFMT0C0TlYFss4PDjTaV dzRYkLd1PhQLxAWJwOIyqSr8qY1SEBgm1IWgE5DLRqkiAAAAAAAAACgAAAAAAAAA 3WTh7gAAAAAAAAAAAAAAAA...

Страница 23: ...the key manager key show detail command to see a detailed view of all keys stored in the onboard key manager and verify that the Restored column yes for all authentication keys If the Restored column...

Страница 24: ...storage failover giveback fromnode local only cfo aggregates true local command If the command fails because of a failed disk physically disengage the failed disk but leave the disk in the slot until...

Страница 25: ...rt in an available state 11 If the Onboard Key Management is enabled a Use the security key manager key show detail to see a detailed view of all keys stored in the onboard key manager b Use the secur...

Страница 26: ...l prompt enter the net int show is home false command to list the logical interfaces that are not on their home controller and port If any interfaces are listed as false revert those interfaces back t...

Страница 27: ...oller using the storage failover giveback fromnode local command 13 Restore automatic giveback if you disabled it by using the storage failover modify node local auto giveback true command Return the...

Страница 28: ...WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE NetApp reserves the...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды